7daf3983cd233fba95d837dba964198583f717e2459ac529f643a7805406c7b4

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 01:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

dd4d49f12a67032b56e96a8c1821ea44
SHA1

99e37b93a3e03e913aa8cfb1eca9bf017da8ba87
SHA256

0172f259052173d61c69e72621d5e032e935b81d8fc357f3f822150228d03b76
SHA512

22e01b12124031d27c523c663ff5e45a9d9f6b88111103a406b54a7dc09c71e472774649672f68861e37fa5dfc2bb490644c290a6c8efd9c3ac7f0ff8a6495fe
SSDEEP

3072:SF7TRDXLBTYyfkMY+BES09JXAnyrZalI+YQ:SFFxVsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3008	msedge.exe
3008	msedge.exe
2200	msedge.exe
2200	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2200	msedge.exe
2200	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe
2200	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 2316	2200	msedge.exe	81
PID 2200 wrote to memory of 2316	2200	msedge.exe	81
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 528	2200	msedge.exe	82
PID 2200 wrote to memory of 3008	2200	msedge.exe	83
PID 2200 wrote to memory of 3008	2200	msedge.exe	83
PID 2200 wrote to memory of 3964	2200	msedge.exe	84
PID 2200 wrote to memory of 3964	2200	msedge.exe	84
PID 2200 wrote to memory of 3964	2200	msedge.exe	84
PID 2200 wrote to memory of 3964	2200	msedge.exe	84
PID 2200 wrote to memory of 3964	2200	msedge.exe	84
PID 2200 wrote to memory of 3964	2200	msedge.exe	84
PID 2200 wrote to memory of 3964	2200	msedge.exe	84
PID 2200 wrote to memory of 3964	2200	msedge.exe	84
PID 2200 wrote to memory of 3964	2200	msedge.exe	84
PID 2200 wrote to memory of 3964	2200	msedge.exe	84
PID 2200 wrote to memory of 3964	2200	msedge.exe	84
PID 2200 wrote to memory of 3964	2200	msedge.exe	84
PID 2200 wrote to memory of 3964	2200	msedge.exe	84
PID 2200 wrote to memory of 3964	2200	msedge.exe	84
PID 2200 wrote to memory of 3964	2200	msedge.exe	84
PID 2200 wrote to memory of 3964	2200	msedge.exe	84
PID 2200 wrote to memory of 3964	2200	msedge.exe	84
PID 2200 wrote to memory of 3964	2200	msedge.exe	84
PID 2200 wrote to memory of 3964	2200	msedge.exe	84
PID 2200 wrote to memory of 3964	2200	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5ce246f8,0x7ffa5ce24708,0x7ffa5ce24718
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,12311632797973277867,8237799669975919180,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,12311632797973277867,8237799669975919180,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,12311632797973277867,8237799669975919180,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12311632797973277867,8237799669975919180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12311632797973277867,8237799669975919180,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,12311632797973277867,8237799669975919180,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f973cbf4e2ffa3e4a08e81da1d7cbe6a

SHA1
6c908b936d46807fc0878d14ac86fddcb1122e21

SHA256
9a987460a406d345ae6f8707122dcd9df25e91d216988e643591e0fe86b891ad

SHA512
5586c219702e471e2830e6ba98a8e3f497cc20bfb328ba337ede06f11cb23f5ea48fa35624aabbd0437a0107d68428f88aad79fd71a18365ecd4ce01ef46a6ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a36b3550da123307f79c444b05b868ca

SHA1
31a3ca9a2f96458dd2abceada847cfef568f9f58

SHA256
1ec0e37cda86f04d1eb00f15183472c17f3f4901f90ccb03954f62a16c202c7d

SHA512
4293bd0258f860fee6d9b6567025a1783381062a25acea52240d8f3011236a784ee7264c8ef579284e5f733dccca5beac7f3e7ca14e5f928fb8644cfecb0a9f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
45484a958241b22e697fdf15ad57bf3d

SHA1
efb79b9f7468924053dea8d70bcc3da7da2fe878

SHA256
5fc4bfb105578fe971423de85f57a271aa6acaf58e33f225550181e146b7c5c6

SHA512
80640f168c13f918c1e09256017bc833335408caa2960cb4f3b336573fd784007af71bdd4982a6d232c86b9b6a0ad6e7d6b6e54b769cc105de06dfcb873e4194

Download Submit