Analysis
-
max time kernel
178s -
max time network
179s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
07/08/2024, 00:54
General
-
Target
sample.html
-
Size
13KB
-
MD5
079ebefc12a8dc6e3b6a3b9e31fdb1fa
-
SHA1
3126be18e2fa99945631f2962c724961cce729c6
-
SHA256
0d0d0769916d0f432ab82894245aecca2b0ee7a638c604b11ffc123aeb54225b
-
SHA512
523e66406ab8e09db0912b2fcf9c201e313c686da7e13633a5619ea27dd2aecf0c79cde42a265d06b822b3c8b1ad9d8b381a22b2cc281389b59e4eb7b63e1b79
-
SSDEEP
384:VO/x7YIYfYOYYYiYTYVrYGYY9Y84Mk/K7OSp+y:Xq/KIy
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks SCSI registry key(s) 3 TTPs 4 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 32 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 40 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2e9046f8,0x7ffa2e904708,0x7ffa2e9047182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,16864852866574855035,12131055531966848563,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,16864852866574855035,12131055531966848563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,16864852866574855035,12131055531966848563,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16864852866574855035,12131055531966848563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16864852866574855035,12131055531966848563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16864852866574855035,12131055531966848563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,16864852866574855035,12131055531966848563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,16864852866574855035,12131055531966848563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16864852866574855035,12131055531966848563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16864852866574855035,12131055531966848563,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16864852866574855035,12131055531966848563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16864852866574855035,12131055531966848563,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16864852866574855035,12131055531966848563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16864852866574855035,12131055531966848563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16864852866574855035,12131055531966848563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16864852866574855035,12131055531966848563,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2340 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,16864852866574855035,12131055531966848563,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5644 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,16864852866574855035,12131055531966848563,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3424 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,16864852866574855035,12131055531966848563,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4956 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Desktop\S-Client-2.6-win64\S-Client.exe"C:\Users\Admin\Desktop\S-Client-2.6-win64\S-Client.exe"1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x48c 0x3e41⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f9664c896e19205022c094d725f820b6
SHA1f8f1baf648df755ba64b412d512446baf88c0184
SHA2567121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA5123fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae
-
Filesize
152B
MD5847d47008dbea51cb1732d54861ba9c9
SHA1f2099242027dccb88d6f05760b57f7c89d926c0d
SHA25610292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f
-
Filesize
216B
MD570e6aba905706d6c64adbcf944f36dd7
SHA1aed0d351fadc2bb5d2b857c0bd970ec7e0cf8fe5
SHA256508274c3f4fd29884922d4f312a481a34f9885d339881fac7db7d38fb59082a8
SHA512ec537effc38e3847bdecdc48c9c846ca70afd1212542a9cf06d6d7f5931bb51fa8c9ee2870b7e686cf94f4f93d31beeff69a513b36faa02e727a1d7ce42acc02
-
Filesize
1KB
MD5b859f2a777f8b8bd7387694e04b2626c
SHA139b0018f57178f6777e812b32a5b7eaed13392d1
SHA25646d385f976c3b3570f6dfa03962cebb8da349d295a898980732593d0be5b9d2f
SHA512ee963755756e3c5edd90c530878ff1893f5fa569928dec8a05c44c4ae19c4ae17c9550d35d557fb2cfc93d006b784715932668c5ba19a3ed65789de5d5249dc7
-
Filesize
6KB
MD50431ce522fb7bc729145819a2998f77e
SHA1f34a573c3820a34a2f2547f80b5a4a01e92c6ce5
SHA256a8b1272adbd3dbbdc5b4e69e4bee2511461721e15f7bb38279c3dbefba432d52
SHA512fe132287075e9520db7705b54c3cf7a99441faf1291a777db3341a2c755a22b38fbe69a1d025810400dab91356feb99cae8ac393c79bd353eefc0c83c60d3162
-
Filesize
6KB
MD59cff71889722e78100a0b0c8b40683a0
SHA1682b2ffa1011e46851c94d06e3fb240007687278
SHA2564f74316122e397b98ef52abdb877f8a3639a8943bed7b260f7ef48800d2d7b91
SHA5127abdfe122c1ece8bff27203559b40e6347f166306d09e38d99eac88892aa10f57ef9639a08d6676c87d21c531003b4b29f5d4717d38de8bd28b6e39ee3d7bc97
-
Filesize
6KB
MD535363bf764b44f071606acab59184e40
SHA105a6e28edc2d63c3dfb72741968d11d4ed857e7a
SHA256c2b622a74522600adee9e37392533af7ed99f2084f8059a3b3e4de59cd48e1f3
SHA512b477ba6dcb81186fc8b682687a6e00dbb898bd709b23d682678e9b8d9ca767f0ffebc1b3b62d6278d5979d2e4d41caab850eed6975c270c99d60eb508c9083ab
-
Filesize
6KB
MD58768090b49d979df4067c49b57a5b901
SHA14cc9d376d63a57f526c8fd29ce82af9bfbe51a58
SHA256ec9d15ded6382b2972f59b29ad4702c158c44d220384feb739fbed9db89de375
SHA512060f5ba3e732dc0071e18ed026fc7a3d3cfcfef4cba556d6bf127bfaed832bb0b009985d59c96f8bc71458875ca3df4738f4fdbcea9017032d5b2c8ebc698c62
-
Filesize
538B
MD5e0408933aec467b6b1035920d8dc95a4
SHA1b0d18ccf8fe101d947f9f318ce8086fc58f60a23
SHA256859e352a5ff6c08242576d2054b76c511ee78cdee564707701c6219eb9b3b8f9
SHA512f93d2e95f0c04a3a02b74dd24f2296b89b5139764333a9d76bf78cb995ab58371dd63550f59cbf343d9051e926aeaa20d280834ccb540eadd37fe64f2173b48e
-
Filesize
538B
MD5aee509feaaeb21ce37ca2872ba551e9d
SHA172d9b63d103199ace116e3807ae4f00d334be2ad
SHA256823e8d8fe40d2e8de5f74b576247a19ccc2aa1dfac66f83fc1515f5da10406fa
SHA512e9c377e900b42fcab19c6890a3d9906f098d2ba942bda5f4a193ae6ee5bf8bd16d86fe3b5814a3d98212c542b4d53342755ed01204404999a8a4c0e090f2a142
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5328555b666e15f995b8d6507b312bb20
SHA10118fca988425d9c212676a58cedb230336e7763
SHA25674df3a6b62fea71ee686ea3f86291e8323a93496460891b750ea23716580723d
SHA512f944603ae8a26f4db078f13ebc531aa5f87cc4595ad2cb21308e8f9bbd76fff66f595e07aa718162514e1a7254bbdef6f6e0d44cfb9c6c6bb9222e6f416e5c93
-
Filesize
11KB
MD515cd11b449cade71eb4730ca9ff99826
SHA15541e2f0126f057fe831061f4c6696834b78431d
SHA256aff6181b33bb64fdebc46b43b74d1dd8ea7c2871db9738a641ad3d4a8d77827a
SHA5129f6b2799d6c75a39ffdc73b19bef93203809e06e8464e570eab6ad211fe813236ca81dc4d18338bfa318f5ac7fff8c9238d0b35726c41b5b4cd40302d1dd0e04
-
Filesize
2.2MB
-
Filesize
584KB
-
Filesize
17.1MB
-
Filesize
72KB
-
Filesize
84KB
-
Filesize
1.5MB
-
Filesize
624KB
-
Filesize
152KB
-
Filesize
540KB
-
Filesize
56KB
-
Filesize
84KB
-
Filesize
160KB
-
Filesize
668KB
-
Filesize
3.8MB
-
Filesize
312KB
-
Filesize
704KB
-
Filesize
2.2MB