Analysis
-
max time kernel
145s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 15:11
Static task
static1
Behavioral task
behavioral1
Sample
MXe9aGVz.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
MXe9aGVz.html
Resource
win10v2004-20240611-en
General
-
Target
MXe9aGVz.html
-
Size
11KB
-
MD5
19a4f5701266aa16dd98333710b9be7e
-
SHA1
72d97ba292b35d6d48448007f1da72d0364f2cd5
-
SHA256
b5e6dc47fd7476e15b172e6314c9d637afa56aaf7dab04367530497567c02832
-
SHA512
e54979feb04f7932358b1b54ade28cbb0204a177e04db046f605dbf6f8f08ebba037e8047983c5480917bcfcab41d25162cc16173a610a756534b1e64efab4b7
-
SSDEEP
96:qwbwowUVU1rJbK1jEQwK1c5vIQzHzGzQOfRr8LP26e5hNvtdLXe5GaZfT0g4/eyW:dMnUVSVK12K1kwRr88lu39n4G3INnx/0
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1680 msedge.exe 1680 msedge.exe 3924 msedge.exe 3924 msedge.exe 3944 identity_helper.exe 3944 identity_helper.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3924 wrote to memory of 1140 3924 msedge.exe 85 PID 3924 wrote to memory of 1140 3924 msedge.exe 85 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 60 3924 msedge.exe 86 PID 3924 wrote to memory of 1680 3924 msedge.exe 87 PID 3924 wrote to memory of 1680 3924 msedge.exe 87 PID 3924 wrote to memory of 3692 3924 msedge.exe 88 PID 3924 wrote to memory of 3692 3924 msedge.exe 88 PID 3924 wrote to memory of 3692 3924 msedge.exe 88 PID 3924 wrote to memory of 3692 3924 msedge.exe 88 PID 3924 wrote to memory of 3692 3924 msedge.exe 88 PID 3924 wrote to memory of 3692 3924 msedge.exe 88 PID 3924 wrote to memory of 3692 3924 msedge.exe 88 PID 3924 wrote to memory of 3692 3924 msedge.exe 88 PID 3924 wrote to memory of 3692 3924 msedge.exe 88 PID 3924 wrote to memory of 3692 3924 msedge.exe 88 PID 3924 wrote to memory of 3692 3924 msedge.exe 88 PID 3924 wrote to memory of 3692 3924 msedge.exe 88 PID 3924 wrote to memory of 3692 3924 msedge.exe 88 PID 3924 wrote to memory of 3692 3924 msedge.exe 88 PID 3924 wrote to memory of 3692 3924 msedge.exe 88 PID 3924 wrote to memory of 3692 3924 msedge.exe 88 PID 3924 wrote to memory of 3692 3924 msedge.exe 88 PID 3924 wrote to memory of 3692 3924 msedge.exe 88 PID 3924 wrote to memory of 3692 3924 msedge.exe 88 PID 3924 wrote to memory of 3692 3924 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\MXe9aGVz.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3924 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82b7446f8,0x7ff82b744708,0x7ff82b7447182⤵PID:1140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,18398223132891440711,2850579798227181738,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:22⤵PID:60
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,18398223132891440711,2850579798227181738,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,18398223132891440711,2850579798227181738,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:82⤵PID:3692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,18398223132891440711,2850579798227181738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:4556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,18398223132891440711,2850579798227181738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:1976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,18398223132891440711,2850579798227181738,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:82⤵PID:2900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,18398223132891440711,2850579798227181738,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,18398223132891440711,2850579798227181738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:12⤵PID:3836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,18398223132891440711,2850579798227181738,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:12⤵PID:4072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,18398223132891440711,2850579798227181738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:12⤵PID:1324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,18398223132891440711,2850579798227181738,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:12⤵PID:1212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,18398223132891440711,2850579798227181738,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1152
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2996
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:896
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c5abc082d9d9307e797b7e89a2f755f4
SHA154c442690a8727f1d3453b6452198d3ec4ec13df
SHA256a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c
-
Filesize
152B
MD5b4a74bc775caf3de7fc9cde3c30ce482
SHA1c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA51255578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f
-
Filesize
6KB
MD5484085ff29de28bac3caabbbb424de2b
SHA1450517a2b0ddeee22a305935f0f4dd6654f536b0
SHA2565af0501d3d16bc089fc9240d51243551aa0b0a686d58eff8d693a153fcf45547
SHA5121d2cedf04f880199308a4cfca38d514390f56a81e374ef5133b2e97bb6b3717bd7d548e6fa5e972826884b54961c97a78471944de23c234b7630f02f0c64ba83
-
Filesize
6KB
MD54af65efa7f14bdc9d3b063c21cec231c
SHA130bd877bf78aed367be8b80f9d2e1e00f1c8038c
SHA256b0bb5f386e1b666911b444754714d5063f7363b4cf4061cb8749b9e912d44b79
SHA5127ef917100dc5005d3848106d1beb8afd1fcad668c8d3c7a65ebeb60920356f5e22ecbfcaa2185a2d92750a3dd6c931ff423e364194a4a5a7c2227733630a309a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5f7c3e36464021707a22401fa44e959ee
SHA1970644c4a5570ae8b05ba0b5d5c34e3452425e08
SHA256968e223e7d1f14740738723769fa40ef338c7cfc7132d2b72f17f3312266aac6
SHA51224c304c00aae6721409cb7a5dd78c370f073296ef77943bad5ff59623410075dc4d77ceda889d3215d65f56c5a3177d174d8ffacd7500f8cf674cf7897bdd16a