Overview

overview

3

Static

static

1

question/e...tor.js

windows7-x64

3

question/e...tor.js

windows10-2004-x64

3

question/e...t.html

windows7-x64

1

question/e...t.html

windows10-2004-x64

1

question/e...r.html

windows7-x64

1

question/e...r.html

windows10-2004-x64

1

question/e...ger.js

windows7-x64

3

question/e...ger.js

windows10-2004-x64

3

question/e...h.html

windows7-x64

1

question/e...h.html

windows10-2004-x64

1

question/e...e.html

windows7-x64

1

question/e...e.html

windows10-2004-x64

1

question/e...k.html

windows7-x64

1

question/e...k.html

windows10-2004-x64

1

question/e...a.html

windows7-x64

1

question/e...a.html

windows10-2004-x64

1

question/e...e.html

windows7-x64

1

question/e...e.html

windows10-2004-x64

1

question/e...e.html

windows7-x64

1

question/e...e.html

windows10-2004-x64

1

question/s...dex.js

windows7-x64

3

question/s...dex.js

windows10-2004-x64

3

question/s...ype.js

windows7-x64

3

question/s...ype.js

windows10-2004-x64

3

question/s...ser.js

windows7-x64

3

question/s...ser.js

windows10-2004-x64

3

question/�...��.url

windows7-x64

1

question/�...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/06/2024, 05:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    question/editor/plugins/wordpaste.html

  • Size

    1KB

  • MD5

    bb5aa523d25e931a2e92f408e8aad17e

  • SHA1

    f874a7adb8186fd9f786f8850eba7bcc39cbbc2f

  • SHA256

    c56a8105807ed7a1348c8e93ad77931c262ebc7011acd00e797f355e958c52e5

  • SHA512

    78bb7029fb3473ff8768119a75b46ebb85d09aefb7bcc291c66c77c04ddc163b761b8d3a907c90528e244eb8d907ac3b12dcb8dd76abb4a50c0bd6b38266e439

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\question\editor\plugins\wordpaste.html
    1⤵
      PID:824
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3824,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=4612 /prefetch:1
      1⤵
        PID:5064
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3856,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=4076 /prefetch:1
        1⤵
          PID:2296
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5324,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=5336 /prefetch:8
          1⤵
            PID:1584
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5348,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=5408 /prefetch:8
            1⤵
              PID:4172
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5524,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=5364 /prefetch:8
              1⤵
                PID:3188
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
                1⤵
                • Enumerates system info in registry
                • Modifies data under HKEY_USERS
                • Modifies registry class
                • Suspicious use of WriteProcessMemory
                PID:4904
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.92 --initial-client-data=0x240,0x244,0x248,0x23c,0x218,0x7ff9fb6b4ef8,0x7ff9fb6b4f04,0x7ff9fb6b4f10
                  2⤵
                    PID:3760
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2448,i,4969328177182105485,7384024872748390957,262144 --variations-seed-version --mojo-platform-channel-handle=2444 /prefetch:2
                    2⤵
                      PID:2636
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1932,i,4969328177182105485,7384024872748390957,262144 --variations-seed-version --mojo-platform-channel-handle=2712 /prefetch:3
                      2⤵
                        PID:3056
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2208,i,4969328177182105485,7384024872748390957,262144 --variations-seed-version --mojo-platform-channel-handle=2720 /prefetch:8
                        2⤵
                          PID:4684
                        • C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=4460,i,4969328177182105485,7384024872748390957,262144 --variations-seed-version --mojo-platform-channel-handle=4488 /prefetch:8
                          2⤵
                            PID:4280
                          • C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=4460,i,4969328177182105485,7384024872748390957,262144 --variations-seed-version --mojo-platform-channel-handle=4488 /prefetch:8
                            2⤵
                              PID:2424
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=3968,i,4969328177182105485,7384024872748390957,262144 --variations-seed-version --mojo-platform-channel-handle=4700 /prefetch:8
                              2⤵
                                PID:3644
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=3976,i,4969328177182105485,7384024872748390957,262144 --variations-seed-version --mojo-platform-channel-handle=4704 /prefetch:8
                                2⤵
                                  PID:232
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4776,i,4969328177182105485,7384024872748390957,262144 --variations-seed-version --mojo-platform-channel-handle=4780 /prefetch:8
                                  2⤵
                                    PID:2412
                                • C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\elevation_service.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\elevation_service.exe"
                                  1⤵
                                    PID:3668

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
                                    Filesize

                                    2B

                                    MD5

                                    99914b932bd37a50b983c5e7c90ae93b

                                    SHA1

                                    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                    SHA256

                                    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                    SHA512

                                    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
                                    Filesize

                                    2B

                                    MD5

                                    d751713988987e9331980363e24189ce

                                    SHA1

                                    97d170e1550eee4afc0af065b78cda302a97674c

                                    SHA256

                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                    SHA512

                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
                                    Filesize

                                    40B

                                    MD5

                                    20d4b8fa017a12a108c87f540836e250

                                    SHA1

                                    1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                    SHA256

                                    6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                    SHA512

                                    507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    10KB

                                    MD5

                                    d1aefaf9cb75e7d400c2c4597e00e977

                                    SHA1

                                    58df380adab96af5612ef1b5f547b3ae8c8d5db3

                                    SHA256

                                    a509417ecfdccc140a874c7885d728b6fd4195d7e5a25dc5cb4561c322a24dce

                                    SHA512

                                    6406ef184023fa07acc6e6c37878f145cfd3b53127fe88994a1f6f307784899967ca94050d696dc84acec971bd0fb98d91b13699515f79518b8218b4b683216e

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                    Filesize

                                    30KB

                                    MD5

                                    e9a7b58a8397671064556618c7b24df8

                                    SHA1

                                    3f767b89b0de448904c7e976d972d2be1e71f4bd

                                    SHA256

                                    2fcdff74461ad28c0376a69ed00babc34815e0d81ae2320640d986fc02189eed

                                    SHA512

                                    40b1070aa128cae24924bef56e7c540fdce1e187135fc6337eaa7355c1b6212e35a0b7ddebd32dea8f902cda106e1a13eca7d80119cf54556fd8e5184c1f43a6

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    51KB

                                    MD5

                                    820067195e07e8725eeb676482bf83a7

                                    SHA1

                                    a380b3904565e1a12d69d1e8b3274d315ea9c64c

                                    SHA256

                                    5aa2ae04ca78dea70046e020b46f3e2c9738387ccc1b8485c83f66fd61cb7fef

                                    SHA512

                                    6c0085909f040b6ae47e8e4ff41b577ae7a28bdfd5e8016d39ab511ffc0b4909f38d2b49e314ca68ee11d6e046eea42b3dd773755493827dd1b41387cf141dea

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    51KB

                                    MD5

                                    f4c333be6a48b2e6317691ead73b97c7

                                    SHA1

                                    5b30ce5718d5f601d02aa6311ccf95d40dfd9fd2

                                    SHA256

                                    88362f4f6ae554d33381112714c77201f5dd9ed9df18f4aeab075b14a642ec52

                                    SHA512

                                    1f4041e85f820a446fa5d04c315715f4eaba9bf6891dae0607b9341012f034a1d0805193168509fba28a924a5d9e05711330121ee1d473fd20d06b9ac51a4641

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
                                    Filesize

                                    2KB

                                    MD5

                                    ce54800183d3002e45427be8a7d9fcd7

                                    SHA1

                                    cb24560bc3011a420b1f0644dcdf5eb47fcb1cf9

                                    SHA256

                                    091dae86f6935fb9b67040baaf372a4834c922537fc147d07f53018a6b6ec018

                                    SHA512

                                    dfce4a9398a259c26f9bacbdd387ae1df88b12f4b72353825c465a71db0eb8fdd9060893c87465efeaa5d61686a9d42482a3b464bec18f8ec734e76b64afcf31

                                    Download Submit