Analysis
-
max time kernel
112s -
max time network
109s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
10/10/2024, 10:32
Static task
static1
Behavioral task
behavioral1
Sample
5e0e25a5a67fd667901c4699512a3a517085510359bc22084f56d325b036e9b0N.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
5e0e25a5a67fd667901c4699512a3a517085510359bc22084f56d325b036e9b0N.html
Resource
win10v2004-20241007-en
General
-
Target
5e0e25a5a67fd667901c4699512a3a517085510359bc22084f56d325b036e9b0N.html
-
Size
93KB
-
MD5
db80c8a68b0c3126a689170781eceb10
-
SHA1
11cf0ed49f73e594c2acc5e94011e110ad9443c4
-
SHA256
5e0e25a5a67fd667901c4699512a3a517085510359bc22084f56d325b036e9b0
-
SHA512
f0d44b86f697cd6ff9b77e0663ec7694e38c5f6a896d9045911f11fc9945aa5412807b3b375de9081ee239de7c6d0d0c5404fe4e52937b3a1ac312f4814e4e19
-
SSDEEP
1536:GyVIYSKpO8dActQIVEAcjeNGBMeAcKAc2fm6lIJxgDK+bVmqTQrtey5y7dOzHrZQ:okAcjyAcFjAcKAcd6lIJxj+beteyIYza
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 2564 msedge.exe 2564 msedge.exe 5080 msedge.exe 5080 msedge.exe 1468 identity_helper.exe 1468 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe 5080 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5080 wrote to memory of 4472 5080 msedge.exe 83 PID 5080 wrote to memory of 4472 5080 msedge.exe 83 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 3392 5080 msedge.exe 84 PID 5080 wrote to memory of 2564 5080 msedge.exe 85 PID 5080 wrote to memory of 2564 5080 msedge.exe 85 PID 5080 wrote to memory of 228 5080 msedge.exe 86 PID 5080 wrote to memory of 228 5080 msedge.exe 86 PID 5080 wrote to memory of 228 5080 msedge.exe 86 PID 5080 wrote to memory of 228 5080 msedge.exe 86 PID 5080 wrote to memory of 228 5080 msedge.exe 86 PID 5080 wrote to memory of 228 5080 msedge.exe 86 PID 5080 wrote to memory of 228 5080 msedge.exe 86 PID 5080 wrote to memory of 228 5080 msedge.exe 86 PID 5080 wrote to memory of 228 5080 msedge.exe 86 PID 5080 wrote to memory of 228 5080 msedge.exe 86 PID 5080 wrote to memory of 228 5080 msedge.exe 86 PID 5080 wrote to memory of 228 5080 msedge.exe 86 PID 5080 wrote to memory of 228 5080 msedge.exe 86 PID 5080 wrote to memory of 228 5080 msedge.exe 86 PID 5080 wrote to memory of 228 5080 msedge.exe 86 PID 5080 wrote to memory of 228 5080 msedge.exe 86 PID 5080 wrote to memory of 228 5080 msedge.exe 86 PID 5080 wrote to memory of 228 5080 msedge.exe 86 PID 5080 wrote to memory of 228 5080 msedge.exe 86 PID 5080 wrote to memory of 228 5080 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5e0e25a5a67fd667901c4699512a3a517085510359bc22084f56d325b036e9b0N.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5080 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff4cd146f8,0x7fff4cd14708,0x7fff4cd147182⤵PID:4472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2718177451026489787,4338406215325987450,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:22⤵PID:3392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,2718177451026489787,4338406215325987450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,2718177451026489787,4338406215325987450,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:82⤵PID:228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2718177451026489787,4338406215325987450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:2356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2718177451026489787,4338406215325987450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:1712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2718177451026489787,4338406215325987450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:12⤵PID:1264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2718177451026489787,4338406215325987450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:12⤵PID:2612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,2718177451026489787,4338406215325987450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 /prefetch:82⤵PID:3532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,2718177451026489787,4338406215325987450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2718177451026489787,4338406215325987450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:12⤵PID:1192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2718177451026489787,4338406215325987450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:12⤵PID:2228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2718177451026489787,4338406215325987450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:12⤵PID:2148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2718177451026489787,4338406215325987450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:12⤵PID:2328
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1936
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4468
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dc058ebc0f8181946a312f0be99ed79c
SHA10c6f376ed8f2d4c275336048c7c9ef9edf18bff0
SHA256378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a
SHA51236e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa
-
Filesize
152B
MD5a0486d6f8406d852dd805b66ff467692
SHA177ba1f63142e86b21c951b808f4bc5d8ed89b571
SHA256c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be
SHA512065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a
-
Filesize
213KB
MD5f942900ff0a10f251d338c612c456948
SHA14a283d3c8f3dc491e43c430d97c3489ee7a3d320
SHA25638b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6
SHA5129b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize312B
MD5d7b10115fb4b9600cd96af3c2ecc431c
SHA1aab03848bb0540226af6f0ea0e35e009a950cc2e
SHA25615f20aa44d9c234470b196053c606d5891d14ad646c949fcce4bff95a6a15dd3
SHA512280325076f28a638e43cbf98d707c3aeed6267dfa397062c6af0958582ad5d6f29207ead1b9207bd250b67902cd8df74dc92be6b5c7a39920b83db745f2453b1
-
Filesize
2KB
MD5688ae465fc0bfe7a1fa46046dd4026bf
SHA15de0f037082669ffc51db16e65e0e59f29fecf22
SHA2564a64fe94dbb8fa44beac0bc068427ed00c63e5911c2fd23049626519c97830ba
SHA512095253b998d488415b0ac8b16176ce9a1be4d6816cdd3280e9b8a00abcbe8cb4af90467d59c8e02e98d1e9db9e0b8a04a8dc73eb3d9695a40b7114fa47e92d30
-
Filesize
7KB
MD5bd2580d54c6dcf2c584f3b366dc4bdfb
SHA1bb8ac65bc935b25e2df0ad0a5bc25c0c83f2742a
SHA256386c3de52ef85c5bc7b6217a661d8f3bb8fcef0083dcfa66385cb0756017737a
SHA512ec44ee82b1149563bd927602df43d2c2c404f3af64d2ebcdf718bfaf29fdd48909aa01d426dbac80899c0b8dba801285139139ca0ec5a82d049c64b5d0a38d05
-
Filesize
6KB
MD5f4e0b3f76231304e1e5112e38336ed04
SHA150377414c156c22d7791a66ff6779bdb49180d75
SHA256f5b7323bea269bf2765340b5122fe5b811ff11456f394aa800baad2b06563830
SHA51276e417fdcd85d5d8fbfa08cfb8cd4abf4253159a1f23ac294bedeb6a2efedea12b0d9b060e066b9626c46a571a0e1fe56cb8f4dfe75b66278c48def0850eeb49
-
Filesize
7KB
MD5e99397a8dbcd7ed40dbac14c1ff13515
SHA1f71981030127a3c6b0ed501d12a5debfe1c6a282
SHA2563d3b8536b2937898e7a7506fb559068255d99514d97e841fbe725b44fc9107b8
SHA512f816952a135236bb18739aaf7d5f14710bc1cc24a758b7670ea097372c27a29228ae1f3ea217fe2a18fdd9f0325f9a6e154633d5699ea92f8c190b286c7addde
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5a85b29a87d148188c59d66197db78473
SHA1e86d1598ed70361136c9b639ef0a70d55eea25f9
SHA256eb4f43e57250b0ad803c3218fc7611ddf08974e68be7e9c5b48e1db17f7533ba
SHA512796dbec7e45ed90f0f67bb157959d683f4142155ade799408b0222994bf41122c6bf4948bd55bba53c882236fd8f71a36dbce53d2c79b981c0e99859127d9083