c963cb5adb198fbdaebb940f816d135596264d03de0be61de00d0bd1cb204c93

Analysis

max time kernel
42s
max time network
43s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 15:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Mono/Monaco/Monaco.html
Size

6KB
MD5

999896134bd43cefa865f37e514ba62f
SHA1

97077125bb36ba072e30f2ec68f80ae213f76b84
SHA256

1ecdd9529ef5487f92736894d94ff680f6c32ee821615d29c0fc814f3a310b4a
SHA512

6af01d1c9d4212e25fc35e9ae0730538f01b3d62cd904fec90077030ede5b07af952388e57927f3518895580b95263c70372f791a247572da657e70bf8c3ab47
SSDEEP

192:wEod3PorvFhAmQp5keghKcCI2MCTJ3+NLSaPh/WCY/jt:ud3PonBw5keghHwjt

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3840	msedge.exe
3840	msedge.exe
3356	msedge.exe
3356	msedge.exe
1368	identity_helper.exe
1368	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3356 wrote to memory of 2032	3356	msedge.exe	85
PID 3356 wrote to memory of 2032	3356	msedge.exe	85
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 4540	3356	msedge.exe	86
PID 3356 wrote to memory of 3840	3356	msedge.exe	87
PID 3356 wrote to memory of 3840	3356	msedge.exe	87
PID 3356 wrote to memory of 1280	3356	msedge.exe	88
PID 3356 wrote to memory of 1280	3356	msedge.exe	88
PID 3356 wrote to memory of 1280	3356	msedge.exe	88
PID 3356 wrote to memory of 1280	3356	msedge.exe	88
PID 3356 wrote to memory of 1280	3356	msedge.exe	88
PID 3356 wrote to memory of 1280	3356	msedge.exe	88
PID 3356 wrote to memory of 1280	3356	msedge.exe	88
PID 3356 wrote to memory of 1280	3356	msedge.exe	88
PID 3356 wrote to memory of 1280	3356	msedge.exe	88
PID 3356 wrote to memory of 1280	3356	msedge.exe	88
PID 3356 wrote to memory of 1280	3356	msedge.exe	88
PID 3356 wrote to memory of 1280	3356	msedge.exe	88
PID 3356 wrote to memory of 1280	3356	msedge.exe	88
PID 3356 wrote to memory of 1280	3356	msedge.exe	88
PID 3356 wrote to memory of 1280	3356	msedge.exe	88
PID 3356 wrote to memory of 1280	3356	msedge.exe	88
PID 3356 wrote to memory of 1280	3356	msedge.exe	88
PID 3356 wrote to memory of 1280	3356	msedge.exe	88
PID 3356 wrote to memory of 1280	3356	msedge.exe	88
PID 3356 wrote to memory of 1280	3356	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Mono\Monaco\Monaco.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8aec446f8,0x7ff8aec44708,0x7ff8aec44718
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1133496696331521252,13367639943988522433,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,1133496696331521252,13367639943988522433,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,1133496696331521252,13367639943988522433,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1133496696331521252,13367639943988522433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1133496696331521252,13367639943988522433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1133496696331521252,13367639943988522433,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:8
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1133496696331521252,13367639943988522433,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1133496696331521252,13367639943988522433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1133496696331521252,13367639943988522433,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1133496696331521252,13367639943988522433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1133496696331521252,13367639943988522433,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:1216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c00b0d6e0f836dfa596c6df9d3b2f8f2

SHA1
69ad27d9b4502630728f98917f67307e9dd12a30

SHA256
578481cd359c669455e24983b13723c25584f58925b47283cb580019ef3142b1

SHA512
0e098ab5f5772fec17880e228a0dccbbaa06dc1af14e0fd827f361599c61899fe07d612a7f7b049ff6661d27fdc495566dd20fc28ceed022b87c212bf00be5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54f1b76300ce15e44e5cc1a3947f5ca9

SHA1
c978bfaa6ec6dae05464c6426eaa6cb3c3e2f3b7

SHA256
43dec5d87b7ee892a3d99cb61f772ba403882ac0772423f36034e84244c1ca24

SHA512
ac26e5676c675be329eb62b5d5a36a0e6014ab8a6366684b0fc2a59ae5f061f596f462b82eb4e9f135d2235a0cbd4af96680d234eecc873a8397fd81507d277a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
95e1f2056111901881334dca6dd71301

SHA1
120a8f82604fcb500595b36a96e58f8abbdedb9a

SHA256
a5aa3c451eda27b7418bf1c1c4ed118d971285f9b8d5b620d02a6b034c5aedb7

SHA512
d45489d21e16d0fa0b74ee0609a79afd7a006c6289babee3e2087ac55e52cf752ca51a00553290b4a6f18109fec07be4e3cc993ea4709336e35f486ce8348105

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
171da942e17efd8bcecb6a438405b43b

SHA1
d8a964c2929a7e2a7bbddcdf8ace30512935edb5

SHA256
865e9b6913f77df58c30c83d9de6ef1da77b7ca3869a0673d99c5a1fbb3798b6

SHA512
ba05fca0ae43219f31ef2e245ec2e692e975710bf3dd849da54159d0ee480a6d7ba7416af65b79af6d8e229e0e703bd85583c20e4c6563754cd1eef739dbc52a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ca09fad28970b7ca5664c308ea7e29c7

SHA1
6a3bb8fc6ce202350fba1a8048a8bc6c7bb61f28

SHA256
d72ec6298a6b1a0d159b4df4251091e0f8452262179cbfbb23e3e4420bf89eea

SHA512
7d9e67de2b8a2e5ef813a74027d422d9da9bd19ad2af003a68799274bc7f36f427356dc81c1b163c3c73444c625c085c0216b3d8f304b88d1d0e3d7179e00e54

Download Submit