Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 04:47
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240508-en
General
-
Target
sample.html
-
Size
221KB
-
MD5
b1a5635f55d3081d02efcaec9c9209bd
-
SHA1
49558dbf9880a5cc7f6e33a40a21491275dcc30b
-
SHA256
2b6b9ee718709617e230d4fd09421575cd66112612b90a467e74f7d0cf89ed80
-
SHA512
3f5e5fcb6e4385a6d3aac4f6fb316c747974babe3bce17ee1d0667f06a511397f40baca83a1728b5ec934fb3f8e66d2ba4503350624641483685507254a770c3
-
SSDEEP
3072:SHe3KF41QZwKuOyfkMY+BES09JXAnyrZalI+YQ:SHevQMsMYod+X3oI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4552 msedge.exe 4552 msedge.exe 4504 msedge.exe 4504 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe 4444 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4504 msedge.exe 4504 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4504 wrote to memory of 3968 4504 msedge.exe 84 PID 4504 wrote to memory of 3968 4504 msedge.exe 84 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 3300 4504 msedge.exe 85 PID 4504 wrote to memory of 4552 4504 msedge.exe 86 PID 4504 wrote to memory of 4552 4504 msedge.exe 86 PID 4504 wrote to memory of 1492 4504 msedge.exe 87 PID 4504 wrote to memory of 1492 4504 msedge.exe 87 PID 4504 wrote to memory of 1492 4504 msedge.exe 87 PID 4504 wrote to memory of 1492 4504 msedge.exe 87 PID 4504 wrote to memory of 1492 4504 msedge.exe 87 PID 4504 wrote to memory of 1492 4504 msedge.exe 87 PID 4504 wrote to memory of 1492 4504 msedge.exe 87 PID 4504 wrote to memory of 1492 4504 msedge.exe 87 PID 4504 wrote to memory of 1492 4504 msedge.exe 87 PID 4504 wrote to memory of 1492 4504 msedge.exe 87 PID 4504 wrote to memory of 1492 4504 msedge.exe 87 PID 4504 wrote to memory of 1492 4504 msedge.exe 87 PID 4504 wrote to memory of 1492 4504 msedge.exe 87 PID 4504 wrote to memory of 1492 4504 msedge.exe 87 PID 4504 wrote to memory of 1492 4504 msedge.exe 87 PID 4504 wrote to memory of 1492 4504 msedge.exe 87 PID 4504 wrote to memory of 1492 4504 msedge.exe 87 PID 4504 wrote to memory of 1492 4504 msedge.exe 87 PID 4504 wrote to memory of 1492 4504 msedge.exe 87 PID 4504 wrote to memory of 1492 4504 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4504 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9903a46f8,0x7ff9903a4708,0x7ff9903a47182⤵PID:3968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8547272564351069975,1132485285575551372,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵PID:3300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,8547272564351069975,1132485285575551372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,8547272564351069975,1132485285575551372,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:82⤵PID:1492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8547272564351069975,1132485285575551372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8547272564351069975,1132485285575551372,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:2120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8547272564351069975,1132485285575551372,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4060 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4444
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4388
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1080
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
5KB
MD503a0b2ebea1b7f1fb5796c9d4104f28a
SHA13fae5d2f740e0ba21e6c7a97c84ab10dcf77fcd6
SHA2569c1b4b22619fa0098c6820198dec053c33204f7e5e80034caa9320210de01359
SHA51277f633bd9e77bfdf01acb914d88cbd19260b8eff73803ba5862becc984b4f5bd437895b89670466befd59a0f0625547bc231505eb44b81b090fe8e05650b4a5e
-
Filesize
6KB
MD5264d7b28c857d8e0ed985c15c8e4b747
SHA1e08c778a14d6c2fdf489e2c78eeabecaf050f3f1
SHA2566bc92243e5bf11d1754eed0ea3aa5fffe07e2d87ad8b293dc54dad0808534d83
SHA512be1e5385f4380f24e3faac72fe98c02726fb8704395a5eee3f2599b3753f4d18606bc0e63a52b8c00ed53fd92671a46e639c541747bd69a2e44e1933283b7040
-
Filesize
11KB
MD51517af0a6891030ac9e449e18ee19302
SHA1848c5772f84625f6ddc4f1cc90c3befff2b59a86
SHA256885a0c3952ccf785736bb4e76df599cd1d1440024c1a29ab6d77e6bd73ceda9f
SHA5121cb68c89f7f90d72187ea6813746d2391d6bb458554ec0037c9947e6704cf79ae499bf7d855dd2608a250482df4424989b4793ad20622002f6738b1b8fcce1df