Analysis
-
max time kernel
112s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 11:06
Static task
static1
Behavioral task
behavioral1
Sample
65725e203c0e69bf610279ef4491a09edf77590746358dcb1bbee5d4f5d0d9e6N.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
65725e203c0e69bf610279ef4491a09edf77590746358dcb1bbee5d4f5d0d9e6N.html
Resource
win10v2004-20241007-en
General
-
Target
65725e203c0e69bf610279ef4491a09edf77590746358dcb1bbee5d4f5d0d9e6N.html
-
Size
286KB
-
MD5
a1c72f5b36bda5ebde672b96738f37c0
-
SHA1
1f23bc8fd8f8f166fadb5eba77cabd2b955ee6d0
-
SHA256
65725e203c0e69bf610279ef4491a09edf77590746358dcb1bbee5d4f5d0d9e6
-
SHA512
7ccc24950f9c698ea1191507efba932d1af964874cfcfb967630795548cb387206b5fa837b0b18fac65e6fb546448bd9a40aa0892263b135e8563cb5fa721d6d
-
SSDEEP
3072:ETDBX8YLQ9BPDTUm9KJHodBylBQFgtYOnBlrP1NXpSq4zjU29:ETB8YL2PfUm9KJHodByI
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 1304 msedge.exe 1304 msedge.exe 4856 msedge.exe 4856 msedge.exe 3440 identity_helper.exe 3440 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4856 wrote to memory of 4472 4856 msedge.exe 83 PID 4856 wrote to memory of 4472 4856 msedge.exe 83 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1340 4856 msedge.exe 84 PID 4856 wrote to memory of 1304 4856 msedge.exe 85 PID 4856 wrote to memory of 1304 4856 msedge.exe 85 PID 4856 wrote to memory of 1364 4856 msedge.exe 86 PID 4856 wrote to memory of 1364 4856 msedge.exe 86 PID 4856 wrote to memory of 1364 4856 msedge.exe 86 PID 4856 wrote to memory of 1364 4856 msedge.exe 86 PID 4856 wrote to memory of 1364 4856 msedge.exe 86 PID 4856 wrote to memory of 1364 4856 msedge.exe 86 PID 4856 wrote to memory of 1364 4856 msedge.exe 86 PID 4856 wrote to memory of 1364 4856 msedge.exe 86 PID 4856 wrote to memory of 1364 4856 msedge.exe 86 PID 4856 wrote to memory of 1364 4856 msedge.exe 86 PID 4856 wrote to memory of 1364 4856 msedge.exe 86 PID 4856 wrote to memory of 1364 4856 msedge.exe 86 PID 4856 wrote to memory of 1364 4856 msedge.exe 86 PID 4856 wrote to memory of 1364 4856 msedge.exe 86 PID 4856 wrote to memory of 1364 4856 msedge.exe 86 PID 4856 wrote to memory of 1364 4856 msedge.exe 86 PID 4856 wrote to memory of 1364 4856 msedge.exe 86 PID 4856 wrote to memory of 1364 4856 msedge.exe 86 PID 4856 wrote to memory of 1364 4856 msedge.exe 86 PID 4856 wrote to memory of 1364 4856 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\65725e203c0e69bf610279ef4491a09edf77590746358dcb1bbee5d4f5d0d9e6N.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4856 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcad9f46f8,0x7ffcad9f4708,0x7ffcad9f47182⤵PID:4472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,171356126300783870,12381119949237511803,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵PID:1340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,171356126300783870,12381119949237511803,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,171356126300783870,12381119949237511803,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:82⤵PID:1364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,171356126300783870,12381119949237511803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:12⤵PID:5028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,171356126300783870,12381119949237511803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,171356126300783870,12381119949237511803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:12⤵PID:1292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,171356126300783870,12381119949237511803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:12⤵PID:3176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,171356126300783870,12381119949237511803,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:82⤵PID:1672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,171356126300783870,12381119949237511803,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,171356126300783870,12381119949237511803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:12⤵PID:916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,171356126300783870,12381119949237511803,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:12⤵PID:1492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,171356126300783870,12381119949237511803,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:12⤵PID:3920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,171356126300783870,12381119949237511803,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:12⤵PID:3660
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2044
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3184
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5bffcefacce25cd03f3d5c9446ddb903d
SHA18923f84aa86db316d2f5c122fe3874bbe26f3bab
SHA25623e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405
SHA512761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7
-
Filesize
152B
MD5d22073dea53e79d9b824f27ac5e9813e
SHA16d8a7281241248431a1571e6ddc55798b01fa961
SHA25686713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6
SHA51297152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD54d8b6372777964f8377d411f2d500bbc
SHA1ee1639b51e72c6bbc1311e5d2410fbace1636452
SHA256779b566789aba285561007b0cd3f66b76a5825e3c96c51024a3b3c5fceedfe1b
SHA512d4428803ae49ae7a8721189fa388629a97c1427a3a0940b3d583838a87c3b7c4149b59afc28cb483c1aa4864edf290c91dd25c99414a0b80a1caa2924937249e
-
Filesize
1KB
MD5f503084cffce3939e24ba620823bb004
SHA17d7cf7e456745422251dfbc8dd9f8fbfe2b47a37
SHA256b1604b1e1e43e4e0c7cbef5b05d43ad4390ff4382614112f90f74941ec7dbb25
SHA512025945c20f91d03dca7e5583703d7ef7bfbc9ced044a6b8e0f1353b7de05b4bafe60f9f2da5902c84c44ad536fa7d61bf46a664dc979541442a1fb760f541015
-
Filesize
5KB
MD54f42f85986e073270ffcfbea94acc71e
SHA155f7b58b27c0a0eea782d08d27b19166ed0330a5
SHA25659983e7040006249dd15aad7147192a6f7579e4f0b42ed3c2bc0c9da4ebcbc2b
SHA512e863c2ef3362a3125e2dfb4c75d3e6660fcbed8d05466aefd3105e270ee950c254dbf5cf53cc2d8c7f9726da011623180511bf13c38276e4418b1f5e66884093
-
Filesize
6KB
MD5619b519f0c083d8d74c957981aa9ce4f
SHA1fe3a10986ac7ada276d6cea168507caea01f6c60
SHA2565e68e096465a9a36d5af5e10bfed458e03d6fc7efb1224d3e24d5fd3f1d6580d
SHA5124c6f5cd0790aeb4110a23b4e95a96f1f23083290b4edb52b2f9ddc022e05b8239679f69e5ef64e5646ddd7a4568d80cd4233b6453adbce87f8667aa642a813cb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD52045bfd2fbc0d2621d50662b6b102d0e
SHA1783b3d895fe286f549f6d45d6a9098a389348b3f
SHA25631beca310b007359c86c68e31e2f2074d08a2ed59869941a154f249ee32c15ed
SHA5120ab7efe23c031d4c2dff7f5f852032ab2ec06c1bbe246c7ebe553983018a8809a847d8ad19c4d7074a45a51d1fa8819d6cf8d0fbee50486cacc6206cdd550894
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58267e.TMP
Filesize48B
MD5415a18168fbed808933f19f8375ea542
SHA1fe252752f19525c801d1c9c8949296a2b10b2845
SHA256f2e22d6620c27387650566e5cb82f1865809a4a9b86187b4f37108e701bf5fb3
SHA5125166acace8ab65b890e9b64636e178a0ebc415e23b5f0165daf31199709d6e5ee531e186b058441abad93f80827d74c5a84ab98397ba532d5ff5f80fb8caedd3
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD570c221991db2cb3b4f3f604561e3e908
SHA196e6499cc1dbb2e16b12acdbe813ca6e596585d4
SHA2562bfe36180a5b2694dffb202b662fd1ddc31d0a21d468f41f4c960b377c88c5b4
SHA51259da4c40ba02d9aa8fa64c1f02810dadffd995eda15d3e6223f015cd8c0c4659cee00746874b7416b6dfa1496bb80764e76c74248d31a4e46d5b3530e920d4fb