Analysis
-
max time kernel
145s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 08:02
Static task
static1
Behavioral task
behavioral1
Sample
Electronic Invoice_64549934192-2023 PDF.htm
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Electronic Invoice_64549934192-2023 PDF.htm
Resource
win10v2004-20240426-en
General
-
Target
Electronic Invoice_64549934192-2023 PDF.htm
-
Size
5KB
-
MD5
be5dc33df1ed61826aab0d96833a76e9
-
SHA1
370ab3f4f803d8cda4a3d9c1f5a1f3c79b140d99
-
SHA256
124e60d01e003f69a37a67a06d4236bde977cb4ed8058c0e8c252f3177e1b42d
-
SHA512
dc0ea178b2d078b9e71ac1450a7e214b85a0628e895e95b1f406071d91234d25f941f1546b7038b167d28819a5d981f021e7cd6e081a8f05813200c2427f05d6
-
SSDEEP
96:h4TdXb+xiTb5NLTbpvNsvvR3B5v+mbBL5KJL6wfq99q++t6BVARWMDqxotQ296Ht:GRL+xiBNLxCxXtx5KJLfqPqztaVARWMM
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3484 msedge.exe 3484 msedge.exe 3332 msedge.exe 3332 msedge.exe 4184 identity_helper.exe 4184 identity_helper.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe 3828 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe 3332 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3332 wrote to memory of 528 3332 msedge.exe 81 PID 3332 wrote to memory of 528 3332 msedge.exe 81 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 2372 3332 msedge.exe 82 PID 3332 wrote to memory of 3484 3332 msedge.exe 83 PID 3332 wrote to memory of 3484 3332 msedge.exe 83 PID 3332 wrote to memory of 4820 3332 msedge.exe 84 PID 3332 wrote to memory of 4820 3332 msedge.exe 84 PID 3332 wrote to memory of 4820 3332 msedge.exe 84 PID 3332 wrote to memory of 4820 3332 msedge.exe 84 PID 3332 wrote to memory of 4820 3332 msedge.exe 84 PID 3332 wrote to memory of 4820 3332 msedge.exe 84 PID 3332 wrote to memory of 4820 3332 msedge.exe 84 PID 3332 wrote to memory of 4820 3332 msedge.exe 84 PID 3332 wrote to memory of 4820 3332 msedge.exe 84 PID 3332 wrote to memory of 4820 3332 msedge.exe 84 PID 3332 wrote to memory of 4820 3332 msedge.exe 84 PID 3332 wrote to memory of 4820 3332 msedge.exe 84 PID 3332 wrote to memory of 4820 3332 msedge.exe 84 PID 3332 wrote to memory of 4820 3332 msedge.exe 84 PID 3332 wrote to memory of 4820 3332 msedge.exe 84 PID 3332 wrote to memory of 4820 3332 msedge.exe 84 PID 3332 wrote to memory of 4820 3332 msedge.exe 84 PID 3332 wrote to memory of 4820 3332 msedge.exe 84 PID 3332 wrote to memory of 4820 3332 msedge.exe 84 PID 3332 wrote to memory of 4820 3332 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Electronic Invoice_64549934192-2023 PDF.htm1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3332 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc502e46f8,0x7ffc502e4708,0x7ffc502e47182⤵PID:528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,14137848210507857800,14010290952731728100,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:22⤵PID:2372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,14137848210507857800,14010290952731728100,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,14137848210507857800,14010290952731728100,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:82⤵PID:4820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14137848210507857800,14010290952731728100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:3724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14137848210507857800,14010290952731728100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,14137848210507857800,14010290952731728100,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:82⤵PID:4596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,14137848210507857800,14010290952731728100,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14137848210507857800,14010290952731728100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:12⤵PID:4544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14137848210507857800,14010290952731728100,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:12⤵PID:3196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14137848210507857800,14010290952731728100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:5012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14137848210507857800,14010290952731728100,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵PID:3244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,14137848210507857800,14010290952731728100,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3828
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:400
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3060
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
Filesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
Filesize
179B
MD5ee0428062819862b5fdadb3a8b8360c3
SHA1db9b16bb02e8eead99568de64482e70b2a740471
SHA2560581cf20f0bc57f343565d682e28b733c51530ea705ce9f431312ec89c2f3274
SHA512ac57e6e9c4c64c59efd7056cf01b51c976c9ec01b906ee296a42231737625ee05b7a4729cf2861e8218d9214e68b6f31bc8802a383fe56bc3c0270dd885395d1
-
Filesize
5KB
MD5d594d31596be289394426022b395854b
SHA1055e34b34ce7ccae5deb20f59bb78fe6787bd38b
SHA25660719a4d96909033ae5ba9a42949ae61eab586a179785585d277308d1b02b694
SHA512b0b175e0c0a1bb2870bc8e0f5b7fc2e1cbfc611b930e6575c5b66e94765edb272b9712ed3dc0f3b6807f2e00bdc42b334467b9c002706bf4e250f701fbf788e0
-
Filesize
6KB
MD569978103c814e21229a6a9131667d325
SHA10ac695de7d2db04aac522fe4f19b3e19134ac2c6
SHA25674389e92930386088bf5a4325939c35d44f6f59849ad2dba2aed374aa9615cd7
SHA512faa384e37940f2853155ecbed6f615e73b79293c447f5a37e1a2c967067835dcf19aee8dc90b9874fee2cf7147a332f59d446e0999f7be1444498e933917561d
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5d6f363ab827262bce9f6d4fcb6c1aa4e
SHA16200f7984468b6137b6e513ccd3f302244934ef9
SHA25612b470d1142fb6cf40a8b3d74a770cca3ea79efcc5d3f30092dd253cada09eeb
SHA512d4c3db8e4fea2cf15485e2deb9847b6d90bc89052dcabf55f9b7b9397875362194398d24af4c6921d1e9f05f415df660584bfcef83f70ab2555c03b4869ebc2c