f5900cfc900338a26cf9caf254177b15cfd95c6e8eca0ccd526ed02448f9781b

Resubmissions

29/05/2024, 13:44

240529-q2aywshb53 1

29/05/2024, 13:41

240529-qzfrcsha84 1

Analysis

max time kernel
143s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 13:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Scanned_05_28-2024_664007.html
Size

8KB
MD5

61510b7700dd5da935386da909ed7fc6
SHA1

154e9c5fa46b8729776b7f2e819e31caa6e2c4df
SHA256

f5900cfc900338a26cf9caf254177b15cfd95c6e8eca0ccd526ed02448f9781b
SHA512

1fe4bd592acbc76ea192bf9e3389318fe1585765ae8b0eb97ce1e8da8574f49a3178edc8c27c68eadc5f815f9acac9017629e96c2e0509dbc08a4c2c656e451e
SSDEEP

96:MhvvIFO2B40aPMfiWTMFSCH+PGy9MgC3/mGlby3Pnwp0tUNAkac80v7Bm2WS0uTF:MGZEhLqMgEOG4/nw+CWv31AZi/Di5

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{059C9F7D-1A24-4CF9-A55E-089F9DE7A580}	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3252 wrote to memory of 4264	3252	msedge.exe	104
PID 3252 wrote to memory of 4264	3252	msedge.exe	104
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 2464	3252	msedge.exe	105
PID 3252 wrote to memory of 872	3252	msedge.exe	106
PID 3252 wrote to memory of 872	3252	msedge.exe	106
PID 3252 wrote to memory of 2916	3252	msedge.exe	107
PID 3252 wrote to memory of 2916	3252	msedge.exe	107
PID 3252 wrote to memory of 2916	3252	msedge.exe	107
PID 3252 wrote to memory of 2916	3252	msedge.exe	107
PID 3252 wrote to memory of 2916	3252	msedge.exe	107
PID 3252 wrote to memory of 2916	3252	msedge.exe	107
PID 3252 wrote to memory of 2916	3252	msedge.exe	107
PID 3252 wrote to memory of 2916	3252	msedge.exe	107
PID 3252 wrote to memory of 2916	3252	msedge.exe	107

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Scanned_05_28-2024_664007.html
1⤵
PID:1800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4584 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:1
1⤵
PID:2584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3744 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:1
1⤵
PID:3204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3800 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
1⤵
PID:4024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5568 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:1
1⤵
PID:4896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5996 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
1⤵
PID:2728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x264,0x7ff9e2402e98,0x7ff9e2402ea4,0x7ff9e2402eb0
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2288 --field-trial-handle=2304,i,9091797670670577048,10584244944279344386,262144 --variations-seed-version /prefetch:2
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2924 --field-trial-handle=2304,i,9091797670670577048,10584244944279344386,262144 --variations-seed-version /prefetch:3
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3108 --field-trial-handle=2304,i,9091797670670577048,10584244944279344386,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4400 --field-trial-handle=2304,i,9091797670670577048,10584244944279344386,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4400 --field-trial-handle=2304,i,9091797670670577048,10584244944279344386,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4316 --field-trial-handle=2304,i,9091797670670577048,10584244944279344386,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4592 --field-trial-handle=2304,i,9091797670670577048,10584244944279344386,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4584 --field-trial-handle=2304,i,9091797670670577048,10584244944279344386,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
ba0f84301834ee84d23d92f31b8881ff

SHA1
6c99e3586eb5d4599bcf017fdf1e1bf0fbbe4bb6

SHA256
1c64ec568b2cc93301b8e390d26077ce005884a65faec819517a3ca72d73e644

SHA512
84eae82c113dacac8c7d3d88f73f1097d2b5d5d742cef0d3080b0e76b16f8e5846ce30c2fb4dba99d76fa31559e6ad1cf736ab223c15cd7a3b49c997c66c6c0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
cf7142700dfd0fb787cd049ae529ae18

SHA1
3b82665b693e2858a2e6ac4612f9368b28df7bf4

SHA256
e3f4d69654a52803b5b3d15e1bc3d4d10f69226ef020550145f299559e9fe02f

SHA512
8aabac7c0f26aa6ff4110b929960e9d77af23a8196ba19a9e927763e57942eb67cd9fbfcbff4c92ec87310ca6d660cf60cb145c6d3f0c5a53dbcedd6b9af732a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
836b109b670b372a6ec0125bfeaa6abf

SHA1
9f386dc687956c3014785b733a564bf5bbd6186f

SHA256
371b7c43677029cd7b423373ee10c4c1da9c5c2ccb5f28b5d7ff1dbea3512a52

SHA512
c3494217cee3a7ff03f5fa843dfe78bd13011d66ec2a2cc76cb02e579a51dacdc6112f24c66b6708ade1e2d514893801dac14c9726caa58435ec9d9cfdd7040e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
67KB

MD5
a2b50317f1b33f6d6d636163dae39958

SHA1
7a09d3b91fc12a114f32d053919003b23597198e

SHA256
eba462f0a186d25a42c36a8c78e1a45c8fa80e90086c13251d1c6663024e4c53

SHA512
21d9fa990b5fc7be3f6549a8be8e399b1ae659abb6b9488ed276535f03a65e7e0868b52d4281b6c5709755a4bdb04925646ab5325c305179cb9deb920ffe7016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
57KB

MD5
75bb37fbf80fc0e3b30462131d094c39

SHA1
3541e67d276e1c41765c9ab34462302e75db4ad9

SHA256
8b2ea03b943d87542e473d07e859b4ed1532dfd1bac60815e9d74a308c43f159

SHA512
1935f6b62e0e866bbe450319a22564cb877c66a15e10d59ca9855ee85ec37af1a51d0351a543f2da89da548aae850561c2011d71c47d636459a59933d9329e53

Download Submit