205594b97fa29c2c5bdc6d12097bcba301b09b886ee27f3c957c9e0e1e736e3d

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 14:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

23KB
MD5

2386c7e00ecab2d3a015462819b64a76
SHA1

5b30502c6ef73278426ff40a77c703b1b0ce4205
SHA256

205594b97fa29c2c5bdc6d12097bcba301b09b886ee27f3c957c9e0e1e736e3d
SHA512

b9bea2e5f929a8dbf70173b4725a3a23619218e80aba177579554a30990e291b531aedb8c4f296de41a8a5b81e19b72e683508ccc20082d255290e7f6259d679
SSDEEP

384:ThioMOIjPk6i7aztnkQaPOOdLobYLliak4Tp9/Z+a2xtvWesGHuvq+nKIYXbx0MX:4DO0Pk6MwtnkXOORldkup9/52xJW5G3b

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4200	msedge.exe
4200	msedge.exe
936	msedge.exe
936	msedge.exe
3088	identity_helper.exe
3088	identity_helper.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 936 wrote to memory of 972	936	msedge.exe	84
PID 936 wrote to memory of 972	936	msedge.exe	84
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 3256	936	msedge.exe	85
PID 936 wrote to memory of 4200	936	msedge.exe	86
PID 936 wrote to memory of 4200	936	msedge.exe	86
PID 936 wrote to memory of 1068	936	msedge.exe	87
PID 936 wrote to memory of 1068	936	msedge.exe	87
PID 936 wrote to memory of 1068	936	msedge.exe	87
PID 936 wrote to memory of 1068	936	msedge.exe	87
PID 936 wrote to memory of 1068	936	msedge.exe	87
PID 936 wrote to memory of 1068	936	msedge.exe	87
PID 936 wrote to memory of 1068	936	msedge.exe	87
PID 936 wrote to memory of 1068	936	msedge.exe	87
PID 936 wrote to memory of 1068	936	msedge.exe	87
PID 936 wrote to memory of 1068	936	msedge.exe	87
PID 936 wrote to memory of 1068	936	msedge.exe	87
PID 936 wrote to memory of 1068	936	msedge.exe	87
PID 936 wrote to memory of 1068	936	msedge.exe	87
PID 936 wrote to memory of 1068	936	msedge.exe	87
PID 936 wrote to memory of 1068	936	msedge.exe	87
PID 936 wrote to memory of 1068	936	msedge.exe	87
PID 936 wrote to memory of 1068	936	msedge.exe	87
PID 936 wrote to memory of 1068	936	msedge.exe	87
PID 936 wrote to memory of 1068	936	msedge.exe	87
PID 936 wrote to memory of 1068	936	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92bae46f8,0x7ff92bae4708,0x7ff92bae4718
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,11330456009480813166,3162025202913296563,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,11330456009480813166,3162025202913296563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,11330456009480813166,3162025202913296563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11330456009480813166,3162025202913296563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11330456009480813166,3162025202913296563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,11330456009480813166,3162025202913296563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,11330456009480813166,3162025202913296563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11330456009480813166,3162025202913296563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11330456009480813166,3162025202913296563,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11330456009480813166,3162025202913296563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11330456009480813166,3162025202913296563,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,11330456009480813166,3162025202913296563,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5836 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8edf5aee848362b3fa4c7102382947c3

SHA1
0ca71672592fef3c37dbf92a155d747c927b433f

SHA256
16594552785f10884854bf38d179c9c3d26d023a089180bfe5a3ceb03c395e6d

SHA512
a8863cfcea01c05938edd34690db467f0d429f0598528f23392ca7e7233a9b2fe2eaf7b886ac965e22e8c63ee79af84654e5b2f7e94033e5f54622f7b9584893

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
78d53c4ecb4f237a195804abc28ebb1e

SHA1
5b036abe11431d0c164cc5427aa7eaaa2d8d1580

SHA256
b1ead24150c5c17d1e8cdfaa64b4395cb1b0872c6f4bb25eb8e024ba0e39c847

SHA512
90c1e12b736dc1a644262a44141f4bd7eb5fe935249978d1ff083e39017652ab847107add5b5fbeec6318db181cd22a728938fba7c384c8023ed8e3c03e61496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0a194694dc6c393f090d27b8eb8577ff

SHA1
60215619ea2955ee0b87f08d846bc06fe1bf7a2f

SHA256
48afd27ba7037bc514d8955d72ce36678bd006914265912a72ce0f364c565b99

SHA512
ce6d105409a0f98404c2d247a662c9be3fdb708e8885101fc6bcd0a3702e8747bdf361de2a26e33eb4cdee106d245f226c53e881f9c884c0f01ea785fa0a7a25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a69daa6ff0b693477e55b1d1a0ee335b

SHA1
8bc96935049d6025b83a44558c4baa1b5649eb9b

SHA256
49c9523a6f5f5d9071ed8801a6d0ba442faed3ea97ba6f7b85a924da55d2a01a

SHA512
9b4a92445fe5acb1f134a65ce1953a9d64a12235ef02f9ae6f099cd42f3acc8975dc3207be64dcb6be8e6d216b615b672412c01953b937277d49c8c71ae5dd39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
60c39495e16ab8788de4e03aaa2c3a3a

SHA1
260c403d7d31a1f697f4c3b2663d95ae15dd4ea3

SHA256
b61310b76cef6b324eeffdfa8c73341bce3a66cd73a428a4a3147a683501f836

SHA512
dd69a591a49dbc7489a844c5c8080a3e31ac71e8d771c37c2a30915040cca0819b5a96e725284e0e2bdc847e824afaba4594fda4049d7424e1ceb12800fdc0ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9edf314a36673ac361423cd0bba845e8

SHA1
8b794f4438833a13efd16dfee83f010849586862

SHA256
1dfaf097f0ec70d9d2799c102c9007c143044c9a6eacd73299367c85ab596890

SHA512
8afa01ff4135e49950b201e30a13a0544dc92e14b611d0a30cd1c632058ea62ad2a9fd25b1d2a48dcbb33541854bc68994ef7b1971c1a62562193f6000bd3858

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
470f932ba6654928bda790504676f5b3

SHA1
03a2afd27f126d3c7dc59b013a9ef5764b0d0e9e

SHA256
5012399ddc3570a47990cb2d0f5f550512875ef4f9bb4e549ac03dca960cb994

SHA512
8dc0aa716b75d18f8d05c61496fd4050a334f82e62ea8d045b84e370066df751888b9f222f99dfdef769b91d9a70785c965ba32825acddb53187670da1f9b92b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f721.TMP

Filesize
1KB

MD5
3ef12f8c0ba68ca7b0de1789da7cde84

SHA1
7e91e50b87c058f9d3aa9b70f5c53b3169e0c7c4

SHA256
7e968b8c1dbe2da5fa8a6e4dff2b955f5d4ee4883fa9e094a0a6be634e49f91a

SHA512
3440aa84fa93a88d2718322f0a83f51fa25cc44c8cc4620723ae258fdbfb5056f3c4eb23210a29f1d2088981aaaf65175cf672bcb1f0537837432aa803023430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
05e0ee3c2d1fe5071e34c86ae1a324c2

SHA1
0f446a14be9ca164e370321cce2ab62b9d31b569

SHA256
b7b7a2dfacfaeae0e61381a1584bdb67e6bbd5507f878631d19933e96225c042

SHA512
a5eddb8a80bdda122e0ee0651cdaac579df4b630c4393808d9a4bab27caaf5722642eecbd234ff1b6b4b034af9001d1267c699b251aec16072724ae702e4818d

Download Submit