Analysis
-
max time kernel
1680s -
max time network
1789s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system -
submitted
12/06/2024, 14:33
Static task
static1
Behavioral task
behavioral1
Sample
.html
Resource
win11-20240611-en
General
-
Target
.html
-
Size
1KB
-
MD5
be9773224e04d291fa73168283be9f45
-
SHA1
7ba9d99d49cfa945d2bfe51a8adf14f86f73f035
-
SHA256
4f5a2910a7981fe9e668dfbe6ba5fb653924a80449f33621f5f3c5118f758316
-
SHA512
13c06e7e7d00fcd4e6b941e27c8d29ca4b6c69db612dad5453a395187b8a75fd0744df0c98bc44fa3537b0dbdd14e3716f239f0bd648c2fbaef8f15f0d552455
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 756 msedge.exe 756 msedge.exe 4668 msedge.exe 4668 msedge.exe 4604 msedge.exe 4604 msedge.exe 808 identity_helper.exe 808 identity_helper.exe 4008 msedge.exe 4008 msedge.exe 4008 msedge.exe 4008 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4668 wrote to memory of 3656 4668 msedge.exe 78 PID 4668 wrote to memory of 3656 4668 msedge.exe 78 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 4228 4668 msedge.exe 79 PID 4668 wrote to memory of 756 4668 msedge.exe 80 PID 4668 wrote to memory of 756 4668 msedge.exe 80 PID 4668 wrote to memory of 2080 4668 msedge.exe 81 PID 4668 wrote to memory of 2080 4668 msedge.exe 81 PID 4668 wrote to memory of 2080 4668 msedge.exe 81 PID 4668 wrote to memory of 2080 4668 msedge.exe 81 PID 4668 wrote to memory of 2080 4668 msedge.exe 81 PID 4668 wrote to memory of 2080 4668 msedge.exe 81 PID 4668 wrote to memory of 2080 4668 msedge.exe 81 PID 4668 wrote to memory of 2080 4668 msedge.exe 81 PID 4668 wrote to memory of 2080 4668 msedge.exe 81 PID 4668 wrote to memory of 2080 4668 msedge.exe 81 PID 4668 wrote to memory of 2080 4668 msedge.exe 81 PID 4668 wrote to memory of 2080 4668 msedge.exe 81 PID 4668 wrote to memory of 2080 4668 msedge.exe 81 PID 4668 wrote to memory of 2080 4668 msedge.exe 81 PID 4668 wrote to memory of 2080 4668 msedge.exe 81 PID 4668 wrote to memory of 2080 4668 msedge.exe 81 PID 4668 wrote to memory of 2080 4668 msedge.exe 81 PID 4668 wrote to memory of 2080 4668 msedge.exe 81 PID 4668 wrote to memory of 2080 4668 msedge.exe 81 PID 4668 wrote to memory of 2080 4668 msedge.exe 81
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4668 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe9d1f3cb8,0x7ffe9d1f3cc8,0x7ffe9d1f3cd82⤵PID:3656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,10117858534902078379,11510848154936908856,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1984 /prefetch:22⤵PID:4228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,10117858534902078379,11510848154936908856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,10117858534902078379,11510848154936908856,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:82⤵PID:2080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,10117858534902078379,11510848154936908856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:12⤵PID:3680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,10117858534902078379,11510848154936908856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1968,10117858534902078379,11510848154936908856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,10117858534902078379,11510848154936908856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,10117858534902078379,11510848154936908856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵PID:3380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,10117858534902078379,11510848154936908856,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:12⤵PID:800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,10117858534902078379,11510848154936908856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:12⤵PID:3960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,10117858534902078379,11510848154936908856,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:12⤵PID:3844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,10117858534902078379,11510848154936908856,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5036 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4008
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3060
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2752
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD56f738fcca0370135adb459fac0d129b9
SHA15af8b563ee883e0b27c1c312dc42245135f7d116
SHA2561d37a186c9be361a782dd6e45fe98b1f74215a26990af945a2b8b9aa4587ec63
SHA5128749675cdd8f667ff7ca0a0f04d5d9cad9121fd02ed786e66bcd3c1278d8eb9ce5995d3e38669612bdc4dccae83a2d1b10312db32d5097ef843512244f6f769a
-
Filesize
152B
MD568de3df9998ac29e64228cf1c32c9649
SHA1be17a7ab177bef0f03c9d7bd2f25277d86e8fcee
SHA25696825c1e60e4a87dc5dbae78b97104e6968275fa1602c69053d0192cae143f43
SHA5121658b0bc504a8a5c57c496477cd800a893d751f03d632ef50aff9327cd33ad0e4e4f27bcb85b20bd22bef2ca65600b7d92e2a1f18fd3d08ad6391983de77beaf
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
5KB
MD5f78c2130d124797cb7507168777311e5
SHA185e8bca0d492bbe86c3f44d2f29fe7d2d1ab50cf
SHA256ab048de1bb0b5ee996521c492ec5d1b80c8e0d58134320c134bb9443b1ac0c9b
SHA512acdf41466394b89b0a4789b5a2da7abe68b2112ac58abfcfb046500db0a521a140605c1e394a455ccd103feb27b1c3946b3c19c9cb207bb039916402c198582f
-
Filesize
5KB
MD569b0aca4f3b8f53ee1bbffcef0eed51e
SHA1c7bc621aea9c775c217cbcd9b8792b968f650bba
SHA25695efbca7ccde61cae7b9bd6f2df3f0ce0e2624d9e0c10a5dd34d019b0e270e5d
SHA512ad200a25fabcf8240c8abcd4dd1b5d4befb27135ae27240bb308f073926410301113c9b2ffde338ff56d85d091a61d79a6febfb9ef1cc4056392db710b17e88a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD55d6a1e356346118785b686c4c0873ee7
SHA1e6711d47ebeec397c4b46d3c28dbb748b103605d
SHA256dcc7c45d17ba92a8936efc241e9f757dcc5316f97a7254edaeb6d9b70a10fb0f
SHA512fc34c6d89cf23f09c105fc931cdc50bfd1813b20ebaa50486d2f4c5232eae48235aca0c371248daa4629e351cc903c93f2394b096d4bad99f29cb3817636b45d