Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 18:18
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240611-en
General
-
Target
sample.html
-
Size
213KB
-
MD5
760c3d41054115fe08de40c12faedc21
-
SHA1
1a129d70c8900fee12e2ee0f790ce2fc70c85113
-
SHA256
2283dd3fae051a054e991259b4d4cd8075ea25aa3f5b08f7f297c5bc2ec01190
-
SHA512
9981faf066bcf6fab54d98d7bd43320d7e51ade40adabdb4ea1b52260771813926205fa5b1ce86b584037fb03f7091e5059dae4b0700545b163b1fd74aa527ea
-
SSDEEP
3072:SjxmFTAFh9YyfkMY+BES09JXAnyrZalI+YQ:SjWsVsMYod+X3oI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1132 msedge.exe 1132 msedge.exe 2664 msedge.exe 2664 msedge.exe 5328 msedge.exe 5328 msedge.exe 5328 msedge.exe 5328 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2664 msedge.exe 2664 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe 2664 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2664 wrote to memory of 5548 2664 msedge.exe 80 PID 2664 wrote to memory of 5548 2664 msedge.exe 80 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 3312 2664 msedge.exe 82 PID 2664 wrote to memory of 1132 2664 msedge.exe 83 PID 2664 wrote to memory of 1132 2664 msedge.exe 83 PID 2664 wrote to memory of 2280 2664 msedge.exe 84 PID 2664 wrote to memory of 2280 2664 msedge.exe 84 PID 2664 wrote to memory of 2280 2664 msedge.exe 84 PID 2664 wrote to memory of 2280 2664 msedge.exe 84 PID 2664 wrote to memory of 2280 2664 msedge.exe 84 PID 2664 wrote to memory of 2280 2664 msedge.exe 84 PID 2664 wrote to memory of 2280 2664 msedge.exe 84 PID 2664 wrote to memory of 2280 2664 msedge.exe 84 PID 2664 wrote to memory of 2280 2664 msedge.exe 84 PID 2664 wrote to memory of 2280 2664 msedge.exe 84 PID 2664 wrote to memory of 2280 2664 msedge.exe 84 PID 2664 wrote to memory of 2280 2664 msedge.exe 84 PID 2664 wrote to memory of 2280 2664 msedge.exe 84 PID 2664 wrote to memory of 2280 2664 msedge.exe 84 PID 2664 wrote to memory of 2280 2664 msedge.exe 84 PID 2664 wrote to memory of 2280 2664 msedge.exe 84 PID 2664 wrote to memory of 2280 2664 msedge.exe 84 PID 2664 wrote to memory of 2280 2664 msedge.exe 84 PID 2664 wrote to memory of 2280 2664 msedge.exe 84 PID 2664 wrote to memory of 2280 2664 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2664 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb58846f8,0x7ffbb5884708,0x7ffbb58847182⤵PID:5548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,3769097819348238953,17112560222832738835,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:22⤵PID:3312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,3769097819348238953,17112560222832738835,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,3769097819348238953,17112560222832738835,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:82⤵PID:2280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,3769097819348238953,17112560222832738835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:1532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,3769097819348238953,17112560222832738835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,3769097819348238953,17112560222832738835,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5328
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:6036
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2692
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5477462b6ad8eaaf8d38f5e3a4daf17b0
SHA186174e670c44767c08a39cc2a53c09c318326201
SHA256e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e
-
Filesize
152B
MD5b704c9ca0493bd4548ac9c69dc4a4f27
SHA1a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA2562ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA51269c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32
-
Filesize
6KB
MD56c8fdc4cc441491251d9637d3d642caf
SHA15067958a99a6e55b94009a4ff96ac7e31f01f011
SHA256567bb077c7abd695d5ebb96794a5338cfd602ef3a1b714a2bb9ff816ae396f6d
SHA5129fb9b8f6bbddf2f83fbe0973d29c899ccb86702584773e7fb318ee8eda3dda42c758fd6276e00661bdbd66654b198dca9e4d20e49e6ebfa84c85f0b70d7347ee
-
Filesize
6KB
MD504d6bbaf8ae2751986a2d6d28aa1e663
SHA1210aaca4699bfb4cfc69444be0a2a1f2ef1978f7
SHA2566ffd9cccb5f6f0b180777b3123f52df16d61fa627fbbe9014bd2b6861decfd04
SHA51251f732beec5c4b430d7d93614171dfd801052665d9482ccca5f2627789f186d9692c0e13c630e9ff09f2e3d16ec5c63a9a03ac00574b3e1b5b95ba95e1d7b132
-
Filesize
11KB
MD5918e939be906a6431ced9d775554daec
SHA1c57a23f803e98790bd5615dc87cc4e72def62ade
SHA256b622244d11ff73f2753febf026d8809731f99a8caef8df7b8435b10c12f74ba3
SHA5129956bc04f1dc0763ed6b383df61832cd0ddc100b9240dadf4825c23954839981129dc734084811c4ef3b5f1f31de68a7dacbc946b224281ed105cded9a43edaf