Overview
overview
10Static
static
1Validació...1).eml
windows7-x64
5Validació...1).eml
windows10-2004-x64
3attachment-3.eml
windows7-x64
5attachment-3.eml
windows10-2004-x64
3email-html-2.html
windows7-x64
3email-html-2.html
windows10-2004-x64
10email-plain-1.txt
windows7-x64
1email-plain-1.txt
windows10-2004-x64
1image_2024...8Z.png
windows7-x64
3image_2024...8Z.png
windows10-2004-x64
3email-html-2.html
windows7-x64
3email-html-2.html
windows10-2004-x64
3email-plain-1.txt
windows7-x64
1email-plain-1.txt
windows10-2004-x64
1Resubmissions
17-10-2024 17:13
241017-vrvb1awdmb 10Analysis
-
max time kernel
145s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
17-10-2024 17:13
Static task
static1
Behavioral task
behavioral1
Sample
Validación correo malicioso o SPAM(1).eml
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Validación correo malicioso o SPAM(1).eml
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
attachment-3.eml
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
attachment-3.eml
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
email-html-2.html
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
email-html-2.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
email-plain-1.txt
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
email-plain-1.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
image_2024_04_09T20_41_14_468Z.png
Resource
win7-20241010-en
Behavioral task
behavioral10
Sample
image_2024_04_09T20_41_14_468Z.png
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
email-html-2.html
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
email-html-2.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
email-plain-1.txt
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
email-plain-1.txt
Resource
win10v2004-20241007-en
General
-
Target
email-html-2.html
-
Size
5KB
-
MD5
21e70e0f8d7626060afff9ba687be884
-
SHA1
55cefb75a97f60bb3bd3f073b920c2e0313fd0c8
-
SHA256
17df5310b0e1d2e3bae41bfe1d5ea8331e466c7cf6b59ac54a2080827a82c5e5
-
SHA512
73832972c40be78bb0bbf3897eb6a2fefb0b175b9e258f537755b1d2bcdb19b22616bc852eec8d4cb029c160a2a5df1c17e3c6ef30a703b77d9df230822eb212
-
SSDEEP
96:Z7kpKxGKfOHU9rCzz2++rNrdbsmpb2HIndzK4aTf9qWrvDmdkYxiozJhG:ZtyR+ZRws2ondzJBWzKmeE
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2792 msedge.exe 2792 msedge.exe 4212 msedge.exe 4212 msedge.exe 2828 identity_helper.exe 2828 identity_helper.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe 4952 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe 4212 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4212 wrote to memory of 3008 4212 msedge.exe 84 PID 4212 wrote to memory of 3008 4212 msedge.exe 84 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 4456 4212 msedge.exe 85 PID 4212 wrote to memory of 2792 4212 msedge.exe 86 PID 4212 wrote to memory of 2792 4212 msedge.exe 86 PID 4212 wrote to memory of 2724 4212 msedge.exe 87 PID 4212 wrote to memory of 2724 4212 msedge.exe 87 PID 4212 wrote to memory of 2724 4212 msedge.exe 87 PID 4212 wrote to memory of 2724 4212 msedge.exe 87 PID 4212 wrote to memory of 2724 4212 msedge.exe 87 PID 4212 wrote to memory of 2724 4212 msedge.exe 87 PID 4212 wrote to memory of 2724 4212 msedge.exe 87 PID 4212 wrote to memory of 2724 4212 msedge.exe 87 PID 4212 wrote to memory of 2724 4212 msedge.exe 87 PID 4212 wrote to memory of 2724 4212 msedge.exe 87 PID 4212 wrote to memory of 2724 4212 msedge.exe 87 PID 4212 wrote to memory of 2724 4212 msedge.exe 87 PID 4212 wrote to memory of 2724 4212 msedge.exe 87 PID 4212 wrote to memory of 2724 4212 msedge.exe 87 PID 4212 wrote to memory of 2724 4212 msedge.exe 87 PID 4212 wrote to memory of 2724 4212 msedge.exe 87 PID 4212 wrote to memory of 2724 4212 msedge.exe 87 PID 4212 wrote to memory of 2724 4212 msedge.exe 87 PID 4212 wrote to memory of 2724 4212 msedge.exe 87 PID 4212 wrote to memory of 2724 4212 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-2.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4212 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6b9246f8,0x7ffb6b924708,0x7ffb6b9247182⤵PID:3008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,8805005832493228684,7618879971822485882,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵PID:4456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,8805005832493228684,7618879971822485882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,8805005832493228684,7618879971822485882,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:82⤵PID:2724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8805005832493228684,7618879971822485882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:12⤵PID:1896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8805005832493228684,7618879971822485882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:1800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,8805005832493228684,7618879971822485882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 /prefetch:82⤵PID:3608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,8805005832493228684,7618879971822485882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8805005832493228684,7618879971822485882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:12⤵PID:4836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8805005832493228684,7618879971822485882,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:12⤵PID:3096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8805005832493228684,7618879971822485882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:12⤵PID:3108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8805005832493228684,7618879971822485882,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:12⤵PID:2596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,8805005832493228684,7618879971822485882,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5340 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4952
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:404
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4208
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD50a9dc42e4013fc47438e96d24beb8eff
SHA1806ab26d7eae031a58484188a7eb1adab06457fc
SHA25658d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f
-
Filesize
152B
MD561cef8e38cd95bf003f5fdd1dc37dae1
SHA111f2f79ecb349344c143eea9a0fed41891a3467f
SHA256ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA5126fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d
-
Filesize
6KB
MD5b5ea3c2a5cb9dcc410e35dbd38d2e477
SHA12e76ae2dcd3433458d3f95dc53416078799bacb5
SHA2564a0a4cccd8ba7d47027c5d729076bd3f16c3ca04b3665b98641874a684cc70bb
SHA5122623752e28dbc96e24f7d5ea06c0498de914c8ab9e6387246f12112b0c953d2fc7cbf1d59e741975dafbc9d68fb35bf2a2d2ccc4d1490d0451c1236f4937d8cc
-
Filesize
5KB
MD58c3097d7a702b3a7efb027b6afc7f264
SHA1b499cee97f5a65785f6df287acb81d49cb7f6981
SHA2569456511308affabc0a1665946fa57f842a778f593e4861c97f0c092ccf346071
SHA512d72498a03ee6d1235ec4c13caf9a167da51ab03b18f797452693fbb96b6bdbe305517c398bcb8be2667b5fc6ebb1a17aaa2da2e26e00af45871b6e4176acffaa
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD58213acc766a772f09c5e453c8f05168c
SHA1cc133929d95e2f2bebee07b1d5599141fe4d6a15
SHA256a37672e4f883d2d0822da656b13144aa4c3fa34a8164646fc46a5a43b0b46b80
SHA51217ddf3dd2eb2f7b2bd4092c1c23c47d2335bd2027ccbf030c7d4601d069a9c8b0a770cf1c430b86bb906529666f90739e0fbffb8d8b6f459d6db18567b39edb5