Overview

overview

6

Static

static

1

Inv-219538.html

windows7-x64

6

Inv-219538.html

windows10-2004-x64

6

Analysis

  • max time kernel
    145s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-08-2024 19:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Inv-219538.html

  • Size

    1KB

  • MD5

    d2c58680078d63f3e37c529ab6a25e14

  • SHA1

    dd281da25eaac82c264a18b07aca1a431f3cafa8

  • SHA256

    469bee8515910670d8fc028bf9cc575036f000bf5d49a90e0245c1bebcaebd53

  • SHA512

    ead1dda7469a4a0faa6abfcf73d4ef2ba2a79b2222f258b1c0676d948c873e3c3516f4da834a3b138ffc516b73e4d61e0e7b7ec1e8eef9b61997cd64a3012575

Score
6/10
microsoftdiscoveryphishing

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Detected potential entity reuse from brand microsoft.
    phishingmicrosoft
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Inv-219538.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3048
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccafa46f8,0x7ffccafa4708,0x7ffccafa4718
      2⤵
        PID:4760
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,1761281058186962058,3993054126710729166,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
        2⤵
          PID:372
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,1761281058186962058,3993054126710729166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3528
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,1761281058186962058,3993054126710729166,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
          2⤵
            PID:3156
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,1761281058186962058,3993054126710729166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
            2⤵
              PID:1104
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,1761281058186962058,3993054126710729166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
              2⤵
                PID:1268
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,1761281058186962058,3993054126710729166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
                2⤵
                  PID:2012
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,1761281058186962058,3993054126710729166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
                  2⤵
                    PID:5064
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,1761281058186962058,3993054126710729166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2276 /prefetch:1
                    2⤵
                      PID:4912
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,1761281058186962058,3993054126710729166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
                      2⤵
                        PID:1920
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,1761281058186962058,3993054126710729166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
                        2⤵
                          PID:2256
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,1761281058186962058,3993054126710729166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3404
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,1761281058186962058,3993054126710729166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
                          2⤵
                            PID:4304
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,1761281058186962058,3993054126710729166,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
                            2⤵
                              PID:3508
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,1761281058186962058,3993054126710729166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
                              2⤵
                                PID:708
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,1761281058186962058,3993054126710729166,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
                                2⤵
                                  PID:1936
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,1761281058186962058,3993054126710729166,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1864 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4196
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:3648
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:4820

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    d7114a6cd851f9bf56cf771c37d664a2

                                    SHA1

                                    769c5d04fd83e583f15ab1ef659de8f883ecab8a

                                    SHA256

                                    d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

                                    SHA512

                                    33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    719923124ee00fb57378e0ebcbe894f7

                                    SHA1

                                    cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

                                    SHA256

                                    aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

                                    SHA512

                                    a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    264B

                                    MD5

                                    ebffa042d091a1bc62de16b5c538a6df

                                    SHA1

                                    81246a834b49d964776095cbafe3c4fc033250c0

                                    SHA256

                                    79dd9b2440ba6fc3eaee2760dc521a31b1495d55677c9fd4feb8ecdc5eb6ca51

                                    SHA512

                                    83e4a23ef6a21bee506378788e659eaee250cebce8f3f1c3997f560c5a723364c004e713ee7314681b7d7a90f54f62c77c195055c153c099d42ac2409f3248e2

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    144B

                                    MD5

                                    0bb53063bbc01ef93feb13664268706b

                                    SHA1

                                    f63a6f6a01c78c6b8c181aae5e2ad886776be4fc

                                    SHA256

                                    b517f4de55589cddd64d9a6bdee9855db2f1460e8ec6a1b0d9ce6b9179c37031

                                    SHA512

                                    8cf85c011afb27072c9fa0c6e3314f4e29f497dd2d400d7882de195b25c05fc14a987085c1a5bb3013ecf6321114eb6c57fc4b6a963f729f1e7a2e6b9511aa85

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    849B

                                    MD5

                                    aa0206dcbb38d831c7a6a6875ab6ce6b

                                    SHA1

                                    ea7c4499d8325ac83cbd6d46fc91aad80a9c3fbf

                                    SHA256

                                    ed44c687644db0ba36e35a4832eaa790a750714dec26577522c299f92a5eb137

                                    SHA512

                                    7b9b134a87619a9f1423f5ceab6f162bfff46ea7297e45a3cabc4705d7659593cbc2df3f482aa0c7c2bec22e8a9ce17ae481969e9b31838b0da92278c351d8c4

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    1KB

                                    MD5

                                    813cd763079dc44f08b79423917538bf

                                    SHA1

                                    6c4d17eb65496ae96fca2865e4d98a1ecf918b66

                                    SHA256

                                    42df7d47b1b96da33a98fdc311f55aa8c607235550ff7c5e8dee3fd6fac03b90

                                    SHA512

                                    4cd4bcbc076bca88985869a158421fd10633682e66ba885279ca2202fabc789cc4e62cfb606f79b8aeed9f107063cd9f6f7121be196d10eeccb6f0cffa3eef24

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    ff0bc0d31ee721c0a5033f7ebe91bddd

                                    SHA1

                                    dfefd33ea2a353457c9a4392fff95035d2043c0a

                                    SHA256

                                    7ca409bc8962b9886f6f8dfbcd62156727896b063141677846b029d20db492f4

                                    SHA512

                                    bf822f3db1905179c5b5f30459528fc2429735fb9c132f338459031e015e5670dba11fdc3e45ef8902272e7aeb78b8484969c9c95a801813c4947b551a8430bd

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    e8f47f38b2bc79587c4570ee0eeecd3f

                                    SHA1

                                    b85e8f3809080675394679ec252272e16c11fbec

                                    SHA256

                                    431cb881f8bb72268210b8b17cd340e5e5b909a60df8fc5b16274e90ebc95bd5

                                    SHA512

                                    f965348e83f826009fe3cfdc12f8504b1ef95eaf5eb1c2e8a8f9796cf959672876dacd3f786778f85acc514f1f86f3aa2d9aaa3c9d7d383163b55d00979d9ea1

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                    Filesize

                                    874B

                                    MD5

                                    61233a737264320a162285bfb3bc194e

                                    SHA1

                                    1aa2c2b4213aa5fcbba35c313c1a2a31a10ec8c4

                                    SHA256

                                    5119722ee138d66bbfd28ee7ffd58175d08eead22596fb11a483fd0a71f55f64

                                    SHA512

                                    335c8ec0e92cf90d8ceb74f70c1957964e808dbf6a06c850040e26c316ab2cd230eeb1aa5eb7dde8c9c25925855e4fd685589bbb8a86503bcd2bb8ae4536f233

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d472.TMP
                                    Filesize

                                    372B

                                    MD5

                                    2bafa20085569cb4c9a8aecedabef3ed

                                    SHA1

                                    0010d2f184ea29cdf8b84f8c47539321d975db18

                                    SHA256

                                    8b3996ef11ebeadb0282c6fe5ab0e903cd36584b1691a6c06126806efb602edb

                                    SHA512

                                    8c40cb3556768f847459a3cd3ee122116602c6e86fb6737ae1ed644e4158c4847fbcbb4154dc2f8f4d6851dfd7ae467b9b5eb1d513d652e07c74155c043e7102

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    11KB

                                    MD5

                                    fc6173654f87e63f3642d7ef243b84ba

                                    SHA1

                                    090ab474c12da2ae00362bb591f14447b0dbdc63

                                    SHA256

                                    25fa7a9419bba5f49906fb178b60e2bae739b0abe3fc62de55971e7b6b71bc3d

                                    SHA512

                                    c2a17562e4bf29f67ac03e653bf377fa16bdeef7cd3d0c37795835ec12df37bc1a83a545dc450c20df59b8885e866859acf15c72d50ab859963e8621263ddd02

                                    Download Submit