2a9b9ec78d0564907b308c9ba342400818893f0eabd72f06a084058a79844a48

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27/09/2024, 10:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

217KB
MD5

dc8daae812e4159e77ba780b667c2f71
SHA1

639305c895e0e710ae9572ac75e5b5fcac460c2b
SHA256

fdef3e6d765b9ecec79a654b5064ad502432d106b56890123997355d61819f1f
SHA512

86aca7a7a7ca6156067b7b8e94aefcb99fcf0a61c4ce898cdfeee729c6ce14ccd6d08343179f775b1e6018b87f8eeecaedc267239ffa3e1497b94a2076b63710
SSDEEP

3072:Swn/kiQwGlyiyfkMY+BES09JXAnyrZalI+YQ:S8/kHwkGsMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe
4916	msedge.exe
4916	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe
2780	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4916	msedge.exe
4916	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4916 wrote to memory of 1652	4916	msedge.exe	82
PID 4916 wrote to memory of 1652	4916	msedge.exe	82
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3688	4916	msedge.exe	83
PID 4916 wrote to memory of 3516	4916	msedge.exe	84
PID 4916 wrote to memory of 3516	4916	msedge.exe	84
PID 4916 wrote to memory of 2024	4916	msedge.exe	85
PID 4916 wrote to memory of 2024	4916	msedge.exe	85
PID 4916 wrote to memory of 2024	4916	msedge.exe	85
PID 4916 wrote to memory of 2024	4916	msedge.exe	85
PID 4916 wrote to memory of 2024	4916	msedge.exe	85
PID 4916 wrote to memory of 2024	4916	msedge.exe	85
PID 4916 wrote to memory of 2024	4916	msedge.exe	85
PID 4916 wrote to memory of 2024	4916	msedge.exe	85
PID 4916 wrote to memory of 2024	4916	msedge.exe	85
PID 4916 wrote to memory of 2024	4916	msedge.exe	85
PID 4916 wrote to memory of 2024	4916	msedge.exe	85
PID 4916 wrote to memory of 2024	4916	msedge.exe	85
PID 4916 wrote to memory of 2024	4916	msedge.exe	85
PID 4916 wrote to memory of 2024	4916	msedge.exe	85
PID 4916 wrote to memory of 2024	4916	msedge.exe	85
PID 4916 wrote to memory of 2024	4916	msedge.exe	85
PID 4916 wrote to memory of 2024	4916	msedge.exe	85
PID 4916 wrote to memory of 2024	4916	msedge.exe	85
PID 4916 wrote to memory of 2024	4916	msedge.exe	85
PID 4916 wrote to memory of 2024	4916	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd70fd46f8,0x7ffd70fd4708,0x7ffd70fd4718
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,1942167941062360430,17151931609153654914,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,1942167941062360430,17151931609153654914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,1942167941062360430,17151931609153654914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1942167941062360430,17151931609153654914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1942167941062360430,17151931609153654914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,1942167941062360430,17151931609153654914,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4964 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1f759dd8173c2a4e982dec7950996915

SHA1
fb2be69d9149428718b1fceed85f0aaa1c7979e9

SHA256
75664098660374fc873e36a32b9d29e325f82a600aabe89bdbdeaf3f82d0d4e8

SHA512
9c056d3dc20d1e8f3f8bb436bfe7e7a8d87d2d86b520dbdffc7beec32a7794fc6c8481414bd3393e1a92133b5eddaf6dedda49be59b47fc1725fa91bc9bc13fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a1a6c24cf1eecf31a8dcbabed851a36

SHA1
f0279b8062aaed79393c4ab631c94516d6c5d755

SHA256
2a94fdc47fbf53580ea780140f49f8eae1f91b78427c05e1c87a9e7d42f6f205

SHA512
76e3b3d7c41b323ef7cd29961efbd4db3f6fa200a3fe19e6da174394266656830ef97211f3cb37b0751c4a2f3e3b88622806bf49b64ff0777b678d441b1a9c9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
47fffc99e1fa0e7e8b47017eb93a5845

SHA1
88264e7059e37cb210fef3df974769e301da6c40

SHA256
5580bd4de34017b3413ce6dd79659df7514ce3ccbea9c7c82bf4a8c222400cb7

SHA512
b1ef75ec8fb07c58e4fcf9b5c39519b9723ec0745dbc53892f01ae1152fbfd3c26ba7b8d4a62f5d658e15e224ad4906fa7024860c8e39c1f4b982f8292321cb2

Download Submit