b2f95521b76bca7e7597abfcedddf47552ae99c4f12b3405017b292dfd1682e1

Analysis

max time kernel
117s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 06:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b2f95521b76bca7e7597abfcedddf47552ae99c4f12b3405017b292dfd1682e1N.html
Size

82KB
MD5

139bdb0bffcf6e74b9d336aa5c6ebec0
SHA1

1dc077dd88d83c1762478c7cdd0e57fd6050920c
SHA256

b2f95521b76bca7e7597abfcedddf47552ae99c4f12b3405017b292dfd1682e1
SHA512

d934d9b85acee61955189ce711ac7bc3737e2e14fd97b2d2203ba3d3b5f4666618fcd6ec420cd25843ac0163982e0b5287dd3144ff15c3a96a06f28b8f36d0a3
SSDEEP

1536:BIRIOITIwIgIiKZgNDfIwIGI5IVJ7SqIRIOITIwIgIiKZgNDfIwIGI5IVJ7SZRdw:kRdubnxFhz/GImsL

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2940	msedge.exe
2940	msedge.exe
4744	msedge.exe
4744	msedge.exe
4664	identity_helper.exe
4664	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4744 wrote to memory of 3136	4744	msedge.exe	82
PID 4744 wrote to memory of 3136	4744	msedge.exe	82
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 3764	4744	msedge.exe	83
PID 4744 wrote to memory of 2940	4744	msedge.exe	84
PID 4744 wrote to memory of 2940	4744	msedge.exe	84
PID 4744 wrote to memory of 596	4744	msedge.exe	85
PID 4744 wrote to memory of 596	4744	msedge.exe	85
PID 4744 wrote to memory of 596	4744	msedge.exe	85
PID 4744 wrote to memory of 596	4744	msedge.exe	85
PID 4744 wrote to memory of 596	4744	msedge.exe	85
PID 4744 wrote to memory of 596	4744	msedge.exe	85
PID 4744 wrote to memory of 596	4744	msedge.exe	85
PID 4744 wrote to memory of 596	4744	msedge.exe	85
PID 4744 wrote to memory of 596	4744	msedge.exe	85
PID 4744 wrote to memory of 596	4744	msedge.exe	85
PID 4744 wrote to memory of 596	4744	msedge.exe	85
PID 4744 wrote to memory of 596	4744	msedge.exe	85
PID 4744 wrote to memory of 596	4744	msedge.exe	85
PID 4744 wrote to memory of 596	4744	msedge.exe	85
PID 4744 wrote to memory of 596	4744	msedge.exe	85
PID 4744 wrote to memory of 596	4744	msedge.exe	85
PID 4744 wrote to memory of 596	4744	msedge.exe	85
PID 4744 wrote to memory of 596	4744	msedge.exe	85
PID 4744 wrote to memory of 596	4744	msedge.exe	85
PID 4744 wrote to memory of 596	4744	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b2f95521b76bca7e7597abfcedddf47552ae99c4f12b3405017b292dfd1682e1N.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe72da46f8,0x7ffe72da4708,0x7ffe72da4718
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,5838998116032580445,1291139158239814844,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,5838998116032580445,1291139158239814844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,5838998116032580445,1291139158239814844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5838998116032580445,1291139158239814844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5838998116032580445,1291139158239814844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,5838998116032580445,1291139158239814844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3004 /prefetch:8
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,5838998116032580445,1291139158239814844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3004 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5838998116032580445,1291139158239814844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5838998116032580445,1291139158239814844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5838998116032580445,1291139158239814844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5838998116032580445,1291139158239814844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
49a8a1456a8afa88a9c62bf2826bab42

SHA1
2e33bb8d3a1679874d02e2028775dd4eb8043d80

SHA256
54a812d019d4c0ef71424c7f5ff87e7e09c6c71cc5ae8ae8f721209bb7875ae3

SHA512
6bfb717fa8d73134b1b74cdbdd36a7e471f0e56fa89fb98af6ee6fba59f1e53e767e126f804fb7626727c5e5ed5f6aadf0ff1c869b22b0523d8a7981ca32fcf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b4b5f8ead93a776f28cccbb31907026f

SHA1
0828dea6ef32379461069c78ddeddd664e26a32f

SHA256
f5643072515e33d73bafbd2d3daff6e3af1368f2b071634424de7019a56b15cc

SHA512
d374aaddb434f5fa72ff0fc60d081bb76a4b8d20d5275e9b8d921653b1afb2e3c6db5c5489b5f2ced5f95a1062e206e6e770e382161b48469974b72644987b69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c222e911f4189d7b87c0369d0339dad0

SHA1
babec10a45ad9ce1d5651ccac9c536ffd4299274

SHA256
a731f7eb94291af64337ef9bd70309ba5432c2fbe10203246f0a14d7e2ae2c1f

SHA512
fe53552ba34a2c87fb0afb30b76c0257a934a8317288105d11bb6c1e4d50ef34af00292adc0932c6609d6fef295c1ff5236f3840d6be1e9c3e4b5991f4930328

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
50d1e8c4936152bca67063d93e0996fb

SHA1
94cfc632c9ba28419d6a12fd54c7e74af793e031

SHA256
dd70be6032d80d910c03d0696b93284d3b40ee58131874aef44fc3850cb86a5e

SHA512
2d02e5505a24e439944e899812d0438c53a7699702164d0b86cf06753a59a8d5e21fc8e42850e711465d9d0f376a53c3f1758b30136fe991739d1f07956b664a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c4e1d226e2dccc57a96b6e624dfb7c55

SHA1
ce43a1640170cc53250f18ff5c01ac6ebf2740d6

SHA256
5830f4c799a89e184fb739dfc77bb237938c4074fe1828cabb0daa781aa672db

SHA512
c51ad825b2b200d967f06124714af36070054295e789c7d6eedff4a1ed333a21fe8ce165465e05207351028aaaa66a11f2efb522cc317adb2ee858636e3e23c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58194f.TMP

Filesize
706B

MD5
af8ff66fb3baf7d0a0eeceb5e071a76c

SHA1
abbce8599a0b68d2010a5968477623ee612ae026

SHA256
07c93fbfbfabf7d1b131aff8367de8d0c9bf9e7d58e9c086200020dc7c1ae6f9

SHA512
4a8d32d4c1338d89a67eeb46fc3144e20c87bfa43e10e7e49e15b235ba03000ac3c0e214efa11897d144b7e5ea45c2e95035b46d0e31347a58b7098ed9ade4c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
98a5874e1e885fea94b2237dc7eb8715

SHA1
8687a5f3decccb1f46bf2dcbd5cfa0116aa6e037

SHA256
f6c23bc4e3a61ccdda1845cbf4195be6cf65038750682de82a23a262d3cf94fa

SHA512
a063214764b844406fe0b6420bd8135682695f76e5af103e6413102050a0ed294cc4673a00219c4a394fdb7afef5704c16fe0211fc9447f1d846b0e0e19f97f0

Download Submit