Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
27-08-2024 02:57
Static task
static1
Behavioral task
behavioral1
Sample
45ac56037dc160853370f384ed8cb8a418d3f25cdb892842173b5ab3770cf104.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
45ac56037dc160853370f384ed8cb8a418d3f25cdb892842173b5ab3770cf104.html
Resource
win10v2004-20240802-en
General
-
Target
45ac56037dc160853370f384ed8cb8a418d3f25cdb892842173b5ab3770cf104.html
-
Size
126KB
-
MD5
c43b9078c4db5b71ccbdcb13aa95257e
-
SHA1
b617eecedd6c72bf430c86f8ba2de3b5e1722bf4
-
SHA256
45ac56037dc160853370f384ed8cb8a418d3f25cdb892842173b5ab3770cf104
-
SHA512
5768a80b7c51b1928e29b86eb17fd04b3de2cb2b1cbc83556b31cc75b1749cf7cb6bbb33dacaa0a9199e56ddca9b0a3c27eb6cc4300fd1b53f42b5fea06d9e5a
-
SSDEEP
3072:w4q03yAmIEewP5Hl1ob+f9tgi4Dat8aNqRPpca4wh0PQkjvmtrB:wI3y7fP1ob+f9tgi4Dat8aNqRPpcaNiy
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exemsedge.exepid process 2372 msedge.exe 2372 msedge.exe 3144 msedge.exe 3144 msedge.exe 4648 msedge.exe 4648 msedge.exe 4648 msedge.exe 4648 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
Processes:
msedge.exepid process 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3144 wrote to memory of 2200 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 2200 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1208 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 2372 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 2372 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 4836 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 4836 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 4836 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 4836 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 4836 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 4836 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 4836 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 4836 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 4836 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 4836 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 4836 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 4836 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 4836 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 4836 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 4836 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 4836 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 4836 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 4836 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 4836 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 4836 3144 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\45ac56037dc160853370f384ed8cb8a418d3f25cdb892842173b5ab3770cf104.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3144 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc0da46f8,0x7ffcc0da4708,0x7ffcc0da47182⤵PID:2200
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,11769798551178899950,8066691148080572498,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:22⤵PID:1208
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,11769798551178899950,8066691148080572498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2372 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,11769798551178899950,8066691148080572498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:82⤵PID:4836
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11769798551178899950,8066691148080572498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:716
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11769798551178899950,8066691148080572498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:3196
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11769798551178899950,8066691148080572498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:12⤵PID:4048
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11769798551178899950,8066691148080572498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:12⤵PID:1284
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,11769798551178899950,8066691148080572498,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5648 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4648
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4484
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1596
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ecf7ca53c80b5245e35839009d12f866
SHA1a7af77cf31d410708ebd35a232a80bddfb0615bb
SHA256882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687
SHA512706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696
-
Filesize
152B
MD54dd2754d1bea40445984d65abee82b21
SHA14b6a5658bae9a784a370a115fbb4a12e92bd3390
SHA256183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d
SHA51292d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize216B
MD54118b66d8182984edc1a4fb2ea6fe76e
SHA1576bcc6ffbf436911027ef73041902604ba659d3
SHA25616cb06c9e9a3e339d7c37b8144e0fbd8705b33d8525d8598cacfc0932e95cd62
SHA51213990ca49718e61162d57184c80314ee9743b42ce4f052fb630e6c95cfb5842fc8e6a308824ffd346145e4f17e660e3f95e50495d0cf02d1a968e3df89edb603
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2KB
MD54bf05a563f046daeae46f74486a01136
SHA16988b4599713e389f0941899111d9a90a0135807
SHA2566ceac506adf8e77e5b69d679e338b6fcd276d894eb8236bdc8cb7e29b6f3fcba
SHA512dc140f1f79438523b88972c1e765955bdd2bc71fb10986f18162e642ff884024aeebb5c53f83313ae6e20a89dd602836029803a57fe3443b3151547468bacaf9
-
Filesize
5KB
MD55939cd8d761cc8c357d13f33796f53f8
SHA163e4637b3893e3de5115c61ad0cec7378626d965
SHA256e2be996c0cdf3c23a870960dbeda65826fa824adf8c3179e8294108d7505f009
SHA512f6a33d19e38e8e35c97ba6b1989cd74c24cb669c718f3a8926b45344969970ad67b160bd7ce057c4b215fd712e5e68bc83c46d8fddb5a7c7ce98261ea8e74718
-
Filesize
6KB
MD5af186c04a7bf16c40e088db047f972a4
SHA1af63cd666f673bff0d96be46a2911aa5920bed39
SHA256cbd7457b17fe385e9f36236b0607096c0f174e4e7fb7b24a8dab6083fe766df6
SHA5128781fa2c30f07a5e8c1feec00f1e25c8ce29b897d9000edde975b209e5f5c333df6ccb80a44a6461d6698fd7cffa61c4aaf5c2395c122a22bc8451956ab81b43
-
Filesize
875B
MD58ba3e5f3accd760b43065b8abf647d05
SHA19022bda38c844d10b99b9f85791b6ff50ee3111b
SHA2563d02a96ec7d9111c9ec89702697b6744b1bc68708267dfaaa6f1eb3ec0673211
SHA5120c4863856361020981b1e20ad2f96186455e7cd694f4aff4059e77e9cabba5675616da2625916b12437e6a3b5fae1ce5c2c67b28e0cbd47c9d06e6d22f400c6c
-
Filesize
1KB
MD522c2ac9fec890546ee25b012bb42615b
SHA1339efd2d5d69a02c88f678ef7b8febeeb3f6293b
SHA256a19e350259290d2d0c9defa693da71624f5bc0f009c5b98e2bebb0fab437589a
SHA5121257fe043fe848d6079f42b9061050a3f5fd5eee45c06fb7b40ac91d69a57df9a1bf6bdc32bc67aaf47d4b69f06b78bd30f46f2889894dcec3fded0560ebb42c
-
Filesize
875B
MD5afd05e10298d909ad415d578d7f427c6
SHA173a1ebbc8719600022b4433ff0fcac716d837782
SHA256d902d08a7b3b2ed48c75f03f8c67a95628f4d4985310c9b8356befeb12ce7c9c
SHA512257bbe990004f45b87146b27608d06e44e515f0641cbf0b623b4200c26cc83efbf42f5d3c9a53e06c2a1258081be890fa4342cb21e875f63cfa3bdaf674de798
-
Filesize
10KB
MD5a657b17ccb2d72b67b6f309f85f8efd7
SHA1ceaec453e05b5a99412da26c733374d2200ed497
SHA256e1b89eae6df888253f0014a7629c1693689ce19e5ec681e25bbc6d0d12109b63
SHA512a477fd4ef96b99a8ed909e476bb24606dce4e15f27f01ea513cfa648b15f431cad45895f89a8f59b7ad626e4da865b6aa51169920d5c601e4eb63a7e5e8796b6
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e