ee46360272ee0d32d4cdd9997bc586a062a897b08bb62f08c8e31873777c90f8

Analysis

max time kernel
112s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 03:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ee46360272ee0d32d4cdd9997bc586a062a897b08bb62f08c8e31873777c90f8N.html
Size

56KB
MD5

dadf659dd9dd92c7c6400c86f0b4c030
SHA1

a63328b99c283e9b3fbba7c999494f0add1d4384
SHA256

ee46360272ee0d32d4cdd9997bc586a062a897b08bb62f08c8e31873777c90f8
SHA512

a5c77105745ccf474eac788d29333b039becaa78ae6ed572bef963380fad8b147183aae1afd0f314f591e2aee850dd64a2005c5345dc7190b167e4c7bb2c1df8
SSDEEP

768:wLQ/EpHvvCIoodJBeAG+ofW1xxn9pg3H2gArOykfElXDtB4kq5/wStCwhagVHJ:wZHv7oKeAJrOyMSXDLQwStf

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4748	msedge.exe
4748	msedge.exe
2324	msedge.exe
2324	msedge.exe
4724	identity_helper.exe
4724	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe
2324	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 4416	2324	msedge.exe	82
PID 2324 wrote to memory of 4416	2324	msedge.exe	82
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 3128	2324	msedge.exe	83
PID 2324 wrote to memory of 4748	2324	msedge.exe	84
PID 2324 wrote to memory of 4748	2324	msedge.exe	84
PID 2324 wrote to memory of 3332	2324	msedge.exe	85
PID 2324 wrote to memory of 3332	2324	msedge.exe	85
PID 2324 wrote to memory of 3332	2324	msedge.exe	85
PID 2324 wrote to memory of 3332	2324	msedge.exe	85
PID 2324 wrote to memory of 3332	2324	msedge.exe	85
PID 2324 wrote to memory of 3332	2324	msedge.exe	85
PID 2324 wrote to memory of 3332	2324	msedge.exe	85
PID 2324 wrote to memory of 3332	2324	msedge.exe	85
PID 2324 wrote to memory of 3332	2324	msedge.exe	85
PID 2324 wrote to memory of 3332	2324	msedge.exe	85
PID 2324 wrote to memory of 3332	2324	msedge.exe	85
PID 2324 wrote to memory of 3332	2324	msedge.exe	85
PID 2324 wrote to memory of 3332	2324	msedge.exe	85
PID 2324 wrote to memory of 3332	2324	msedge.exe	85
PID 2324 wrote to memory of 3332	2324	msedge.exe	85
PID 2324 wrote to memory of 3332	2324	msedge.exe	85
PID 2324 wrote to memory of 3332	2324	msedge.exe	85
PID 2324 wrote to memory of 3332	2324	msedge.exe	85
PID 2324 wrote to memory of 3332	2324	msedge.exe	85
PID 2324 wrote to memory of 3332	2324	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ee46360272ee0d32d4cdd9997bc586a062a897b08bb62f08c8e31873777c90f8N.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e3a546f8,0x7ff8e3a54708,0x7ff8e3a54718
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,16579632741490669185,10364087525793648491,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,16579632741490669185,10364087525793648491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,16579632741490669185,10364087525793648491,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16579632741490669185,10364087525793648491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16579632741490669185,10364087525793648491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16579632741490669185,10364087525793648491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16579632741490669185,10364087525793648491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2712 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16579632741490669185,10364087525793648491,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2752 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,16579632741490669185,10364087525793648491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4136 /prefetch:8
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,16579632741490669185,10364087525793648491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4136 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16579632741490669185,10364087525793648491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16579632741490669185,10364087525793648491,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:1088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
ea2b9e4b5ffaf33b0b281aa18bad4529

SHA1
62c8a420138f1134059252f109e49354806b2a41

SHA256
8d0ac628975636487458349581f56d485f28c71f7f7c212e287fa49a8b20a770

SHA512
17f18b51b137fb6b11a6742e76f00059d1751c40fab5ee6baf9023d5333b6a5636539103fcc3835f7c75b215563472142821bc78994f6c33b7cec668fe1c5527

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
28ba7678144ced6cc1d5ffdceb29858e

SHA1
6cbbd8ff07f4c4603051cc984160d208f83f33ef

SHA256
0c59e0c802ac43cd58997794ec63ecc3e03e6f24234c69a5cc19718a6bd2b01b

SHA512
10f57bff05500175c313327616dd48b90a34f96bb25b41addda12df9aa02e2fd1d060cd4f0883feddca5842922d4128f7de550757994ae59a71ce8b3a2bc7e30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4d1da4ea4db5614fb0525447108a23df

SHA1
cc0b6c4e8da4d81b5ba4a46f73bc002d3a720b66

SHA256
6d77f31ad8b5e4c5bd4ccd07c0dc6689fc12168ca2c0b4fff999717c589f9a7b

SHA512
9cb2a67682e9ca92b59fadcb891365b10cb483fefc32d2932a60b4d3753d588ca8738356f4c543854e0a9119eb3c9d9765138e77cfb0b891b8c42956ebebf193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f007142d6052a86d90bbb16d815187d5

SHA1
7f4c5f5f7aea081e8ad11ddb75b23ca4b2c60265

SHA256
2909b3e909a3270e805b277dedca6fa7785cda0b90d3a80d26a551dfaf06e877

SHA512
ae9ef56b1b41e2771db487b5bd10dac0051c253ec5cdb7b6942f5349d66897cd13e8fc096bfa85af69afd1346f43fc9550996bbb675c1099032f2c4e1616f9c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1b088c129f2b5e38f780aa7cb070f08a

SHA1
1ff6d0151cbf4213403534c3bd6a13e3a2fb2d93

SHA256
39fbaadc159c9aee5fd8244174b6a166de0b27ce23611acf28aae1d0ce14655c

SHA512
029f35aa7e793a8c7a16cc9d1db6cacc83a604b4ca4b745b6f13501aa3f2b490de2a13bfa47e963f951f0b07b95f0cdae30c4188490805d9993ca267e9772525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d270db98b8fde0a2e634d7a39da3d193

SHA1
3747b075acbadb956e5fe48d988e918fc7a8c513

SHA256
341748a72738b854aaac919b98b9e0036a252446939c4f6558afe2d6c87f8160

SHA512
07804172865b18cc813e434e7b0dfcc9bead6a685c72769fee486e3eeec7d08240c1f13b47ae34e031fdb06348d49b26dccd86258f4a663a7417da9c061265dc

Download Submit