Analysis
-
max time kernel
145s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 07:45
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240508-en
General
-
Target
sample.html
-
Size
213KB
-
MD5
2e618a3c10112637b5c4d472a8eb9cfa
-
SHA1
f5fe028a2127f32ea0a821b8bdb1aa23005e2592
-
SHA256
fe0d7f383768f9353579e77be6e53ab9e5a7bf39cf221a9d7ec7f1c66ad93c6c
-
SHA512
1fa7b5c1c391663458adb5278bd2b4078c857eb219736003fd7c832f52d33e5d88a899ae10e7fd3d4136e37417c09ee8f7eadc91dcfb4b101ed52e4a62fd16b4
-
SSDEEP
3072:Si1ebhow9qB/yfkMY+BES09JXAnyrZalI+YQ:SijbKsMYod+X3oI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3772 msedge.exe 3772 msedge.exe 4016 msedge.exe 4016 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4016 msedge.exe 4016 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe 4016 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4016 wrote to memory of 4828 4016 msedge.exe 83 PID 4016 wrote to memory of 4828 4016 msedge.exe 83 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 2328 4016 msedge.exe 84 PID 4016 wrote to memory of 3772 4016 msedge.exe 85 PID 4016 wrote to memory of 3772 4016 msedge.exe 85 PID 4016 wrote to memory of 4772 4016 msedge.exe 86 PID 4016 wrote to memory of 4772 4016 msedge.exe 86 PID 4016 wrote to memory of 4772 4016 msedge.exe 86 PID 4016 wrote to memory of 4772 4016 msedge.exe 86 PID 4016 wrote to memory of 4772 4016 msedge.exe 86 PID 4016 wrote to memory of 4772 4016 msedge.exe 86 PID 4016 wrote to memory of 4772 4016 msedge.exe 86 PID 4016 wrote to memory of 4772 4016 msedge.exe 86 PID 4016 wrote to memory of 4772 4016 msedge.exe 86 PID 4016 wrote to memory of 4772 4016 msedge.exe 86 PID 4016 wrote to memory of 4772 4016 msedge.exe 86 PID 4016 wrote to memory of 4772 4016 msedge.exe 86 PID 4016 wrote to memory of 4772 4016 msedge.exe 86 PID 4016 wrote to memory of 4772 4016 msedge.exe 86 PID 4016 wrote to memory of 4772 4016 msedge.exe 86 PID 4016 wrote to memory of 4772 4016 msedge.exe 86 PID 4016 wrote to memory of 4772 4016 msedge.exe 86 PID 4016 wrote to memory of 4772 4016 msedge.exe 86 PID 4016 wrote to memory of 4772 4016 msedge.exe 86 PID 4016 wrote to memory of 4772 4016 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4016 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffadd346f8,0x7fffadd34708,0x7fffadd347182⤵PID:4828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,8710700666582362560,491825396674843320,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:22⤵PID:2328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,8710700666582362560,491825396674843320,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,8710700666582362560,491825396674843320,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:82⤵PID:4772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8710700666582362560,491825396674843320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:4420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8710700666582362560,491825396674843320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,8710700666582362560,491825396674843320,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2740 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2740
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2768
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2084
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
5KB
MD5473acec9ac629764f22b2cbc737026ff
SHA1cd61554bc6698f44a234ac7e49a38879bf091ab2
SHA256f4d596751c9affbf31e60f424bc53a43946c74b5bd337033a1cd35e20767bf73
SHA512e0cc9e7c08eafc57d9e534d36429d5f0211800982eeee067f8459ce35e16208b6b68caa816b419ad8ce90898ec9037eb8f10021c9f7b8e241843442ff670d3ed
-
Filesize
6KB
MD53e71bc11c4a5eaa3f5dd539d1077b393
SHA1348a6df546b9ee72bf015fbaed99e4bb7a80feb6
SHA2563aeedd6ceb5180f40f61a5860a88006b52077edc6e9e37c7a17da725662cc93c
SHA512a77557df81afb5ff61cb28e72e9d27a9e4b8f0659200bfb845436ffc25c9ecf51aa904f5b02c5ed7fafa75412ab6f2f1eb83ef83dc677b3778278dc793f3aa54
-
Filesize
11KB
MD52fa16d504cfa23f534f0eeb0746fe625
SHA1f8e0b98fd3dbe7da41d3714f9318b39297eae175
SHA256afad64cb0a2bbbe4d94f7be1eeb49d477e170abc47ebfae4cb70dfc924e8483e
SHA51288690e780c350b5bb43d20a38d60c3b6bd554e3e4be89438c0d2141ed56fd2611797a9b8f34e467a1ea09680daf07d9674b5d95c31476cd9cc269931965d8de5