Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 10:40
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240508-en
General
-
Target
sample.html
-
Size
213KB
-
MD5
634782434e205a16c9969b681898215f
-
SHA1
e6a434b7834d4b77df49fde28023c3f9baa6d50c
-
SHA256
f51fd8d2d19153a341a1360ad8bc439401fba625cbe29514a7c8a40384cedfd6
-
SHA512
7a52c7248fc272af581889605aa116bb5ee9ee0828f78de237f3a4a971980da16533ec239fb9512f070e0417ac5fcb982ade0bebbf1bd1482677eb123fc10fa1
-
SSDEEP
3072:SUpeUtIls7Mx+yfkMY+BES09JXAnyrZalI+YQ:SEezbsMYod+X3oI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1620 msedge.exe 1620 msedge.exe 4644 msedge.exe 4644 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe 784 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4644 msedge.exe 4644 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe 4644 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4644 wrote to memory of 4076 4644 msedge.exe 82 PID 4644 wrote to memory of 4076 4644 msedge.exe 82 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 3264 4644 msedge.exe 83 PID 4644 wrote to memory of 1620 4644 msedge.exe 84 PID 4644 wrote to memory of 1620 4644 msedge.exe 84 PID 4644 wrote to memory of 4548 4644 msedge.exe 85 PID 4644 wrote to memory of 4548 4644 msedge.exe 85 PID 4644 wrote to memory of 4548 4644 msedge.exe 85 PID 4644 wrote to memory of 4548 4644 msedge.exe 85 PID 4644 wrote to memory of 4548 4644 msedge.exe 85 PID 4644 wrote to memory of 4548 4644 msedge.exe 85 PID 4644 wrote to memory of 4548 4644 msedge.exe 85 PID 4644 wrote to memory of 4548 4644 msedge.exe 85 PID 4644 wrote to memory of 4548 4644 msedge.exe 85 PID 4644 wrote to memory of 4548 4644 msedge.exe 85 PID 4644 wrote to memory of 4548 4644 msedge.exe 85 PID 4644 wrote to memory of 4548 4644 msedge.exe 85 PID 4644 wrote to memory of 4548 4644 msedge.exe 85 PID 4644 wrote to memory of 4548 4644 msedge.exe 85 PID 4644 wrote to memory of 4548 4644 msedge.exe 85 PID 4644 wrote to memory of 4548 4644 msedge.exe 85 PID 4644 wrote to memory of 4548 4644 msedge.exe 85 PID 4644 wrote to memory of 4548 4644 msedge.exe 85 PID 4644 wrote to memory of 4548 4644 msedge.exe 85 PID 4644 wrote to memory of 4548 4644 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4644 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6a4b46f8,0x7ffd6a4b4708,0x7ffd6a4b47182⤵PID:4076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10321942994954855287,14491110155457507890,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵PID:3264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,10321942994954855287,14491110155457507890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,10321942994954855287,14491110155457507890,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:82⤵PID:4548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10321942994954855287,14491110155457507890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:3688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10321942994954855287,14491110155457507890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:2388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10321942994954855287,14491110155457507890,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:784
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4184
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1460
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
5KB
MD59e92f34a2a04f735f46d0ff57b760637
SHA1620166b1ef5f3f6248511adbfbdb08cdb61a7487
SHA256755ba0fdee149ec365e437015cad9d45884ec3f97856e53e82f7099edf19e04f
SHA5127f8fddb5cfba0b1eb57d05c1015e6abff08593b38ebb49c01770934a72f3f79c49114dd3f2bd178d2ae5174420223b47092b1922aaae26ca3e73c3530d43afc3
-
Filesize
6KB
MD5c64103115909ab3a34f5c07b3e83cfc3
SHA145feb4b1d6d8c38d2a2a0efd2043651df1699ad4
SHA256051634aadb10d7154a8db0e3f64545711a2befa9cc763abff136d398328df7fd
SHA512e1419e5a385df3cafdeed691f1f9d93c3a7c70a8e6e84a82a74b90eebc03fcc759e0b4fc3541389bfb7dfa0ad07af262b61e007f2a552e2346ceaac4d1e44f05
-
Filesize
11KB
MD54d10dd1bb91d64f238e5c5c4b87a1600
SHA1d0b183614326bdb1914332af3ac49c6f8e083c29
SHA2564e0db200643ca3e7b0597eff6cc0c183e567c100e18c0abd9cfb70b86bb106ec
SHA512745eee0d6f572268516cc2d00bf53ea0fa45434d49d92f05a4b2c5269115eea374ce421e58ebf608e7bc27e7b359635bdeba4841c3eb8c02ae4b0a541dc78b51