Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 22:37
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240508-en
General
-
Target
sample.html
-
Size
213KB
-
MD5
03d23b76bb150e6450b3df777e54e725
-
SHA1
6101cc6d2bedb6ea8f0211fd2680381bcc2cb554
-
SHA256
7623ea1fbdcbb71eb4c62fc083335a417b935e9b9a786ac2d4ffcac0f92ef15c
-
SHA512
a3b63ffde6a1f7644dc2210ca628a00e72c519c67e74b39efd4b8bcc4468c814b4a296eb059b2f241d361cad8493dc8cfb4e8ccf022f871254fa23056c4bd58e
-
SSDEEP
3072:ShwZp9zyvyRyfkMY+BES09JXAnyrZalI+YQ:ShYfUsMYod+X3oI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1492 msedge.exe 1492 msedge.exe 3500 msedge.exe 3500 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe 2200 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3500 msedge.exe 3500 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3500 wrote to memory of 1124 3500 msedge.exe 83 PID 3500 wrote to memory of 1124 3500 msedge.exe 83 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1568 3500 msedge.exe 85 PID 3500 wrote to memory of 1492 3500 msedge.exe 86 PID 3500 wrote to memory of 1492 3500 msedge.exe 86 PID 3500 wrote to memory of 6100 3500 msedge.exe 87 PID 3500 wrote to memory of 6100 3500 msedge.exe 87 PID 3500 wrote to memory of 6100 3500 msedge.exe 87 PID 3500 wrote to memory of 6100 3500 msedge.exe 87 PID 3500 wrote to memory of 6100 3500 msedge.exe 87 PID 3500 wrote to memory of 6100 3500 msedge.exe 87 PID 3500 wrote to memory of 6100 3500 msedge.exe 87 PID 3500 wrote to memory of 6100 3500 msedge.exe 87 PID 3500 wrote to memory of 6100 3500 msedge.exe 87 PID 3500 wrote to memory of 6100 3500 msedge.exe 87 PID 3500 wrote to memory of 6100 3500 msedge.exe 87 PID 3500 wrote to memory of 6100 3500 msedge.exe 87 PID 3500 wrote to memory of 6100 3500 msedge.exe 87 PID 3500 wrote to memory of 6100 3500 msedge.exe 87 PID 3500 wrote to memory of 6100 3500 msedge.exe 87 PID 3500 wrote to memory of 6100 3500 msedge.exe 87 PID 3500 wrote to memory of 6100 3500 msedge.exe 87 PID 3500 wrote to memory of 6100 3500 msedge.exe 87 PID 3500 wrote to memory of 6100 3500 msedge.exe 87 PID 3500 wrote to memory of 6100 3500 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3500 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa127d46f8,0x7ffa127d4708,0x7ffa127d47182⤵PID:1124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7503819530586962624,16924648492736639021,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵PID:1568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,7503819530586962624,16924648492736639021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,7503819530586962624,16924648492736639021,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:82⤵PID:6100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7503819530586962624,16924648492736639021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:4300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7503819530586962624,16924648492736639021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:4404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7503819530586962624,16924648492736639021,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5004 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2200
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4580
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4568
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
5KB
MD54ac851d25746928eb8217698836d7c7b
SHA12f3f5e9d249fe86525a83d641d4bb885267afab0
SHA256019c0d3abd4cf28ed6024dae7032a199c92b20663a6b77306a9a146d92f53f5f
SHA5129b1e5321f912b8ee6d3d461c6943d401a517e055045ad79fa372b2e5a7ddd6ba024218d2042dddeb5df77242561825fae41a11757168805379a614ed33804764
-
Filesize
6KB
MD5a3754aa45ecff4644b0c706c8196e091
SHA18330e321f79664ba651c635ae29c0582bf7be9c5
SHA256955cbdfc7876851f936c47570470cd2f517c43cded1ab5fc568b60307afa7a4f
SHA5121c639ee74aabc81f95aa5e9ed48704b53794f2463aa4061fc652b16a959496e93ed7ed4dc8814a69c0a45cea2efe16bb56a0d6a862660929bb42f02ddd50e646
-
Filesize
11KB
MD56c186bb4b05de61a6ab0d4f7a1e31972
SHA1d6b062fac37efb47003661673de26e42ae7ebebd
SHA2561ed9e46a8d3d2c4b34810fc8f03f64adff62513e5748bcd28bfaaa459a632ee2
SHA512f603df4afb77cc82c653fcd07b69cdd6ae4c6dc76e5d7917d095da7adab536defeea8bc9b97b7f79a70eb2f6bfc0f109b013c93025e82bbd0b0f1e8370f6fee1