Overview
overview
6Static
static
3BOOTDISK/MAKEBOOT.exe
windows7-x64
BOOTDISK/MAKEBOOT.exe
windows10-2004-x64
BOOTDISK/MAKEBT32.exe
windows7-x64
1BOOTDISK/MAKEBT32.exe
windows10-2004-x64
1DISCOVER/C...IN.htm
windows7-x64
6DISCOVER/C...IN.htm
windows10-2004-x64
1DISCOVER/C...LT.htm
windows7-x64
6DISCOVER/C...LT.htm
windows10-2004-x64
1DISCOVER/C...GN.htm
windows7-x64
1DISCOVER/C...GN.htm
windows10-2004-x64
1DISCOVER/C...MN.htm
windows7-x64
6DISCOVER/C...MN.htm
windows10-2004-x64
1DISCOVER/C...RV.htm
windows7-x64
1DISCOVER/C...RV.htm
windows10-2004-x64
1DISCOVER/C...RE.htm
windows7-x64
1DISCOVER/C...RE.htm
windows10-2004-x64
1DISCOVER/C...IN.htm
windows7-x64
6DISCOVER/C...IN.htm
windows10-2004-x64
1DISCOVER/C...RE.htm
windows7-x64
1DISCOVER/C...RE.htm
windows10-2004-x64
1DISCOVER/C...VD.htm
windows7-x64
1DISCOVER/C...VD.htm
windows10-2004-x64
1DISCOVER/C...X6.htm
windows7-x64
1DISCOVER/C...X6.htm
windows10-2004-x64
1DISCOVER/C...94.htm
windows7-x64
1DISCOVER/C...94.htm
windows10-2004-x64
1DISCOVER/C...AN.htm
windows7-x64
1DISCOVER/C...AN.htm
windows10-2004-x64
1DISCOVER/C...IN.htm
windows7-x64
6DISCOVER/C...IN.htm
windows10-2004-x64
1DISCOVER/C...ON.htm
windows7-x64
1DISCOVER/C...ON.htm
windows10-2004-x64
1Analysis
-
max time kernel
135s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
23/07/2024, 04:15
Static task
static1
Behavioral task
behavioral1
Sample
BOOTDISK/MAKEBOOT.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral2
Sample
BOOTDISK/MAKEBOOT.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
BOOTDISK/MAKEBT32.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral4
Sample
BOOTDISK/MAKEBT32.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
DISCOVER/COMPATBL/COMPMAIN.htm
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral6
Sample
DISCOVER/COMPATBL/COMPMAIN.htm
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
DISCOVER/COMPATBL/DEFAULT.htm
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral8
Sample
DISCOVER/COMPATBL/DEFAULT.htm
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
DISCOVER/COMPATBL/DRVRSUPP/DIG_SIGN.htm
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral10
Sample
DISCOVER/COMPATBL/DRVRSUPP/DIG_SIGN.htm
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
DISCOVER/COMPATBL/DRVRSUPP/DRVSUPMN.htm
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral12
Sample
DISCOVER/COMPATBL/DRVRSUPP/DRVSUPMN.htm
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
DISCOVER/COMPATBL/DRVRSUPP/MORE_DRV.htm
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral14
Sample
DISCOVER/COMPATBL/DRVRSUPP/MORE_DRV.htm
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
DISCOVER/COMPATBL/LGCYSUPP/HARDWARE.htm
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral16
Sample
DISCOVER/COMPATBL/LGCYSUPP/HARDWARE.htm
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
DISCOVER/COMPATBL/LGCYSUPP/LGCYMAIN.htm
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral18
Sample
DISCOVER/COMPATBL/LGCYSUPP/LGCYMAIN.htm
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
DISCOVER/COMPATBL/LGCYSUPP/SOFTWARE.htm
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral20
Sample
DISCOVER/COMPATBL/LGCYSUPP/SOFTWARE.htm
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
DISCOVER/COMPATBL/MULTSUPP/DVD.htm
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral22
Sample
DISCOVER/COMPATBL/MULTSUPP/DVD.htm
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
DISCOVER/COMPATBL/MULTSUPP/DX6.htm
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral24
Sample
DISCOVER/COMPATBL/MULTSUPP/DX6.htm
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
DISCOVER/COMPATBL/MULTSUPP/IEEE1394.htm
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral26
Sample
DISCOVER/COMPATBL/MULTSUPP/IEEE1394.htm
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
DISCOVER/COMPATBL/MULTSUPP/IMAGEMAN.htm
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral28
Sample
DISCOVER/COMPATBL/MULTSUPP/IMAGEMAN.htm
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
DISCOVER/COMPATBL/MULTSUPP/MULTMAIN.htm
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral30
Sample
DISCOVER/COMPATBL/MULTSUPP/MULTMAIN.htm
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
DISCOVER/COMPATBL/MULTSUPP/MULTMON.htm
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral32
Sample
DISCOVER/COMPATBL/MULTSUPP/MULTMON.htm
Resource
win10v2004-20240709-en
windows10-2004-x64
General
-
Target
DISCOVER/COMPATBL/MULTSUPP/IEEE1394.htm
-
Size
1KB
-
MD5
de35a2ae0aed79b4085a4e2187c20fed
-
SHA1
c39320278d8d027c4c8d8804b01898c5d12e27ff
-
SHA256
c7d86ab877fc9c4964aa4c8e864475a273906d07843c16df1ec705dc10a6a2e6
-
SHA512
320fe832fc95e9cc27a4338dd8849a6fef8410640a9d6485f567f741f3df393fdaf107fff2339153e59ec23055ac1d5dce0f65612630e3fe9d9365b05817a8c8
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2416 msedge.exe 2416 msedge.exe 3116 msedge.exe 3116 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3116 msedge.exe 3116 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe 3116 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3116 wrote to memory of 3080 3116 msedge.exe 88 PID 3116 wrote to memory of 3080 3116 msedge.exe 88 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 4752 3116 msedge.exe 89 PID 3116 wrote to memory of 2416 3116 msedge.exe 90 PID 3116 wrote to memory of 2416 3116 msedge.exe 90 PID 3116 wrote to memory of 2472 3116 msedge.exe 91 PID 3116 wrote to memory of 2472 3116 msedge.exe 91 PID 3116 wrote to memory of 2472 3116 msedge.exe 91 PID 3116 wrote to memory of 2472 3116 msedge.exe 91 PID 3116 wrote to memory of 2472 3116 msedge.exe 91 PID 3116 wrote to memory of 2472 3116 msedge.exe 91 PID 3116 wrote to memory of 2472 3116 msedge.exe 91 PID 3116 wrote to memory of 2472 3116 msedge.exe 91 PID 3116 wrote to memory of 2472 3116 msedge.exe 91 PID 3116 wrote to memory of 2472 3116 msedge.exe 91 PID 3116 wrote to memory of 2472 3116 msedge.exe 91 PID 3116 wrote to memory of 2472 3116 msedge.exe 91 PID 3116 wrote to memory of 2472 3116 msedge.exe 91 PID 3116 wrote to memory of 2472 3116 msedge.exe 91 PID 3116 wrote to memory of 2472 3116 msedge.exe 91 PID 3116 wrote to memory of 2472 3116 msedge.exe 91 PID 3116 wrote to memory of 2472 3116 msedge.exe 91 PID 3116 wrote to memory of 2472 3116 msedge.exe 91 PID 3116 wrote to memory of 2472 3116 msedge.exe 91 PID 3116 wrote to memory of 2472 3116 msedge.exe 91
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\DISCOVER\COMPATBL\MULTSUPP\IEEE1394.htm1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3116 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc178046f8,0x7ffc17804708,0x7ffc178047182⤵PID:3080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,9069635493667664398,17842955961571788075,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:22⤵PID:4752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,9069635493667664398,17842955961571788075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,9069635493667664398,17842955961571788075,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:82⤵PID:2472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9069635493667664398,17842955961571788075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:3408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9069635493667664398,17842955961571788075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵PID:3496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,9069635493667664398,17842955961571788075,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4828 /prefetch:22⤵PID:4272
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2092
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2396
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10KB
MD58c96fa3f185f19d6c7e97f87a741958e
SHA1387075c4e3d2c965e6f13d4c749c7b4ea111aed2
SHA256af9d84744f2f54f8fcd96b42bb6ffe57d773a833c8c3e098b83ab5ec770decef
SHA5128bfbf7021779fa1d4a89e1f708f867855e0482b6f1bdf8ccdea4c694a7c12abeb95dcd69fe6d3130c5ae7e8e5fa3d1403920d25b849b51df082cdc206a3fa713
-
Filesize
152B
MD5eaaad45aced1889a90a8aa4c39f92659
SHA15c0130d9e8d1a64c97924090d9a5258b8a31b83c
SHA2565e3237f26b6047f64459cd5d3a6bc3563e2642b98d75b97011c93e0a9bd26f3b
SHA5120db1c6bdb51f4e6ba5ef4dc12fc73886e599ab28f1eec5d943110bc3d856401ca31c05baa9026dd441b69f3de92307eb77d93f089ba6e2b84eea6e93982620e4
-
Filesize
152B
MD53ee50fb26a9d3f096c47ff8696c24321
SHA1a8c83e798d2a8b31fec0820560525e80dfa4fe66
SHA256d80ec29cb17280af0c7522b30a80ffa19d1e786c0b09accfe3234b967d23eb6f
SHA512479c0d2b76850aa79b58f9e0a8ba5773bd8909d915b98c2e9dc3a95c0ac18d7741b2ee571df695c0305598d89651c7aef2ff7c2fedb8b6a6aa30057ecfc872c5
-
Filesize
6KB
MD58bcf27b53c25fce957a85ca529d446a3
SHA100f82b28ac3929ad0e38286f106b7dddcd60e9d5
SHA25639990ae254abe737961fac3d6e3584719adc629268e742b5c49dcd2590388225
SHA51210d2be2f70548eb319049f2e29ec2326fe5516befa2e0f120dacb6df23dd0e78a0ba4fcc1ac3f3f253d5889e3f84f3dfff96b4c66fc3ecd9eda22ffcb93177c1
-
Filesize
5KB
MD5f9ec3d825d5c7b798ec0ffe28e08fec1
SHA12eba72673e786bee9867472c0f6f2bbf120ad37d
SHA256a9255f1ac7fd8f75c4d9021617be3bf894406748f576994ab63f76922b950846
SHA512aba617a248b1951bb9f887474985d0fdc9e62a21cffa4af5a6276de552244b143c66e2d489db62894f40990ddcb9955cfd6fff07297c4ca9ad55ee97ec231aa9