Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 22:37
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240508-en
General
-
Target
sample.html
-
Size
218KB
-
MD5
02ad19dcd3c6044376f2f4360b72cc3d
-
SHA1
3421926e3b9f139403e9f19f617618d767460fd6
-
SHA256
41b661c7e57d9ac99b0f6bd28156e14e6b54e9b6078c46b5c6c4004150cb3a40
-
SHA512
947b7b08e91d10320ee8b1f41bd94a49bce5b9bdcb4307d901bc6bf06e2d4957acd890255fb4a78f5ccd769fbf58ace790570f4adcdbdf2e6f3b0668353a6fb7
-
SSDEEP
3072:ShxgzXOzl00yfkMY+BES09JXAnyrZalI+YQ:ShKzeza5sMYod+X3oI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4660 msedge.exe 4660 msedge.exe 3516 msedge.exe 3516 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3516 msedge.exe 3516 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3516 wrote to memory of 5040 3516 msedge.exe 82 PID 3516 wrote to memory of 5040 3516 msedge.exe 82 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4300 3516 msedge.exe 83 PID 3516 wrote to memory of 4660 3516 msedge.exe 84 PID 3516 wrote to memory of 4660 3516 msedge.exe 84 PID 3516 wrote to memory of 116 3516 msedge.exe 85 PID 3516 wrote to memory of 116 3516 msedge.exe 85 PID 3516 wrote to memory of 116 3516 msedge.exe 85 PID 3516 wrote to memory of 116 3516 msedge.exe 85 PID 3516 wrote to memory of 116 3516 msedge.exe 85 PID 3516 wrote to memory of 116 3516 msedge.exe 85 PID 3516 wrote to memory of 116 3516 msedge.exe 85 PID 3516 wrote to memory of 116 3516 msedge.exe 85 PID 3516 wrote to memory of 116 3516 msedge.exe 85 PID 3516 wrote to memory of 116 3516 msedge.exe 85 PID 3516 wrote to memory of 116 3516 msedge.exe 85 PID 3516 wrote to memory of 116 3516 msedge.exe 85 PID 3516 wrote to memory of 116 3516 msedge.exe 85 PID 3516 wrote to memory of 116 3516 msedge.exe 85 PID 3516 wrote to memory of 116 3516 msedge.exe 85 PID 3516 wrote to memory of 116 3516 msedge.exe 85 PID 3516 wrote to memory of 116 3516 msedge.exe 85 PID 3516 wrote to memory of 116 3516 msedge.exe 85 PID 3516 wrote to memory of 116 3516 msedge.exe 85 PID 3516 wrote to memory of 116 3516 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3516 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e53746f8,0x7ff9e5374708,0x7ff9e53747182⤵PID:5040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11980990111881831773,12895992070215499814,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:4300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,11980990111881831773,12895992070215499814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,11980990111881831773,12895992070215499814,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:82⤵PID:116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11980990111881831773,12895992070215499814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:12⤵PID:2484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11980990111881831773,12895992070215499814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:12⤵PID:4416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11980990111881831773,12895992070215499814,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1964 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1572
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4848
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3088
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
5KB
MD501d3b1b30bcbce1a210f6576abaf25ca
SHA1268d54115ea956431408a385f7e61302634f79ed
SHA25618dbe929417c20b3266a0b77bbb62e94811cdc25889942184fac14e011f1b699
SHA5122faf87326f4741411bf4397d44148765e9c304134e96a5869ecda2c234c6474958566f4b15615af8526bd0f10c0a76ab789cda909931bf70d5dade5a5bd5885b
-
Filesize
6KB
MD50adac59cc8a0c204599a34907c36dc1b
SHA1a007810835674e80de4988d7d164bd98373cf4bf
SHA256e94ddafdb4a7f9e380169726920cf55ceb2cf6ee53b6a6f2ae6bd207b0b7cba3
SHA512823a3d1a8adcf2766bc0a51ee5a3fd2383b73683d436adfacabb6503f4a732fcfb69534fb1307a283d91cc3b5888a34af2c4e3e334a3d8896147b5803989b729
-
Filesize
11KB
MD53fbb5251999de5757c59737ea30077cc
SHA1530c5a785bf37a9083a9754d83a30dd2acb4ed79
SHA256f65a9b5d37975dcd101421988251a5d6eed33638aa2fa2ae6cc14744405e8c04
SHA512c8d90f3376a553e5550f026db53c2c1724a8fcc8af6228e15b54a2bdee4043fdddead1da97f19c1bc60eeb4782eef89592495e9ab1439848283e16fa20a7da56