cc282c8882e10f21e0f419c343f572d3972ca16dd1105d7bccefd661e30c4ddb

Analysis

max time kernel
148s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 17:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

38KB
MD5

a5375f12ebd0f3a73f27772281ac3963
SHA1

55dc2f40bda9abc677d95e648046f6e767508559
SHA256

caa222c60ef8796384f01b91500be05fa1b03b1a1f5b1dc897183f3c4595dd67
SHA512

fb0e75bdc0123a32af5e51af0a978ac7efc15320c5f2cf91d2cd60515a7da1e6f119cd7701578e7aa49b8b92d864284c9532aead33b21c9ca0ed8ad50cc4ccfb
SSDEEP

768:SToPYhj9RoJjRGZ+sBIc+2W1STcsfiX5X+DQ6Mw4OBc3Z8vfP++Xkv9SZJ+hKImO:SToPYh9RetGZ+0Ic+2gSTcsfiX5Skw45

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
1784	msedge.exe
1784	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4188	msedge.exe
4188	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4188 wrote to memory of 3852	4188	msedge.exe	83
PID 4188 wrote to memory of 3852	4188	msedge.exe	83
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 4568	4188	msedge.exe	85
PID 4188 wrote to memory of 1784	4188	msedge.exe	86
PID 4188 wrote to memory of 1784	4188	msedge.exe	86
PID 4188 wrote to memory of 1560	4188	msedge.exe	87
PID 4188 wrote to memory of 1560	4188	msedge.exe	87
PID 4188 wrote to memory of 1560	4188	msedge.exe	87
PID 4188 wrote to memory of 1560	4188	msedge.exe	87
PID 4188 wrote to memory of 1560	4188	msedge.exe	87
PID 4188 wrote to memory of 1560	4188	msedge.exe	87
PID 4188 wrote to memory of 1560	4188	msedge.exe	87
PID 4188 wrote to memory of 1560	4188	msedge.exe	87
PID 4188 wrote to memory of 1560	4188	msedge.exe	87
PID 4188 wrote to memory of 1560	4188	msedge.exe	87
PID 4188 wrote to memory of 1560	4188	msedge.exe	87
PID 4188 wrote to memory of 1560	4188	msedge.exe	87
PID 4188 wrote to memory of 1560	4188	msedge.exe	87
PID 4188 wrote to memory of 1560	4188	msedge.exe	87
PID 4188 wrote to memory of 1560	4188	msedge.exe	87
PID 4188 wrote to memory of 1560	4188	msedge.exe	87
PID 4188 wrote to memory of 1560	4188	msedge.exe	87
PID 4188 wrote to memory of 1560	4188	msedge.exe	87
PID 4188 wrote to memory of 1560	4188	msedge.exe	87
PID 4188 wrote to memory of 1560	4188	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa75c46f8,0x7fffa75c4708,0x7fffa75c4718
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1496,15189783433502935381,10634579744751879732,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1496,15189783433502935381,10634579744751879732,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1496,15189783433502935381,10634579744751879732,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1496,15189783433502935381,10634579744751879732,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1496,15189783433502935381,10634579744751879732,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1496,15189783433502935381,10634579744751879732,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4868 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d0768eb6c2dbbf09f8d9813fa83b17a9

SHA1
b588adb1f2e0a766c7dc5bc44f9bf03ce04d7432

SHA256
50e0e6f2e38527155d804b1e31ab5d89debb149077ee41b0cfddeb1cd6dd3bdf

SHA512
a18be3ccc7f9b9e1fb8cdc284a3d8c352927ccb39b660be334f7aca7e0df534af13bc70623b714d171fc9b196d35f2e0aedf69efed867dd64ddc60ddeeeb4a64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
662b807cecc472c18e91b3b490324a25

SHA1
2a4ec7b4f8ebdfdce767256b88f3efe27497892c

SHA256
b3660d0a4ef692ae76d6e8296865bb330c4e99d520024dc6a4e94c82049cfea7

SHA512
cd523984e44f9775ef854769f30017cae7f57ac79b4b20064b8172f08ad931a555873f6c6700f1608e933ea79906279a9425d591f92ccfb49cd6d50ff01cf2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
97048f5f8f0e3cd8d3e362955b197cc6

SHA1
64a4c61cd5bd78c8836fbca20799151ec690148c

SHA256
400127e8e8e9585a235c8d4deb6da4945e36423a575fa7237db707743db1a3f8

SHA512
b20f2bab32f02c1d75d22dbeaf368818ee2b6c0d80da563c680cd8a1f0ee5eb60bfc6fba032c354a451ef5ea63e1c33b009bb5c6e83ae25ad0333658d47c407f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d2b4452ad40e74f591648d3ea6649763

SHA1
1b2af4e4ed5eb8fc5dff42de9b08fa46edbe271f

SHA256
75435b228e0b202392ffa6a1656eb4f76023b514b12e832a3ebfcba77dd2905c

SHA512
d0d92698058518f86e3d48c3cb51029453b46ffcd41edb543ef1a1a1dff9d40dafa3a2b83ffd0c1cd44ca45cdd37ae3b2f7d16d425de2a13f0964fa74e95c640

Download Submit