59c5aed2fca338c35334a313048a44ae76c4e54a19f5125e0ef30a57a8a96d1c

Analysis

max time kernel
41s
max time network
40s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
23-08-2024 12:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HjrM87.html
Size

536B
MD5

a6584626045178c2893d76d5532f29c1
SHA1

ae365c181352d5f4236fa9753f7c33e30a50ff68
SHA256

59c5aed2fca338c35334a313048a44ae76c4e54a19f5125e0ef30a57a8a96d1c
SHA512

8f302a82de033c27ee773b35a0cc189b86dd2b2f060a801ec8dcda0e59a3a93cf73cf37961aa88e3a3511f05db27344ac7b5d45125181cfef17419a98c40753e

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4960	msedge.exe
4960	msedge.exe
2236	msedge.exe
2236	msedge.exe
3452	identity_helper.exe
3452	identity_helper.exe
1520	msedge.exe
1520	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 4136	2236	msedge.exe	80
PID 2236 wrote to memory of 4136	2236	msedge.exe	80
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 1840	2236	msedge.exe	83
PID 2236 wrote to memory of 4960	2236	msedge.exe	84
PID 2236 wrote to memory of 4960	2236	msedge.exe	84
PID 2236 wrote to memory of 1088	2236	msedge.exe	85
PID 2236 wrote to memory of 1088	2236	msedge.exe	85
PID 2236 wrote to memory of 1088	2236	msedge.exe	85
PID 2236 wrote to memory of 1088	2236	msedge.exe	85
PID 2236 wrote to memory of 1088	2236	msedge.exe	85
PID 2236 wrote to memory of 1088	2236	msedge.exe	85
PID 2236 wrote to memory of 1088	2236	msedge.exe	85
PID 2236 wrote to memory of 1088	2236	msedge.exe	85
PID 2236 wrote to memory of 1088	2236	msedge.exe	85
PID 2236 wrote to memory of 1088	2236	msedge.exe	85
PID 2236 wrote to memory of 1088	2236	msedge.exe	85
PID 2236 wrote to memory of 1088	2236	msedge.exe	85
PID 2236 wrote to memory of 1088	2236	msedge.exe	85
PID 2236 wrote to memory of 1088	2236	msedge.exe	85
PID 2236 wrote to memory of 1088	2236	msedge.exe	85
PID 2236 wrote to memory of 1088	2236	msedge.exe	85
PID 2236 wrote to memory of 1088	2236	msedge.exe	85
PID 2236 wrote to memory of 1088	2236	msedge.exe	85
PID 2236 wrote to memory of 1088	2236	msedge.exe	85
PID 2236 wrote to memory of 1088	2236	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\HjrM87.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa985c3cb8,0x7ffa985c3cc8,0x7ffa985c3cd8
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,3085237808994211637,15791111209904001959,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,3085237808994211637,15791111209904001959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,3085237808994211637,15791111209904001959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3085237808994211637,15791111209904001959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3085237808994211637,15791111209904001959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,3085237808994211637,15791111209904001959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3085237808994211637,15791111209904001959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3085237808994211637,15791111209904001959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3085237808994211637,15791111209904001959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,3085237808994211637,15791111209904001959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3085237808994211637,15791111209904001959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3085237808994211637,15791111209904001959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3085237808994211637,15791111209904001959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2328

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0487ced0fdfd8d7a8e717211fcd7d709

SHA1
598605311b8ef24b0a2ba2ccfedeecabe7fec901

SHA256
76693c580fd4aadce2419a1b80795bb4ff78d70c1fd4330e777e04159023f571

SHA512
16e1c6e9373b6d5155310f64bb71979601852f18ee3081385c17ffb943ab078ce27cd665fb8d6f3bcc6b98c8325b33403571449fad044e22aa50a3bf52366993

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5578283903c07cc737a43625e2cbb093

SHA1
f438ad2bef7125e928fcde43082a20457f5df159

SHA256
7268c7d8375d50096fd5f773a0685ac724c6c2aece7dc273c7eb96b28e2935b2

SHA512
3b29531c0bcc70bfc0b1af147fe64ce0a7c4d3cbadd2dbc58d8937a8291daae320206deb0eb2046c3ffad27e01af5aceca4708539389da102bff4680afaa1601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
967b1f77b82ad0ba6b1fcf696c29e735

SHA1
cec533ab53d7428c232b331e5e0d90077ddeb9d8

SHA256
37e818a761e3d91d22a8f46d67f90664af4341677550d53b6c943df3aa495036

SHA512
2c0a9c7706085341b10a8b7b8b8b61f65dc6a7a5933bd7e38374e68cf40b2d82d1342bbff4f82ae7b55e4a4dde37032723d7ae067536c8b63742c9b19d62f6a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ff0c2655d9605c010cf367e50d4b4be9

SHA1
6d16f15b31ab22e4cf31a963053868f2e81c74c2

SHA256
21bad220e044af39739066af15d33393a9534f3b252e2ca61d5d3e7380dfa522

SHA512
3005176b31fa1d4f8d0b67d4ebad70845b28ebb0f9d02345b9cfb38a6a0c568319da998a5019696c31e0494e0c5b092b6e04b0ee4d004807347c4999fba7e2b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8af0a7e091509639a4b2c168e09fb2b6

SHA1
0dd347b3657fcfb9a025c1c1ca3bc1405b3534fb

SHA256
1fee46140111e1d3b7db9f8cabd814e3ceb4a66199fcf380ddeffee0086d53c4

SHA512
62a66ea3b84040a2ab188b4480680f2227de3dc8b11ddd3347aac3dbce78b421cae2c85685aa497a07860fe9b3a5828d177ff872e096fe06de80609a7403fa0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ef30c172d3bfee34bc78e187e1631371

SHA1
588c7bb6d1833d8a7530c589a6067392a8100053

SHA256
f3588cab165042ab9ea9b96486b2691cd57895573a3d1af95c089358abd877e1

SHA512
34cec09aa668bef3ba2f2f28f545c12f02686616e076347d3700a9d1a8d4afc7374dc632f2d62b9b35c841c588a0d268f36f66b2f007df8102a2c9fe3c8471d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
37087f07b6e4d24fbc0a3d63413e2ecc

SHA1
d65e01dda5aa3982e3cdd7cf7f4f7e7bcba2d40e

SHA256
b9ba6065d7fcadda263e70a7f0f8992c43f9c37091ec69b176b36db4e9cb811f

SHA512
102313c70acdc34fcc4cb904f969a72ded9e963e8f4b24a6ba814f737aad240908e29a243e8b6926233febda7202624769ef3fcfa206a88dbb2791c6dd857f2c

Download Submit