92a0e9a2355f51fd09df3ff3430407793c3179dd7401a9efebedd48a2e070d61

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
15-06-2024 22:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

218KB
MD5

08b18b7ed69d089444e79a7458075690
SHA1

0c785503a1a3c8f4188951c18e7db878091d5d25
SHA256

6eab3fd7f2aea07056cb427ac0de4707ede7843a44bf9909ad2e9f32ef617c9b
SHA512

1ab575d5e305863739d3b6b71b5703e29108dd6ce9e5b63bfe44745878d50232762e0440a8308cd3ae22db6aff2f26210793575147d1f069805f7a0f9fcbcd7b
SSDEEP

3072:S+cYdhB7LxSyyfkMY+BES09JXAnyrZalI+YQ:S+cKlg3sMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2484	msedge.exe
2484	msedge.exe
4148	msedge.exe
4148	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4148	msedge.exe
4148	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4148 wrote to memory of 3912	4148	msedge.exe	87
PID 4148 wrote to memory of 3912	4148	msedge.exe	87
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2984	4148	msedge.exe	89
PID 4148 wrote to memory of 2484	4148	msedge.exe	90
PID 4148 wrote to memory of 2484	4148	msedge.exe	90
PID 4148 wrote to memory of 4896	4148	msedge.exe	91
PID 4148 wrote to memory of 4896	4148	msedge.exe	91
PID 4148 wrote to memory of 4896	4148	msedge.exe	91
PID 4148 wrote to memory of 4896	4148	msedge.exe	91
PID 4148 wrote to memory of 4896	4148	msedge.exe	91
PID 4148 wrote to memory of 4896	4148	msedge.exe	91
PID 4148 wrote to memory of 4896	4148	msedge.exe	91
PID 4148 wrote to memory of 4896	4148	msedge.exe	91
PID 4148 wrote to memory of 4896	4148	msedge.exe	91
PID 4148 wrote to memory of 4896	4148	msedge.exe	91
PID 4148 wrote to memory of 4896	4148	msedge.exe	91
PID 4148 wrote to memory of 4896	4148	msedge.exe	91
PID 4148 wrote to memory of 4896	4148	msedge.exe	91
PID 4148 wrote to memory of 4896	4148	msedge.exe	91
PID 4148 wrote to memory of 4896	4148	msedge.exe	91
PID 4148 wrote to memory of 4896	4148	msedge.exe	91
PID 4148 wrote to memory of 4896	4148	msedge.exe	91
PID 4148 wrote to memory of 4896	4148	msedge.exe	91
PID 4148 wrote to memory of 4896	4148	msedge.exe	91
PID 4148 wrote to memory of 4896	4148	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ffba59746f8,0x7ffba5974708,0x7ffba5974718
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,18085021200425784852,4959032833825987715,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,18085021200425784852,4959032833825987715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,18085021200425784852,4959032833825987715,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,18085021200425784852,4959032833825987715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,18085021200425784852,4959032833825987715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,18085021200425784852,4959032833825987715,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
257c0005d0c4d0bb282cb470925e4376

SHA1
f9b8efb511ed64292568977c9f2ec255509e8f7d

SHA256
8185c36aaacfc71e42f94fad8e198fe7fb2d868398ceabb89261cae94341cb22

SHA512
2f3e8f352ed3ef88e8c28650390f93f98c92174d268330b886f3ebd1ba0163999051298ee12a054606b4986005452a241c6864cd292e69492d79c37d500556f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4819fbc4513c82d92618f50a379ee232

SHA1
ab618827ff269655283bf771fc957c8798ab51ee

SHA256
05e479e8ec96b7505e01e5ec757ccfe35cb73cd46b27ff4746dce90d43d9237c

SHA512
bc24fb972d04b55505101300e268f91b11e5833f1a18e925b5ded7e758b5e3e08bee1aa8f3a0b65514d6df981d0cbfa8798344db7f2a3675307df8de12ae475b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
19a060be3aa73dba3b5beb410cacb717

SHA1
66bb0b77332eeb3a0e30213cec7d5e38d37d8bff

SHA256
f080b61f224cfc7a808aff599416ef527de21f0fcc121ec5c35a287333405acd

SHA512
266abaded9ec9d8bc7dda6839028b23bbf5c07d473515e60ac9c73d0d17b0dc46321ed37e0873cc7a1cd173734319392730844eea2f869cfa093dea6acef1ed2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2524a63aaba5695f41e038ea5eb35969

SHA1
163c0b74a2083d8127012c50b6bde189648af0de

SHA256
0e0fa42eb0c213021f0d7f7fbb4fff994548fecb24057075ee260adad71c69f0

SHA512
ea2a4689c2d0cf741e1e7f0bfe8906dc55e37ded2bf26b07a9c2df800d4c25b92b154f4393235b96c7cdcc0080d91f10c9bd48cc1314307c1f9d70851d954501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
95cd1581c30a5c26f698a8210bcab430

SHA1
5e8e551a47dd682ec51a7d6808fe8e0f2af39e86

SHA256
d58162c5ae5e18fc06604c285e024c01686093d70994dc93b4ae9d85b4c3f7b9

SHA512
e49403df10177053634c431203a91d26df5dfb23cbbb88847459ecdf4b6107040d0944a3e84ee6bb26cb4e8017a35c8c31b658387cd1b6938ba4cb9f59606ece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ad366480097a7884b3b5ba8e606a0bfc

SHA1
eee0f5362760a611b0e7e62ac9b9aa2b37c485e6

SHA256
c0abb52d26ee2a6c2273b6dfcbaa5448a00bad5b001d900247c61c015090608b

SHA512
e7caab0403ce88531de53b1c44407b8be6054bc411dc6ad855756d6f4153fb4a5258c1f7dbc6553fb90fa38428ed3567678b7835f9918242ceb6a0febf1e55bd

Download Submit