b312d50a2871261368e9e3d9169a2a520cda52f9f38e976b76e3e152addd757e

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 18:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dmmiedit.html
Size

167KB
MD5

7e13719b5732fa63732704319fabe24d
SHA1

c3c2aee2827b607b3efa88068c8b268290767e73
SHA256

b312d50a2871261368e9e3d9169a2a520cda52f9f38e976b76e3e152addd757e
SHA512

d77a23b06c6e6d88348ae4f1a499c3d7981af5dc6e5b5e108a25c392812bed484d2c962df8b925458ba7120e48e216a4d03a65fe4a36bafddf39319d07f232f0
SSDEEP

1536:HKZlxAe1LH9H7zEFGLY9oPa7dbv1FJNPnFJU6IvnbEcm3XBiWpyZ74Q62tTIiAzN:HKZlr1LH9HKJupx+FB

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4072	msedge.exe
4072	msedge.exe
3444	msedge.exe
3444	msedge.exe
5024	identity_helper.exe
5024	identity_helper.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3444 wrote to memory of 3632	3444	msedge.exe	83
PID 3444 wrote to memory of 3632	3444	msedge.exe	83
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 5048	3444	msedge.exe	85
PID 3444 wrote to memory of 4072	3444	msedge.exe	86
PID 3444 wrote to memory of 4072	3444	msedge.exe	86
PID 3444 wrote to memory of 5068	3444	msedge.exe	87
PID 3444 wrote to memory of 5068	3444	msedge.exe	87
PID 3444 wrote to memory of 5068	3444	msedge.exe	87
PID 3444 wrote to memory of 5068	3444	msedge.exe	87
PID 3444 wrote to memory of 5068	3444	msedge.exe	87
PID 3444 wrote to memory of 5068	3444	msedge.exe	87
PID 3444 wrote to memory of 5068	3444	msedge.exe	87
PID 3444 wrote to memory of 5068	3444	msedge.exe	87
PID 3444 wrote to memory of 5068	3444	msedge.exe	87
PID 3444 wrote to memory of 5068	3444	msedge.exe	87
PID 3444 wrote to memory of 5068	3444	msedge.exe	87
PID 3444 wrote to memory of 5068	3444	msedge.exe	87
PID 3444 wrote to memory of 5068	3444	msedge.exe	87
PID 3444 wrote to memory of 5068	3444	msedge.exe	87
PID 3444 wrote to memory of 5068	3444	msedge.exe	87
PID 3444 wrote to memory of 5068	3444	msedge.exe	87
PID 3444 wrote to memory of 5068	3444	msedge.exe	87
PID 3444 wrote to memory of 5068	3444	msedge.exe	87
PID 3444 wrote to memory of 5068	3444	msedge.exe	87
PID 3444 wrote to memory of 5068	3444	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dmmiedit.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8080346f8,0x7ff808034708,0x7ff808034718
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,13319657337378166030,5987943866038548545,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,13319657337378166030,5987943866038548545,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,13319657337378166030,5987943866038548545,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13319657337378166030,5987943866038548545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13319657337378166030,5987943866038548545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,13319657337378166030,5987943866038548545,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,13319657337378166030,5987943866038548545,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13319657337378166030,5987943866038548545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13319657337378166030,5987943866038548545,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13319657337378166030,5987943866038548545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13319657337378166030,5987943866038548545,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,13319657337378166030,5987943866038548545,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5652 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e81c757cdb64c4fd5c91e6ade1a16308

SHA1
19dc7ff5e8551a2b08874131d962b697bb84ad9b

SHA256
82141d451d07bdb68991f33c59129214dd6d3d10158aeb7a1dc81efbc5fb12b3

SHA512
ba8de0b3b04fec5a96d361459dde0941b1b70f5be231fdec94806efa3ecf1e8faf8e27b1800fa606dc4a82e29d4cf5109b94109e5ad242ddf9f4671e2acbcfbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2e57ec8bd99545e47a55d581964d0549

SHA1
bd7055ea7df7696298a94dedfc91136e3b530db8

SHA256
a50ba35608edc2f3360cc71be0d4b29bba0e3382d1f08f24df5322ce2ad2443c

SHA512
6b9b73d983c472149629c842e16e4f7c2f8a0a3bb6dd64837ef647db810ef1beb3a02b15dc1eec2c5de8aee6b3ca195c7d26c432705061c5b0ec7841a5bbf106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
486B

MD5
827963e822aa6add08913bfbd2a978b4

SHA1
ac1f9ab2df6ac7b561227e2dd422ffa541b4fc43

SHA256
c6e554d502c86d3117a2db308e1d31b4646710f40a682e623ecc399f635bf942

SHA512
3f2b456775c93818d42aa30f368a5ae263c59ef8daf6ff7c718691c90a17554ec40e173c0754ae757133c73a1da66e1c46dfb4fae66f342a735995448e8b8973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
93bd51e5548d0cc909a14fb7fcb185f4

SHA1
325c9b28433a29262bcc01ed24a332c76d1dc5a6

SHA256
b1fe8f006cee0578a593d9606ecce8dc940763c82625b5d6cafa8929143c7b37

SHA512
2242fdb9402b15ad378c01c741f7e9cd645b7d03e011820c82221162d20cd96217aba2adf1555dc84895a028fe088b18986aa9c21b50a185153907489e5e4f97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
13deef6a58ab2c9ef85484fade525b54

SHA1
c4c6fafc4a949a0d02931dcf68a5bf59b90f2aed

SHA256
f515425f821000bb9dc903dc2073c51ed80aba4d11165091732d74140ca8d9c4

SHA512
de5c57d798147750b80278dfc17a083d62a2807dbefb821b79db4585acd6eada9731a6c5218dbb5af1557e26edf7cd2cec363c28858d450de9d41ab52d647673

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ca8c82c547397f1a9838a26c9d225ba1

SHA1
372b24e5f2deebd479d28ca6ca723229ee54a94e

SHA256
6ddca0b098c20e24a048498903d73e4686ea42534915154ccb57de95535401bd

SHA512
8b945d64650a335e8777f3714003df4c477b80d0f61badf24e49513b5a3af45e3f752bf882235035eddba520c8623c9fe8bb30d8131838605876c900ef0ecf52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
700a1bca18350e208f0e8697bd7e2224

SHA1
b15803ddfb3826c36d7e2976134ae3de826d0a87

SHA256
62088691735f6561c930fddc2b016a2ae02400f13b536f08261344bdf2082100

SHA512
9c2f7e75ea05d3fa72a7e45c5a3405e91c797a31ed5a5adda5435469ef3f8b90aee30dd955cacce4f5efa252eae6a49832028b678b458e4b44249e4968d8fc2a

Download Submit