36a07d4de348152a504ee6ea07156c8c1d5251b1df8ed7dfac2158dbe2093472

Analysis

max time kernel
146s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
18/08/2024, 12:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1274623507531300978.html
Size

4KB
MD5

5d2a1dd08f13f0590a34849fe55a0584
SHA1

1d078f3a31e6c40ee3adacb40f25ac33347fe19f
SHA256

36a07d4de348152a504ee6ea07156c8c1d5251b1df8ed7dfac2158dbe2093472
SHA512

434e6e8074e8942b67b7dd6dc576204607b75eb589af4f7ee7b2a606fb0a7db0c5e3ba06316f373166468bd1d7f5e4799bb5b88e088dc3ed1f6a38cdc001638e
SSDEEP

96:yUpHZOfRr8LK6e5hNvtdLXe5GaZfIKinx/IJ:ycH2Rr8Alu396nx/0

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3864	msedge.exe
3864	msedge.exe
4920	msedge.exe
4920	msedge.exe
1940	identity_helper.exe
1940	identity_helper.exe
396	msedge.exe
396	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4920 wrote to memory of 5112	4920	msedge.exe	81
PID 4920 wrote to memory of 5112	4920	msedge.exe	81
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 2560	4920	msedge.exe	82
PID 4920 wrote to memory of 3864	4920	msedge.exe	83
PID 4920 wrote to memory of 3864	4920	msedge.exe	83
PID 4920 wrote to memory of 2820	4920	msedge.exe	84
PID 4920 wrote to memory of 2820	4920	msedge.exe	84
PID 4920 wrote to memory of 2820	4920	msedge.exe	84
PID 4920 wrote to memory of 2820	4920	msedge.exe	84
PID 4920 wrote to memory of 2820	4920	msedge.exe	84
PID 4920 wrote to memory of 2820	4920	msedge.exe	84
PID 4920 wrote to memory of 2820	4920	msedge.exe	84
PID 4920 wrote to memory of 2820	4920	msedge.exe	84
PID 4920 wrote to memory of 2820	4920	msedge.exe	84
PID 4920 wrote to memory of 2820	4920	msedge.exe	84
PID 4920 wrote to memory of 2820	4920	msedge.exe	84
PID 4920 wrote to memory of 2820	4920	msedge.exe	84
PID 4920 wrote to memory of 2820	4920	msedge.exe	84
PID 4920 wrote to memory of 2820	4920	msedge.exe	84
PID 4920 wrote to memory of 2820	4920	msedge.exe	84
PID 4920 wrote to memory of 2820	4920	msedge.exe	84
PID 4920 wrote to memory of 2820	4920	msedge.exe	84
PID 4920 wrote to memory of 2820	4920	msedge.exe	84
PID 4920 wrote to memory of 2820	4920	msedge.exe	84
PID 4920 wrote to memory of 2820	4920	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1274623507531300978.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff997143cb8,0x7ff997143cc8,0x7ff997143cd8
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,14391722981596220919,7771810946278049452,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1848 /prefetch:2
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1832,14391722981596220919,7771810946278049452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1832,14391722981596220919,7771810946278049452,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,14391722981596220919,7771810946278049452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,14391722981596220919,7771810946278049452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,14391722981596220919,7771810946278049452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,14391722981596220919,7771810946278049452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,14391722981596220919,7771810946278049452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,14391722981596220919,7771810946278049452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1832,14391722981596220919,7771810946278049452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1832,14391722981596220919,7771810946278049452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3836

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c3889d3f0d2246f800c495aec7c3f7c

SHA1
dd38e6bf74617bfcf9d6cceff2f746a094114220

SHA256
0a4781bca132edf11500537cbf95ff840c2b6fd33cd94809ca9929f00044bea4

SHA512
2d6cb23e2977c0890f69751a96daeb71e0f12089625f32b34b032615435408f21047b90c19de09f83ef99957681440fdc0c985e079bb196371881b5fdca68a37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c4a10f6df4922438ca68ada540730100

SHA1
4c7bfbe3e2358a28bf5b024c4be485fa6773629e

SHA256
f286c908fea67163f02532503b5555a939f894c6f2e683d80679b7e5726a7c02

SHA512
b4d407341989e0bbbe0cdd64f7757bea17f0141a89104301dd7ffe45e7511d3ea27c53306381a29c24df68bdb9677eb8c07d4d88874d86aba41bb6f0ce7a942c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d14d323d4f2b528fe8e43f43e1383112

SHA1
4cd3933f261f525e261d66648957b6e6bd5f8648

SHA256
988a997ba34f870b7d13888993818a4a92fcce80d1a7765f9e544dd6f8a6edb2

SHA512
999126afca8360629e63182e6a861027abb5df4b52d755cea2192a76c5255d3f40460283eab0fdb9202e1aa9b7ee602dade28af965f1fd7a52f78563200fa284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f493024c1f2f542623f699047001cb74

SHA1
b075092113d805bc384ff321de428bda8e70b824

SHA256
6f6b7fdf506e3cb12a953b4a38c56455e6165909392a02feb6e5eb4023604209

SHA512
9bde5515d2d9c5b210c12f1ed6bdb63a111a0bf6c9b59fe4855f61a860382d92b025dfd2e3f2a0371ce40af0e21d165b4f95edbc372c5ebe3bbaa9752c9b029c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ff9a49cb92e7ac86af5eafb78ceba118

SHA1
34fca687a82a58353fcdebf1ed90e6d4b4252ff7

SHA256
60a1ec2e2f67d3615c93e48f457b816b5074281cbe92b5f94ee6d326d9e8d9ae

SHA512
ae648cd879f6b56bfd1e689538e7e5206f870e2c80fdd2cae2a9834231256fd9f272ae442830b58b35c4a7fb63eb5da88f172301010a2a452639ebddf3a753f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c102722b823d6299cd8942f8e1fde24e

SHA1
b1e6d5b7a4d81ca4d04d5e5daf6cc0fbf1ff5ac7

SHA256
c50f7f572ed119d300562cb378e3f29b6a3b6f4862cc5a3180dab0af82328732

SHA512
a2edb599a02ddba19f7515fd28604dcef90111a2c78519ee3f4d26402a7278ef8d1b8513e14576345e5a27b48e47c87ed3ab7c5a7c7c2e472a7a08f6cda89241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
59854523bc1711805471fa7508955999

SHA1
16e6e5a9d07631b2ead0193ebdf36c3da146e10b

SHA256
413a708454cd3ddd86ba9397dc214ba5319b9bf03595f4d1e87c9bf2b1dfc194

SHA512
b386685815134daac59423c531ff2c6c48372570afef98b03148b90723d7ecea535f6e067959a131b7d38d6f0b3f38635834adf38c31db34001d790edaaac5e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit