2890303e8efcfd4ddc9d25bf35e608c36a48413d6d03e4d2a7adfcc92516b8b5

Analysis

max time kernel
5s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07-07-2024 03:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

index.html
Size

462KB
MD5

13cebc8e31d9be9ccfd4956fd7c37385
SHA1

3788327e575e02df72a0b40ac9f946b94dffc073
SHA256

023e7936371f358229b005b9bed1ef6e406bd01e28ff87acfc75b655a090021e
SHA512

3f540dd7eb78f25e420e509ba50394a92fca0c194cce34ed7089994d781ea8a25d96037930ec0ecba155cc18efabb7bcdd6bd96f89d700e1defd382242ad199e
SSDEEP

6144:16cZfa0eOssBf0mo7TBlkldTuVemndaHmRyTarZTR61:E6p0m2TBlklNugmndaHmRyX

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 44 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 4108	2740	msedge.exe	83
PID 2740 wrote to memory of 4108	2740	msedge.exe	83
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 4316	2740	msedge.exe	84
PID 2740 wrote to memory of 3248	2740	msedge.exe	85
PID 2740 wrote to memory of 3248	2740	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\index.html
1⤵
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd78546f8,0x7ffdd7854708,0x7ffdd7854718
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,16120942915145882796,6382126849475085540,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,16120942915145882796,6382126849475085540,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,16120942915145882796,6382126849475085540,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16120942915145882796,6382126849475085540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16120942915145882796,6382126849475085540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2184,16120942915145882796,6382126849475085540,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16120942915145882796,6382126849475085540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16120942915145882796,6382126849475085540,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16120942915145882796,6382126849475085540,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,16120942915145882796,6382126849475085540,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,16120942915145882796,6382126849475085540,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3428 /prefetch:8
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,16120942915145882796,6382126849475085540,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3428 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,16120942915145882796,6382126849475085540,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5468 /prefetch:2
  2⤵
  PID:4084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:388

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x404
1⤵
PID:972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\55da94d1-077a-4dab-be31-8e824782defd.tmp

Filesize
11KB

MD5
0692b76886fcd9e3256b01292e3d189f

SHA1
ee6fe3044a464e916ec7e82cbfe7968c95ae0474

SHA256
5c612f7c73fb6e78a581df1d1b80a3471bdf926ec41ac61505666465f46b3cac

SHA512
b14f8d25440de061c3aed65c1239d0823989326ea6480de57052c1fa505992877a1a9e841466d0d5436b0be0a6a3e41bc128d0a4a51cbcff6fd144fc50e054cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
de1d175f3af722d1feb1c205f4e92d1e

SHA1
019cf8527a9b94bd0b35418bf7be8348be5a1c39

SHA256
1b99cae942ebf99c31795fa279d51b1a2379ca0af7b27bd3c58ea6c78a033924

SHA512
f0dcd08afd3c6a761cc1afa2846ec23fb5438d6127ebd535a754498debabd0b1ebd04858d1b98be92faf14b512f982b1f3dcbb702860e96877eb835f763f9734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
06b496d28461d5c01fc81bc2be6a9978

SHA1
36e7a9d9c7a924d5bb448d68038c7fe5e6cbf5aa

SHA256
e4a2d1395627095b0fa55e977e527ccb5b71dff3cd2d138df498f50f9f5ab507

SHA512
6488a807c978d38d65010583c1e5582548ab8102ebd68ee827e603c9bdfcdbb9f98a488d31414a829409f6edca8bd2eb4aadd4ff31b144de41249fa63a26bc91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
856B

MD5
5c74e8b3bed066c507a18cd9acad2264

SHA1
9c1eba5224d326dd42452e7a4dbb338ced601c8a

SHA256
06fdd73c54b3bc8edccbd6a1b8432b2b59e7ec2d4d5bdea1ec9335f5545fb541

SHA512
de75ff6903a5b70b7fe3a2d24b5bb0300856d24a6dc2cd63de2bc104f23c133f6b189e07b0b2e5cea04109ba4b68e6af37b8fd9402ba7426a9cbee59b700848c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ac8657c429b67a9a9107bf808bbee0af

SHA1
e21d02a7f48d6749c355fb62fcfd4bfe6ea97c5e

SHA256
29b7dfc772898b82d96ae30df3b38e7a4416324237f513a82e9d3a61b56e0198

SHA512
00dac46c9cbc18670b8a79155bc94d70514920828a9f488967c3b2eac0110112da4ed2ab6dec446ea2ae3fe6ed3dd6d2ca42c8567451ae66f4b37a8c5ad153d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
01029e8d23396ca22a550abeee0cacf5

SHA1
2e91cf23118b16a4c74bc0019de793f2710e7e4b

SHA256
a6bbf5fec0c04713aa61ec618e6594f1408d48f036024ca3af4f76af28d0adb7

SHA512
b377eec9e39826286c882dea4dbee39b5e244e360c3e30250dc762c951b8d7c62b8592be9965619059d2fcdbd4c7a51c25c10e741ac5f25ce46f965482171e5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
de25f1f6ac0c758fd5d9ea7979965b15

SHA1
3deeed69a18a6e0525ee4fb764e4897ca3ee29cb

SHA256
13e35f56d1ef092b444053d10f492a6fe28c08fb016d759bea6fd1f9d3839783

SHA512
a4c4a0d0b6b5a80721a490b6a1c8f6a02b8088e7f713542c2b16dd4471424062904949f43be4079fe4d46930e56a78232fc42a7b3d29e4fcd34a6aa8f2e64e5a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads