af3c5c350230d080112afc4e64c2d69a0929b7d2f864e641a35c45694fd821f5

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 07:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

73af858c6a62a27a1ca5d077de04d61d
SHA1

8c3a52c733dafe2c0850882cb1ee365d1c96d10b
SHA256

b724ad7e82ac8a533d4602cc3a0839d916fded65073f73b8f7b37034935186d4
SHA512

c79dc2c2f5386ad2f339db0e3281ba9206a47be72031db2f5db6a27da25c5fb8a26c259f10f006afa435b598393e5393227f2f2da50158571c64383708d2a97a
SSDEEP

3072:SnpLCioA4mT4yfkMY+BES09JXAnyrZalI+YQ:SnnRT1sMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1908	msedge.exe
1908	msedge.exe
748	msedge.exe
748	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
748	msedge.exe
748	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe
748	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 748 wrote to memory of 2196	748	msedge.exe	81
PID 748 wrote to memory of 2196	748	msedge.exe	81
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 400	748	msedge.exe	82
PID 748 wrote to memory of 1908	748	msedge.exe	83
PID 748 wrote to memory of 1908	748	msedge.exe	83
PID 748 wrote to memory of 2536	748	msedge.exe	84
PID 748 wrote to memory of 2536	748	msedge.exe	84
PID 748 wrote to memory of 2536	748	msedge.exe	84
PID 748 wrote to memory of 2536	748	msedge.exe	84
PID 748 wrote to memory of 2536	748	msedge.exe	84
PID 748 wrote to memory of 2536	748	msedge.exe	84
PID 748 wrote to memory of 2536	748	msedge.exe	84
PID 748 wrote to memory of 2536	748	msedge.exe	84
PID 748 wrote to memory of 2536	748	msedge.exe	84
PID 748 wrote to memory of 2536	748	msedge.exe	84
PID 748 wrote to memory of 2536	748	msedge.exe	84
PID 748 wrote to memory of 2536	748	msedge.exe	84
PID 748 wrote to memory of 2536	748	msedge.exe	84
PID 748 wrote to memory of 2536	748	msedge.exe	84
PID 748 wrote to memory of 2536	748	msedge.exe	84
PID 748 wrote to memory of 2536	748	msedge.exe	84
PID 748 wrote to memory of 2536	748	msedge.exe	84
PID 748 wrote to memory of 2536	748	msedge.exe	84
PID 748 wrote to memory of 2536	748	msedge.exe	84
PID 748 wrote to memory of 2536	748	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff93d6e46f8,0x7ff93d6e4708,0x7ff93d6e4718
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,9096507818086072801,6812756361827229261,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,9096507818086072801,6812756361827229261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,9096507818086072801,6812756361827229261,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9096507818086072801,6812756361827229261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9096507818086072801,6812756361827229261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,9096507818086072801,6812756361827229261,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2980 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
36008162f3ba367da8ce45e9a87b3a63

SHA1
6d86ae3ac345a4baaa9e4697623a30843a059cab

SHA256
9ea065dd9a60597b5b1fc6e6f56f42e9a510c5a22abb944a8fa7349078d56dbe

SHA512
50a1fbf13d1882dbe68e4094bb4b9ad7efcd8a5c81ad48cf35b409995d7c002ae1a094ade49af04f9da0a44fe2f079f5eea182727da7ab65d3ce88bc45b30687

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e00bf810a4646348a506ea7df4034dac

SHA1
c578cf730a5867239a5080286de9a25e85a2eb30

SHA256
081340f4117a4ba9a5dfc2acb6438d8cae381d7702e224d1fc4d39cc36405812

SHA512
6cb7930cc9efeb66c94403600088ec71dedd8ee0f8c99bff99d28b5239348c72c48feda9d4fff250880d82b1c514f881f159e928ba954f9e5d5f52f82aea535c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
57525a28160b8441a750ce80251d1246

SHA1
8f7c4b36fb640e30010e5e049e41ae77355fef31

SHA256
c8adc6cf5be179cffe4637a75da95cb734d1dc119164e853ae06607acb7c42ea

SHA512
8daf60a51e27493afdab8c5b2d76874c4e1733e7c13da7c9f70c00cb2302368a67c742bb9f2894898bca2e966029ef7adc0288bbecf9a83bfba4765d16e882e5

Download Submit