Resubmissions
21-11-2024 19:45
241121-ygnm9awjdy 821-11-2024 19:33
241121-x9rd6svrbz 321-11-2024 19:33
241121-x9hr2avrbx 121-11-2024 19:29
241121-x7eycsvqgw 10Analysis
-
max time kernel
7s -
max time network
7s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
21-11-2024 19:33
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win10v2004-20241007-en
General
-
Target
sample.html
-
Size
19KB
-
MD5
bf650a58ca906f12ccab9aa1a26b9f72
-
SHA1
3888b53a42a2a34552e0eb0dba603a4904997f6f
-
SHA256
11b1f38bd5223b65d4e000735e2e6c5ed3c2b4bb09803803b03881e9681442ea
-
SHA512
9e4b2c36b76ec8f9ac74cf8a6c539a9d46b94eedd34feec85da724333b6563b6d5ac0c96edd41d361cd446e52520eb8e99ec3c85f37ab8210913fc6eb17ab25d
-
SSDEEP
384:rI7PnT1ocy4MR4lbGaBvOUvhpNGoN60FB3WHOMlObz6r0sZIL2f541xCejiw:rk1ocy4/EaAUJpN/Nrbz6r0sZILU5ixN
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4308 msedge.exe 4308 msedge.exe 3484 msedge.exe 3484 msedge.exe 5100 identity_helper.exe 5100 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3484 msedge.exe 3484 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3484 wrote to memory of 3156 3484 msedge.exe 82 PID 3484 wrote to memory of 3156 3484 msedge.exe 82 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 2760 3484 msedge.exe 84 PID 3484 wrote to memory of 4308 3484 msedge.exe 85 PID 3484 wrote to memory of 4308 3484 msedge.exe 85 PID 3484 wrote to memory of 736 3484 msedge.exe 86 PID 3484 wrote to memory of 736 3484 msedge.exe 86 PID 3484 wrote to memory of 736 3484 msedge.exe 86 PID 3484 wrote to memory of 736 3484 msedge.exe 86 PID 3484 wrote to memory of 736 3484 msedge.exe 86 PID 3484 wrote to memory of 736 3484 msedge.exe 86 PID 3484 wrote to memory of 736 3484 msedge.exe 86 PID 3484 wrote to memory of 736 3484 msedge.exe 86 PID 3484 wrote to memory of 736 3484 msedge.exe 86 PID 3484 wrote to memory of 736 3484 msedge.exe 86 PID 3484 wrote to memory of 736 3484 msedge.exe 86 PID 3484 wrote to memory of 736 3484 msedge.exe 86 PID 3484 wrote to memory of 736 3484 msedge.exe 86 PID 3484 wrote to memory of 736 3484 msedge.exe 86 PID 3484 wrote to memory of 736 3484 msedge.exe 86 PID 3484 wrote to memory of 736 3484 msedge.exe 86 PID 3484 wrote to memory of 736 3484 msedge.exe 86 PID 3484 wrote to memory of 736 3484 msedge.exe 86 PID 3484 wrote to memory of 736 3484 msedge.exe 86 PID 3484 wrote to memory of 736 3484 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3484 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0c6c46f8,0x7ffd0c6c4708,0x7ffd0c6c47182⤵PID:3156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,527151771735096938,2670793136707911237,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵PID:2760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,527151771735096938,2670793136707911237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,527151771735096938,2670793136707911237,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:82⤵PID:736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,527151771735096938,2670793136707911237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:12⤵PID:2856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,527151771735096938,2670793136707911237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:1724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,527151771735096938,2670793136707911237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:82⤵PID:3468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,527151771735096938,2670793136707911237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5100
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3176
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4300
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dc058ebc0f8181946a312f0be99ed79c
SHA10c6f376ed8f2d4c275336048c7c9ef9edf18bff0
SHA256378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a
SHA51236e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa
-
Filesize
152B
MD5a0486d6f8406d852dd805b66ff467692
SHA177ba1f63142e86b21c951b808f4bc5d8ed89b571
SHA256c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be
SHA512065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a
-
Filesize
5KB
MD5456228741a41cc85cf3c9582d16462bc
SHA132c67c5364473b4663886c31b30b2f3759def855
SHA256eb5b9a6b08a0c3b887c258a549bbc01a6beada005c4ce7894f9a9b973941970d
SHA5124128da54dd20a97dda5b1da4ea3c53cc65404895733d36bcbae408db8059a87c9e6899a8dbb9db5ffca1de390165ad6c65e883817a8b0cff2149796dc43681d9
-
Filesize
6KB
MD56271b92a911e9f7f6b14803728646764
SHA16aaeadd71191589911194e245783d77fb9315365
SHA256f551f3623bfae7c12066d6564a7a63aec9c3ed07fc7b755f3264fb697ba8f5e7
SHA5120b02524aa8cd1ed8185fd0139727f27bcb49dbd3c46f7a967d2517796397e87e1624a3f30a31df0e376759aeebf95065850d22ad026a7fa0de9df3d57421b127
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5408eea18bb86b8995763fe16a0db0a89
SHA17c4d2894c450198af24422ebc06677063473cd73
SHA2563e6a612e81644d7ee2c9f3596aa00fd21bede3bff6ba839b9f8aab2a12a77331
SHA5129b0b7d6273db5ff31dacebcc01aa5cad19d4dfd65113b9e058caeb5356a143c0fbae09b12fc45a6740b5d9587f2ee49a8fabad4210662b63b07b03c9f576d91b
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58