98a43700d7e17949bcd66a681c2ee59028a7fdfea89c3f5a5c06b25d538c370a

Analysis

max time kernel
113s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 09:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

98a43700d7e17949bcd66a681c2ee59028a7fdfea89c3f5a5c06b25d538c370aN.html
Size

221KB
MD5

3c23a20f1fcb582cddff38eb1f916b50
SHA1

1b4d49ea470cc19879b8ff7d521b2c29fe7fe905
SHA256

98a43700d7e17949bcd66a681c2ee59028a7fdfea89c3f5a5c06b25d538c370a
SHA512

91f44d413a1e09b4e6cb50cd297641ec5fdaaeb3f7423375070ab0b5b7b7ea26932df73ef4a70f7a96bd8204da78d66dfb4f4c0be8e6a50cac45d09f7aac7ef9
SSDEEP

1536:uIRIOITIwIgINKZgND5IwIGI5IjJ7SHIRIOITIwIgIKKZgNDfIwIGI5IoJ7Sk1wI:B1wC6l/FQCQV6/HR5YL

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe
4988	msedge.exe
4988	msedge.exe
1068	identity_helper.exe
1068	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4988 wrote to memory of 1944	4988	msedge.exe	82
PID 4988 wrote to memory of 1944	4988	msedge.exe	82
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 2172	4988	msedge.exe	83
PID 4988 wrote to memory of 3516	4988	msedge.exe	84
PID 4988 wrote to memory of 3516	4988	msedge.exe	84
PID 4988 wrote to memory of 1432	4988	msedge.exe	85
PID 4988 wrote to memory of 1432	4988	msedge.exe	85
PID 4988 wrote to memory of 1432	4988	msedge.exe	85
PID 4988 wrote to memory of 1432	4988	msedge.exe	85
PID 4988 wrote to memory of 1432	4988	msedge.exe	85
PID 4988 wrote to memory of 1432	4988	msedge.exe	85
PID 4988 wrote to memory of 1432	4988	msedge.exe	85
PID 4988 wrote to memory of 1432	4988	msedge.exe	85
PID 4988 wrote to memory of 1432	4988	msedge.exe	85
PID 4988 wrote to memory of 1432	4988	msedge.exe	85
PID 4988 wrote to memory of 1432	4988	msedge.exe	85
PID 4988 wrote to memory of 1432	4988	msedge.exe	85
PID 4988 wrote to memory of 1432	4988	msedge.exe	85
PID 4988 wrote to memory of 1432	4988	msedge.exe	85
PID 4988 wrote to memory of 1432	4988	msedge.exe	85
PID 4988 wrote to memory of 1432	4988	msedge.exe	85
PID 4988 wrote to memory of 1432	4988	msedge.exe	85
PID 4988 wrote to memory of 1432	4988	msedge.exe	85
PID 4988 wrote to memory of 1432	4988	msedge.exe	85
PID 4988 wrote to memory of 1432	4988	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\98a43700d7e17949bcd66a681c2ee59028a7fdfea89c3f5a5c06b25d538c370aN.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeebe946f8,0x7ffeebe94708,0x7ffeebe94718
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,16013666797249842180,17328900150632146868,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,16013666797249842180,17328900150632146868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,16013666797249842180,17328900150632146868,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16013666797249842180,17328900150632146868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16013666797249842180,17328900150632146868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,16013666797249842180,17328900150632146868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,16013666797249842180,17328900150632146868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16013666797249842180,17328900150632146868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16013666797249842180,17328900150632146868,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16013666797249842180,17328900150632146868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,16013666797249842180,17328900150632146868,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:4176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
91cbf4872c49db432a7f7d0e73fc61f0

SHA1
fd413b225724075b48432a16ae623ad526602a1b

SHA256
0e005d8318b6ae99a2bc62318a87c67516272e28c760509fc1a50e1a6f32dddf

SHA512
1b51061384aed81cb2496a938d6a186be990c73aff3a0e0b2bf24a61ac0262a5127450b1b9b1d065ad13a92f16967c61590b2e63a1461c96828069230a076892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2bfa6dd18ac110b4c4c70b4f70570062

SHA1
698eb01386a9b36484ef73f486459e6affea5a2a

SHA256
93eeb1603eea7d92c94e1f379ad8d3da2b12c590e3262b74b5e7a0bdb82da432

SHA512
6aebd0069054465d4e1b30e6669d8f1a1995693bd47322d78b2480c1aeafbb6f60173bce71df9bc14594720fd61f59f7cfd24a2275aa86d66bcf2804e8c8ea36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
887e68606300072e67a69862b108307e

SHA1
e4e5a22f8a5dd849d7ae59fbce42d00a3b36c38e

SHA256
85b938cff4600ad4a788d94cc268b3f25fd44425d6b67b9d226417d018382854

SHA512
6044ae8cc0b90c1a5e9585460692724385499537210886861e6d3dd030c59e74a3d4a1ba5418130897de2694c315fe85cd458bbd7f1051bc4809f8d4fc3a3132

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
713e909c0383089d6c7d1229d351a075

SHA1
fe1a56936a70af3b281ffa3b50df0f0810ac660f

SHA256
5299a6a43d757b24ae5cb2eaffc7c1c9aff1892a8874628e32043f5de63aa2ed

SHA512
ac122fd6f0ab412c613f7867bd7396268609e1a3b4a88b59c62006661efe07778dd6838d4036d79c4d92c6b94300808f4c01148ffe2a817e87a201f1463d9d4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
421c360ca20d1fc646ee66c47bef7e29

SHA1
09f7f97faff367e69154ed4fb0500e625dbfdc72

SHA256
a5f8f12a665841a99e3155a3be06667b9c95d9260fbbf34dfc865fcbf4f2af55

SHA512
48bafe5e7e083e057240a84e10b26902c7f04cd375d7f94686759e08bf9bb85ef86d1e810db4eb74484ef1898e78d697f0dc7c2c0c4569163eeb78f4d132865f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58176b.TMP

Filesize
1KB

MD5
bc60072a54735d6b2a619d20709a69a5

SHA1
4dbb6d407256ac6a4b3f5c68892094f1e4a0ae07

SHA256
adc1c04a40e1ef4d04099a88db0dbae741fa9a94ffd1103b0707c0a64b62b9d7

SHA512
9b3669172481f08bac9de9e6a9b257875cb361e18014dd7556edd2dd164323dff3125ea2bc5a4a5c19b225d5254c073211b411f43e6610f7eb1479b240985b01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fe329067098ed0414a8ecaf2db668988

SHA1
1eee8585cc4d373a72f982a1903bf67783e5fd9a

SHA256
5c4c4292c9baedd40e05a1cfca72099a76b68f5a6e2df5d6e8f86f5303b90ffa

SHA512
481ffbd2ed18d8207bbb7e69a6e17e387b1b18d030647aeb3e3201637d4ce82af5f51ba5c28eb8ed98f7b49d57e6e125b1342342e89489137399a0b7dfa4e7fc

Download Submit