Analysis
-
max time kernel
108s -
max time network
109s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
07-06-2024 16:20
Static task
static1
Behavioral task
behavioral1
Sample
landing.html
Resource
win11-20240508-en
General
-
Target
landing.html
-
Size
173KB
-
MD5
3bd801aacaca0c97f41565903c540fcf
-
SHA1
1d3c01cf9d8315dd8388bdc6c82dee943fd29715
-
SHA256
5f4a8ff823f1dd294e69bc858268378e5890354519f58c0b5a68a905da52ea28
-
SHA512
a84f9e56874842d894a30ef75c9a9e4ee48a8ca2c3047aea50d28955f3d825733cc6eda7ed53b83085a2c4a418526d2c7e0633bc4e98ca430064a01f5b56f55a
-
SSDEEP
3072:jOdeXVvk47hl5C2gr5YG0n2YGF7o7h2YGvYGjNn3Z7hVYGa:I4Vvkohl5C2gr5r0n2rF74h2rvrjNn3Y
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4844 msedge.exe 4844 msedge.exe 1976 msedge.exe 1976 msedge.exe 4968 identity_helper.exe 4968 identity_helper.exe 2732 msedge.exe 2732 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid process 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe 1976 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1976 wrote to memory of 5060 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 5060 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 224 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 4844 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 4844 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 3144 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 3144 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 3144 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 3144 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 3144 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 3144 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 3144 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 3144 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 3144 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 3144 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 3144 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 3144 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 3144 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 3144 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 3144 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 3144 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 3144 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 3144 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 3144 1976 msedge.exe msedge.exe PID 1976 wrote to memory of 3144 1976 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\landing.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1976 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb1bf53cb8,0x7ffb1bf53cc8,0x7ffb1bf53cd82⤵PID:5060
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,1883305071264475346,9721462583651932702,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:22⤵PID:224
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,1883305071264475346,9721462583651932702,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4844 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,1883305071264475346,9721462583651932702,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:82⤵PID:3144
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1883305071264475346,9721462583651932702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:12⤵PID:4220
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1883305071264475346,9721462583651932702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:1852
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,1883305071264475346,9721462583651932702,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4968 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,1883305071264475346,9721462583651932702,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2732 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1883305071264475346,9721462583651932702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:12⤵PID:1948
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1883305071264475346,9721462583651932702,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:12⤵PID:4352
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1883305071264475346,9721462583651932702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:12⤵PID:1096
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1883305071264475346,9721462583651932702,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:12⤵PID:3860
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3524
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1820
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5390187670cb1e0eb022f4f7735263e82
SHA1ea1401ccf6bf54e688a0dc9e6946eae7353b26f1
SHA2563e6c56356d6509a3fd4b2403555be55e251f4a962379b29735c1203e57230947
SHA512602f64d74096d4fb7a23b23374603246d42b17cc854835e3b2f4d464997b73f289a3b40eb690e3ee707829d4ff886865e982f72155d96be6bc00166f44878062
-
Filesize
152B
MD58294f1821fd3419c0a42b389d19ecfc6
SHA1cd4982751377c2904a1d3c58e801fa013ea27533
SHA25692a96c9309023c8b9e1396ff41f7d9d3ff8a3687972e76b9ebd70b04e3bf223a
SHA512372d369f7ad1b0e07200d3aa6b2cfce5beafa7a97f63932d4c9b3b01a0e8b7eb39881867f87ded55a9973abea973b2d2c9b6fc4892f81cec644702b9edb1566d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7fa07837-764e-450d-9e5b-b7b4e36cd40a.tmp
Filesize5KB
MD5f38e1f003241770016538a36326a520b
SHA1a40d3e153ac16ffdc57fb19ec28d20970bb3df01
SHA256a094a79356425ee9985a3a249b259870a0509e805e8ad124e2a096a6ee165d19
SHA5127189fbe70e405c2d78618323bdd662af22c822cd8a1091982d90dc6f8ecd5c214bad04988cfa1b84ceddeec8ec60641ace84dac8749fec14561838c5ecca16bf
-
Filesize
274B
MD58920195a2330c0575ad7a17b7e4ad474
SHA17a7b4e0abe427638f335285cf166b6acfe4b6be3
SHA256e55aa0c02b7c0b56bb26de85dc7a5122cbf29d48976bfb699cc107da1d6cb656
SHA5123b6a5de772486ac7e4247002a1cd768fa7f3d3b81201efebb83157f1c87b95ca31a8ef49185c12724d03c90ee9d0e62c62ce97543f03d907a524325c6a386d48
-
Filesize
5KB
MD568fcba30eab2d449ae264730456de957
SHA1ba74fb3878b9b4a57b788eb6d736c58a0153eb8a
SHA2565f3a7172c4630dc63c24972910fe720392d3d776f0136ef2d8341fab721a1a64
SHA5125d319c541930b680441fcff506e188c6acdc370f263da1d30447f546e300fafffb4aaec2bd1b49cd8c9b71752f76ffb04c44405b2322a1c0d4e4c1b8e570326b
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD59cdee8721017c3ee7f3b1f9880ee8250
SHA15565739f3b64c8e3b22e8637280b74e9caeea0cf
SHA256f26e67566a85ca85978b0ca56b01330e6ca44c4556fb4b38b1c8a6282467c0d0
SHA51228ec6ef18e553daf64bc82ac326f1d0ebdae092be91b0c2b38be00738caaf942ee397d4144d224f62dc254e496da7aa0bd9487a5d2faade81069f23b8e508236
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e