Analysis
-
max time kernel
100s -
max time network
101s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
05/09/2024, 03:54
Static task
static1
Behavioral task
behavioral1
Sample
f9662f6d1d098a0319afa2e9974f7660N.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f9662f6d1d098a0319afa2e9974f7660N.html
Resource
win10v2004-20240802-en
General
-
Target
f9662f6d1d098a0319afa2e9974f7660N.html
-
Size
3KB
-
MD5
f9662f6d1d098a0319afa2e9974f7660
-
SHA1
a3d9a5be10f59cc927531c5a76589194cb747534
-
SHA256
225c667df38ba5dab0035f3837c8150d8e71489316d17fe1c5107981b25fa970
-
SHA512
2e076f2640ffb85812dcc5c57a3cf573ad3649e9f1f360df93b2212d19ccc1c97b1cde1e5c4bd8caece8eb522f645c0015a17c669bc57cae223f6dfe1fe17cea
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4780 msedge.exe 4780 msedge.exe 4928 msedge.exe 4928 msedge.exe 3500 identity_helper.exe 3500 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe 4928 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4928 wrote to memory of 4644 4928 msedge.exe 83 PID 4928 wrote to memory of 4644 4928 msedge.exe 83 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 3280 4928 msedge.exe 84 PID 4928 wrote to memory of 4780 4928 msedge.exe 85 PID 4928 wrote to memory of 4780 4928 msedge.exe 85 PID 4928 wrote to memory of 3840 4928 msedge.exe 86 PID 4928 wrote to memory of 3840 4928 msedge.exe 86 PID 4928 wrote to memory of 3840 4928 msedge.exe 86 PID 4928 wrote to memory of 3840 4928 msedge.exe 86 PID 4928 wrote to memory of 3840 4928 msedge.exe 86 PID 4928 wrote to memory of 3840 4928 msedge.exe 86 PID 4928 wrote to memory of 3840 4928 msedge.exe 86 PID 4928 wrote to memory of 3840 4928 msedge.exe 86 PID 4928 wrote to memory of 3840 4928 msedge.exe 86 PID 4928 wrote to memory of 3840 4928 msedge.exe 86 PID 4928 wrote to memory of 3840 4928 msedge.exe 86 PID 4928 wrote to memory of 3840 4928 msedge.exe 86 PID 4928 wrote to memory of 3840 4928 msedge.exe 86 PID 4928 wrote to memory of 3840 4928 msedge.exe 86 PID 4928 wrote to memory of 3840 4928 msedge.exe 86 PID 4928 wrote to memory of 3840 4928 msedge.exe 86 PID 4928 wrote to memory of 3840 4928 msedge.exe 86 PID 4928 wrote to memory of 3840 4928 msedge.exe 86 PID 4928 wrote to memory of 3840 4928 msedge.exe 86 PID 4928 wrote to memory of 3840 4928 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f9662f6d1d098a0319afa2e9974f7660N.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4928 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9542046f8,0x7ff954204708,0x7ff9542047182⤵PID:4644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,13538307418271935717,15196889746573219954,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:22⤵PID:3280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,13538307418271935717,15196889746573219954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,13538307418271935717,15196889746573219954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:82⤵PID:3840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,13538307418271935717,15196889746573219954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:3212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,13538307418271935717,15196889746573219954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,13538307418271935717,15196889746573219954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:82⤵PID:4504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,13538307418271935717,15196889746573219954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,13538307418271935717,15196889746573219954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:12⤵PID:1656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,13538307418271935717,15196889746573219954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:12⤵PID:4848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,13538307418271935717,15196889746573219954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:12⤵PID:3924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,13538307418271935717,15196889746573219954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:12⤵PID:1772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,13538307418271935717,15196889746573219954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:12⤵PID:3564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,13538307418271935717,15196889746573219954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:12⤵PID:4832
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1004
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3740
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59b008261dda31857d68792b46af6dd6d
SHA1e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA2569ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA51278853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10
-
Filesize
152B
MD50446fcdd21b016db1f468971fb82a488
SHA1726b91562bb75f80981f381e3c69d7d832c87c9d
SHA25662c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA5121df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4e194709-269f-407d-8342-6f0e0dab2842.tmp
Filesize5KB
MD50539dd5c6405242fa051b4ef075e70e5
SHA167bfeec1bb41495b92bd4542c7cec1d41c75ce88
SHA256d0878ead6f4f970c6d2716ae4f7a318dc75e9d5a09491716421000f81dc23614
SHA5120e526a723b48bb0992b13c7d29c8d317fca3e1ad119d353e8da934767d66d643c2ed45a08246122b7e78bfadd74b3e0b8b007fee658bac2f4a0088635ff2fb77
-
Filesize
334B
MD547f03097693a8f2705b9c3843c79572d
SHA128cabd7b3de053d73eceffc853817be769d27205
SHA2564d6d346064691ed86ae8004b6105327e094d0ab8157efc864d6503a6178a0bf3
SHA512c7951f8a68d494e720da6051f94d621a3d88da0a7094c521477011f7517f32d38d533c244a79b607159af15cb3106b1203495346b658f43fc77a328500c30cd6
-
Filesize
6KB
MD504ff758783ce617cc3792c4e25ccd3ac
SHA1df7b5d77e779d866dbe8b7d0813b6509fdb8404a
SHA2564d9f47fc00cbca98b28f96187e569ad066c8f68410ce58ed5fa69ee12ffc15fa
SHA512f279d04125b83e8ed1a5c22a15392b2fa8e3d04dd917930821070f1a977ef9cfb70cbcf27c6718d957a2486ad5d97e6e597743aca437789fbdbe1dec039962aa
-
Filesize
6KB
MD57ce7d9fc277310591267f291509b8035
SHA11933b3c4cd84ea6c87bc5c8d28d013ed764deae1
SHA2566e62fedf35c01c175433beb3f9298027c4f26a28187c9e344c327b1426c8e872
SHA512300f2f357f04587fa36cdf4e5a7fb2a737b083f0a9feade769aefade4a97efae1a9216f5bb3104211e3fc6c0d46a7a1b4f7abf828893e7007f05894fa8658e1a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD58dd7932269e9080ad2253c058364c7ba
SHA1f38d5c6e4bd69a155bdde65a2a666e88dfbf0fb4
SHA2566bb6cfbcc40de46210e72165516b8cc79f55c28f5d3317e58175e85463c0fefd
SHA512f5ca1f58591c10acbb34f015bfdc096dad9f9be2c16b13fdd98e47477433612898b23c9414b3e620f9e6d92fbfeb07a11a42694fc72dde984e129ab59218231e
-
Filesize
10KB
MD53d94ede15a462667f754d7dd4673ca60
SHA1590e3aa6e68c3f7d129bbd565b650112ef6705a5
SHA256aaa99677b9b7cccaac99466a8fa5e0933756eb29bab65e6658b5ed69b1c2dd11
SHA51288c39e9e77273b03e7ee0d5133c6edef1834719803d32ba60409385a04a4140d7dce75ac0a3142339143bbcf424c3bef741ca669fd2427731857dbc96d7a4a4b