Analysis
-
max time kernel
146s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
06/07/2024, 18:01
Static task
static1
Behavioral task
behavioral1
Sample
dmmiedit.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
dmmiedit.html
Resource
win10v2004-20240704-en
General
-
Target
dmmiedit.html
-
Size
167KB
-
MD5
7e13719b5732fa63732704319fabe24d
-
SHA1
c3c2aee2827b607b3efa88068c8b268290767e73
-
SHA256
b312d50a2871261368e9e3d9169a2a520cda52f9f38e976b76e3e152addd757e
-
SHA512
d77a23b06c6e6d88348ae4f1a499c3d7981af5dc6e5b5e108a25c392812bed484d2c962df8b925458ba7120e48e216a4d03a65fe4a36bafddf39319d07f232f0
-
SSDEEP
1536:HKZlxAe1LH9H7zEFGLY9oPa7dbv1FJNPnFJU6IvnbEcm3XBiWpyZ74Q62tTIiAzN:HKZlr1LH9HKJupx+FB
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4072 msedge.exe 4072 msedge.exe 3444 msedge.exe 3444 msedge.exe 5024 identity_helper.exe 5024 identity_helper.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe 4036 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3444 wrote to memory of 3632 3444 msedge.exe 83 PID 3444 wrote to memory of 3632 3444 msedge.exe 83 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 5048 3444 msedge.exe 85 PID 3444 wrote to memory of 4072 3444 msedge.exe 86 PID 3444 wrote to memory of 4072 3444 msedge.exe 86 PID 3444 wrote to memory of 5068 3444 msedge.exe 87 PID 3444 wrote to memory of 5068 3444 msedge.exe 87 PID 3444 wrote to memory of 5068 3444 msedge.exe 87 PID 3444 wrote to memory of 5068 3444 msedge.exe 87 PID 3444 wrote to memory of 5068 3444 msedge.exe 87 PID 3444 wrote to memory of 5068 3444 msedge.exe 87 PID 3444 wrote to memory of 5068 3444 msedge.exe 87 PID 3444 wrote to memory of 5068 3444 msedge.exe 87 PID 3444 wrote to memory of 5068 3444 msedge.exe 87 PID 3444 wrote to memory of 5068 3444 msedge.exe 87 PID 3444 wrote to memory of 5068 3444 msedge.exe 87 PID 3444 wrote to memory of 5068 3444 msedge.exe 87 PID 3444 wrote to memory of 5068 3444 msedge.exe 87 PID 3444 wrote to memory of 5068 3444 msedge.exe 87 PID 3444 wrote to memory of 5068 3444 msedge.exe 87 PID 3444 wrote to memory of 5068 3444 msedge.exe 87 PID 3444 wrote to memory of 5068 3444 msedge.exe 87 PID 3444 wrote to memory of 5068 3444 msedge.exe 87 PID 3444 wrote to memory of 5068 3444 msedge.exe 87 PID 3444 wrote to memory of 5068 3444 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dmmiedit.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3444 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8080346f8,0x7ff808034708,0x7ff8080347182⤵PID:3632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,13319657337378166030,5987943866038548545,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵PID:5048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,13319657337378166030,5987943866038548545,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,13319657337378166030,5987943866038548545,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:82⤵PID:5068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13319657337378166030,5987943866038548545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:12⤵PID:1920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13319657337378166030,5987943866038548545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:12⤵PID:1992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,13319657337378166030,5987943866038548545,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:82⤵PID:4976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,13319657337378166030,5987943866038548545,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13319657337378166030,5987943866038548545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:12⤵PID:4452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13319657337378166030,5987943866038548545,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:12⤵PID:3576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13319657337378166030,5987943866038548545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵PID:756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13319657337378166030,5987943866038548545,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:12⤵PID:2356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,13319657337378166030,5987943866038548545,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5652 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4036
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1252
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3308
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e81c757cdb64c4fd5c91e6ade1a16308
SHA119dc7ff5e8551a2b08874131d962b697bb84ad9b
SHA25682141d451d07bdb68991f33c59129214dd6d3d10158aeb7a1dc81efbc5fb12b3
SHA512ba8de0b3b04fec5a96d361459dde0941b1b70f5be231fdec94806efa3ecf1e8faf8e27b1800fa606dc4a82e29d4cf5109b94109e5ad242ddf9f4671e2acbcfbd
-
Filesize
152B
MD52e57ec8bd99545e47a55d581964d0549
SHA1bd7055ea7df7696298a94dedfc91136e3b530db8
SHA256a50ba35608edc2f3360cc71be0d4b29bba0e3382d1f08f24df5322ce2ad2443c
SHA5126b9b73d983c472149629c842e16e4f7c2f8a0a3bb6dd64837ef647db810ef1beb3a02b15dc1eec2c5de8aee6b3ca195c7d26c432705061c5b0ec7841a5bbf106
-
Filesize
486B
MD5827963e822aa6add08913bfbd2a978b4
SHA1ac1f9ab2df6ac7b561227e2dd422ffa541b4fc43
SHA256c6e554d502c86d3117a2db308e1d31b4646710f40a682e623ecc399f635bf942
SHA5123f2b456775c93818d42aa30f368a5ae263c59ef8daf6ff7c718691c90a17554ec40e173c0754ae757133c73a1da66e1c46dfb4fae66f342a735995448e8b8973
-
Filesize
6KB
MD593bd51e5548d0cc909a14fb7fcb185f4
SHA1325c9b28433a29262bcc01ed24a332c76d1dc5a6
SHA256b1fe8f006cee0578a593d9606ecce8dc940763c82625b5d6cafa8929143c7b37
SHA5122242fdb9402b15ad378c01c741f7e9cd645b7d03e011820c82221162d20cd96217aba2adf1555dc84895a028fe088b18986aa9c21b50a185153907489e5e4f97
-
Filesize
6KB
MD513deef6a58ab2c9ef85484fade525b54
SHA1c4c6fafc4a949a0d02931dcf68a5bf59b90f2aed
SHA256f515425f821000bb9dc903dc2073c51ed80aba4d11165091732d74140ca8d9c4
SHA512de5c57d798147750b80278dfc17a083d62a2807dbefb821b79db4585acd6eada9731a6c5218dbb5af1557e26edf7cd2cec363c28858d450de9d41ab52d647673
-
Filesize
6KB
MD5ca8c82c547397f1a9838a26c9d225ba1
SHA1372b24e5f2deebd479d28ca6ca723229ee54a94e
SHA2566ddca0b098c20e24a048498903d73e4686ea42534915154ccb57de95535401bd
SHA5128b945d64650a335e8777f3714003df4c477b80d0f61badf24e49513b5a3af45e3f752bf882235035eddba520c8623c9fe8bb30d8131838605876c900ef0ecf52
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD5700a1bca18350e208f0e8697bd7e2224
SHA1b15803ddfb3826c36d7e2976134ae3de826d0a87
SHA25662088691735f6561c930fddc2b016a2ae02400f13b536f08261344bdf2082100
SHA5129c2f7e75ea05d3fa72a7e45c5a3405e91c797a31ed5a5adda5435469ef3f8b90aee30dd955cacce4f5efa252eae6a49832028b678b458e4b44249e4968d8fc2a