Analysis
-
max time kernel
444s -
max time network
446s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
-
submitted
27-10-2024 18:11
Errors
General
-
Target
sample.html
-
Size
20KB
-
MD5
93ae068711fddac033745c00434407b3
-
SHA1
3f87ea1f2e1ce4b5cae8c6a0b89e81c56bfd6e3f
-
SHA256
a27afbea3ab59a6766862c29f9d75e632d660124ece1dd0e8eec17dbb678904a
-
SHA512
1dbc2f664d29c99041d1e3ce899b1c57f11bf048c5fd8b4858d9984b38c3b613ea620cff0c500dc44412bb156b2f89f16a450b3cb036bed605b5c178042922c7
-
SSDEEP
384:943wNwf8Sspa1ocy4T4lbGa+7vhpNZGvcdJPro2REu4Y0wM1OTfF1xCejiw:KwO0E1ocy48EaMJpNEvIJPrEu4Y0wM14
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
-
Drops file in Windows directory 4 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 42 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 27 IoCs
-
Suspicious use of SendNotifyMessage 14 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb355c3cb8,0x7ffb355c3cc8,0x7ffb355c3cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,15186534150961254304,11270598402319027486,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,15186534150961254304,11270598402319027486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,15186534150961254304,11270598402319027486,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15186534150961254304,11270598402319027486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15186534150961254304,11270598402319027486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,15186534150961254304,11270598402319027486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,15186534150961254304,11270598402319027486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15186534150961254304,11270598402319027486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15186534150961254304,11270598402319027486,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15186534150961254304,11270598402319027486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,15186534150961254304,11270598402319027486,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,15186534150961254304,11270598402319027486,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3404 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x0 /state0:0xa3a17855 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\bootim.exebootim.exe /startpage:11⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
62KB
MD56cb7e9f13c79d1dd975a8aa005ab0256
SHA1eac7fc28cc13ac1e9c85f828215cd61f0c698ae3
SHA256af2537d470fddbeda270c965b8dbdf7e9ccf480ed2f525012e2f1035112a6d67
SHA5123a40359d8e4cc8792be78a022dc04daed5c1cc55d78fe9cf3e061ea5587baa15023ce2152238f5be5cc5124cd468f220cf9dab54344d93edd3dfcd400b24469d
-
Filesize
152B
MD5d53f4d836e2571ad2df7e03d177a3090
SHA192b8403445936b304bda8ec0e6ac2d61f98b5fc4
SHA25684cd2d6ddd480bf3e6d7dd87d830026d18da0588e831c27e21f365d3d9cb40a3
SHA512f96ea17c87b58eb7840b4accff2006eb0c4721bd00ee4103bebb8bf680e6085ed522f5f5e0b20b8f99b00f38f468c58d72fd324a8d7e7a4d766a7c5a7a4de0f2
-
Filesize
152B
MD530a3d46144770a2ddc321ed69a8ace2b
SHA197b5ad312b5ea5be2d74389467bc9b19e6844f69
SHA25633b42bb3fd35b5602f994b0557b4fa6d6613decce4e50f1d7d33c2c7f1556f76
SHA51264bd2f4ff346b68d92a4730763e33f9dafb2af03bf71b619c6f9b393f02dfaa7d378b72c93b33d731417394c373ab7be51c3bbeaa93802302e5ec68fd7f7ff45
-
Filesize
5KB
MD5cea20d0f9d1de03ac0816de5dd38052b
SHA18a4e5fc80c169518d6dcbf7b818bc3108a398bc9
SHA256628aa1dfa632d8152f6b27df562504566b67aac7b017b2b750a6b9bc57b96585
SHA512af804dd29130894966328d6abb5c4e83dd85d5ff01766b3fd752783c5e20a8147c63ea4dcab7bd9ccd33a3019f49cbaa80fd9f57358910909fa86670dff7436d
-
Filesize
5KB
MD54a4247da7ad3bd674916aec72ecf1c49
SHA12d2d4ae3ff0d5fc7b25c7ffaa3217eea401428e9
SHA25652ce0e944c24fa7975ba8aebbd1cd38c6a5f1d817a3e4a7cf4b33891e9c011f7
SHA51259e2cf004bc1ea0187d91d58c1dfe1ab8ef1f905dd8c6853af8844523b3cb03c44dbf8e8654851ba49d0f8bbb5ee030aa3c88fb0572fa0615093a7d9f03eb573
-
Filesize
5KB
MD56bdb1f23b93662518e124ce09a927b3e
SHA1f34efac4a930d3ac85a6242801f394a7a5daa162
SHA2560fb6ec08ddda317342f5034258447dec1b125e6ff8275a24d1fedbaf894be7e4
SHA51278b36392816f7818984c0e6301e1fb1bbeeeb65ef484d0d089b89f65af0e63c83944fc96bbbdd2d3a1996cc5c84ad1c650ead3606843c0d9870b76da413e746b
-
Filesize
5KB
MD5a6815fca01ac8e1cc8d453456268e9e7
SHA1e0cfd5c5e07de6301d27051f35404b5736fb13ce
SHA2565ad5a7edc8bc3083b2be091abea0155996e99da9ef927c336ade5902f3b07de2
SHA512bb20bd99f99b6e56f8c86bddf0f21aad44260f0e9b10dff55584ab1a83d7f33877a6e1a98a50be85ee3ca6913794be2f8408a7b98b01ce486f7c0dca28778a39
-
Filesize
5KB
MD5df4c15d3b985e05f85285da600a60d69
SHA15862b0b679cfde99f1d9775721205b7563082d52
SHA256ed2fef8227dfbb36d20d122150496dff6db797c909a42ab3e24edb66820a3ee2
SHA51287e32ef01e4aec85ce59d48a9c92cdd59d4db082804a1542844f80056742b9459aab97f663be7122eb94eeb20c90e12a81a78cf5ec9a11136da51e8df574c590
-
Filesize
25KB
MD5dc785cefd19b82f9d2db56f22249003e
SHA1dec5216149767ccbeaa713c8bb74aa27bcfd396f
SHA256730edb21e78df15dd9db7b13fb4bad0c0184a75469f0c431f6c5965c7f6fbb6a
SHA512f3bb0510b6359204522516d076994e764fc418fe6623e17984ce771ef42dbf0f4335e6b890036f763b2e33a69a5b35f101fa3b9cef89790c4312a41ab7cb691f
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD56d09495cdb8c843ad7e7b3df02123481
SHA1438cf24cc8bcb187f4e9bb42e898d112d740f9a9
SHA256b9749c97955ef4753effc728496a26e4b6ec5e57fef72a175634a0f7fc19eff2
SHA5128f21601686c6e768226082b0fb34d1cd3e890ae08f6a5f80d0f855a7992b4d185ce6c55a94b2b49c47c920e97b74882bcd2f3ba18314dc04a4b73d0340cc2e95
-
Filesize
11KB
MD51a3ade27a9ddd6d907445164097690f8
SHA1d36556ce6d468f09bd7f1d3933443d168fae0e15
SHA2563beea3837d1823017862969b1d96af3fa30e1c3671971ea63feec935b54cbb7d
SHA512b1902930114c05c699fbe5af237c3a0f9b90395650c50b8e6a86de2af8a7a81bf286efca751f26ca576cc3838657df43825ff0788778d38983a37624800132f3
-
Filesize
11KB
MD5b3a5aaa4990e90717c7571d6a148cc5d
SHA120711c3b5deaf78eea6963f1c436dc951bb4cbbd
SHA2563ac02795b170a460c1a690588436d4f559ba0831abf8c8508cf183936298c825
SHA512835f6478b4e5fdc7bfbb11a2ee69daa53700e7a255c217dfaa6300c9b85c30a824112a38fcd57537692b885ad4b6786fe8d30c116347ccd0bfee96e15d9b4972
-
Filesize
1KB
MD5bb259564cb8529c151f06a2088f5ad3e
SHA1fdc38017589e47d31e281293d732b703de17ad95
SHA2569950dc180f39293336eed5fba22784ac3a8990590a39a1889bdc43770faee53a
SHA512c794f17c41f63ecea9e389b3036c695aca1555242cba59ede7e9728e939bc9baefdfa78d6078e2c7075d2fcd2d3da6bc3dbab3a461b9eb0982b50d371e52e9e2
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
