2521bd40021b5d9470557b5b1d5fef192b1bf64072c5775c70e8131f208a598e

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/09/2024, 10:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

245d50fe2beb6d7b528841b938a44096
SHA1

04a5c9f34f5ca75cf4844e589c8cfbb1855e79e7
SHA256

327a4e00f07e930728bdac768cc470b5503e3ca0c2d2531fdc1996d22ef8f064
SHA512

ef9eef3723084fe3ae7a18eb860f64086b968a78244105b478c8fa3df1be961ab322d2f1ac7607047d0c83447d79e1e658c3b90d663d907c81eac518c37adeec
SSDEEP

3072:SZQoCkePMWfiLyfkMY+BES09JXAnyrZalI+YQ:SZJIiusMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe
4852	msedge.exe
4852	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4852	msedge.exe
4852	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4852 wrote to memory of 3944	4852	msedge.exe	86
PID 4852 wrote to memory of 3944	4852	msedge.exe	86
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 228	4852	msedge.exe	87
PID 4852 wrote to memory of 3516	4852	msedge.exe	88
PID 4852 wrote to memory of 3516	4852	msedge.exe	88
PID 4852 wrote to memory of 2900	4852	msedge.exe	89
PID 4852 wrote to memory of 2900	4852	msedge.exe	89
PID 4852 wrote to memory of 2900	4852	msedge.exe	89
PID 4852 wrote to memory of 2900	4852	msedge.exe	89
PID 4852 wrote to memory of 2900	4852	msedge.exe	89
PID 4852 wrote to memory of 2900	4852	msedge.exe	89
PID 4852 wrote to memory of 2900	4852	msedge.exe	89
PID 4852 wrote to memory of 2900	4852	msedge.exe	89
PID 4852 wrote to memory of 2900	4852	msedge.exe	89
PID 4852 wrote to memory of 2900	4852	msedge.exe	89
PID 4852 wrote to memory of 2900	4852	msedge.exe	89
PID 4852 wrote to memory of 2900	4852	msedge.exe	89
PID 4852 wrote to memory of 2900	4852	msedge.exe	89
PID 4852 wrote to memory of 2900	4852	msedge.exe	89
PID 4852 wrote to memory of 2900	4852	msedge.exe	89
PID 4852 wrote to memory of 2900	4852	msedge.exe	89
PID 4852 wrote to memory of 2900	4852	msedge.exe	89
PID 4852 wrote to memory of 2900	4852	msedge.exe	89
PID 4852 wrote to memory of 2900	4852	msedge.exe	89
PID 4852 wrote to memory of 2900	4852	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd73946f8,0x7ffcd7394708,0x7ffcd7394718
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,2510125854686515724,18187263770719385439,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,2510125854686515724,18187263770719385439,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,2510125854686515724,18187263770719385439,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2510125854686515724,18187263770719385439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,2510125854686515724,18187263770719385439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,2510125854686515724,18187263770719385439,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9716a4bcbd2d86c30565e6412f5fe61e

SHA1
8cd441333ab8bbf3c71baeba89ebc4200eeab2c9

SHA256
ecdbd0dcdc18dd12fc0e928f35ea3a415a91033c607cb668fb9f11798cf4148a

SHA512
60cd43106bb92eac432a94d65cc3b6d79505ad7e7162eefbd23d6830471cec40b93b221629397cb8a3949042f388d9fe84880865ce78ab94eeb97eefcd08f2cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
74baaba90da56cb800a0036d3cc95363

SHA1
0d0a6965b353e7baf887b1f172d99f87654fbc89

SHA256
c748881cc8467f0df4df0fafaa9de711856f0859a1985c70054dbffe09671285

SHA512
ade7fede5ae5d8f367267c06e3008be95153eef3fd2efd987f0aff618a41d5a2dedee7994cafbd1d1c670ec1088d89a3449b3d8fc1cb556a095071c750f66545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
db8b6d2416e45b3bd40deb9e04038fba

SHA1
d55ae69621e9fa0f2c6530708ac98ea7fe4fa34f

SHA256
eb77fcef45596bc2400fe184bdbc73140bf460ed2b34cf5eaba858df92bd6623

SHA512
d9abeb74fa54a9649c6881f032b267035a8348b87c625029eba266b4caeb22d5da80d0bd3a5e51747ce54f925431cb2fb465690c7897e2bbaee2c7a955039dc3

Download Submit