Resubmissions
27-11-2024 12:41
241127-pwtclstmev 727-11-2024 12:39
241127-pvpb9szpdn 427-11-2024 12:34
241127-pr879sznfq 427-11-2024 12:31
241127-pp1hcazmhq 3Analysis
-
max time kernel
37s -
max time network
34s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241023-en -
resource tags
-
submitted
27-11-2024 12:39
General
-
Target
AudioMssgTranscript.html
-
Size
6KB
-
MD5
5f8226265e55a1412f69eea0efde97f5
-
SHA1
160197e23952f22229dcb2fa3f02c42beacf290b
-
SHA256
8d54380a335242aac708aae09bbe3dae493264e2285ad3a64a7a78c962eb8f6a
-
SHA512
bb7e0bb1e14faad31b77bdbe26fe69b746e8454146c463cebf004e738a458373d250df2218f9b15ba11c0054a19f693bfad127900841e6569bee5535d54552db
-
SSDEEP
192:9DoDh/yDFDkrQBftDIeoShezo/yDIEDIhDgfDIEDIhoDDIryge+5ID5hydhDDfQn:9DoDh/yDFDkrQBftDIeoShezo/yDIED5
Malware Config
Signatures
-
Drops file in Program Files directory 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\AudioMssgTranscript.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff8904146f8,0x7ff890414708,0x7ff8904147182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3257620091480182596,18240257146327167675,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,3257620091480182596,18240257146327167675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,3257620091480182596,18240257146327167675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3257620091480182596,18240257146327167675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3257620091480182596,18240257146327167675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3257620091480182596,18240257146327167675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3257620091480182596,18240257146327167675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3257620091480182596,18240257146327167675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3257620091480182596,18240257146327167675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3257620091480182596,18240257146327167675,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,3257620091480182596,18240257146327167675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6160 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings2⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff66ba15460,0x7ff66ba15470,0x7ff66ba154803⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,3257620091480182596,18240257146327167675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6160 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3257620091480182596,18240257146327167675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3257620091480182596,18240257146327167675,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3257620091480182596,18240257146327167675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3257620091480182596,18240257146327167675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3257620091480182596,18240257146327167675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3257620091480182596,18240257146327167675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ef84d117d16b3d679146d02ac6e0136b
SHA13f6cc16ca6706b43779e84d24da752207030ccb4
SHA2565d1f5e30dc4c664d08505498eda2cf0cf5eb93a234f0d9b24170b77ccad57000
SHA5129f1a197dccbc2dcf64d28bebe07247df1a7a90e273474f80b4abd448c6427415bace98e829d40bccf2311de2723c3d1ad690a1cfdcf2e891b527344a9a2599d8
-
Filesize
48B
MD5b820ac4767f3b29ab50027401c89a194
SHA1966f3a75c417ca19d0ffa9eee1b2a6405b3262e3
SHA2564e42f2e2412f22d92216730ee2be850b326bac5f26f3f61b9032bb4757163ba7
SHA5128004c39805294a1a585c5ce9f2325d02200aa31df5b1ce41e01fce96f3eb2cdaf5c8b62d4f7b99e4b863614a5d16b6e6c460e2bd4f451beff6e94b8ba4bb8b7a
-
Filesize
696B
MD54ea2bd8b56320e667764f9f150ec1fd1
SHA157dd2cfafa30f8ee5d5d270520fd71ea39930eec
SHA256b6a9bc0b674ccc97be86d88165414df475dc189288711a240f6d1b23203af5ca
SHA51278ee66add8c06b3785fa412516c677228067f13a5a7fdbeb35a125dae346bf5c55858beae1248e9944bc86eb69df39ddddcd6d6bd08690121c9b4fca108bb40b
-
Filesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
Filesize
5KB
MD5b08b5e2b6e4908c2d01bdb0a76f03aa9
SHA1b619ef33c9d42113fd102c464b273edccb799a0e
SHA2565187429efe8fb96d2d5113e5482e58b0c19a91b99e2528490331eb768e04dc6d
SHA51202e264ff778fa75beb12651a4129d5074e9a188eee5809bc393309f9cd81eaa317793b183600e6aac8faa2feba0c8f5a1a283379f2d59057124191d4772bcbdc
-
Filesize
5KB
MD5ea0f432f810481acf18c455e8bd7b25f
SHA13115928875fd8218d35aa1e717a525b3d04bbcfe
SHA256dc99cd0c92d0e620870366ed59a5cfd42915b0f19760a88728a8371715fb809f
SHA51287f94f25c77199b27846bc5c5657a187c03e24310def2657946a0443e8cee79a07e75743e5b68e40ea90476d7948844628026bcd6e188927d4329f9008edc23b
-
Filesize
24KB
MD560d82bd601d64fd00bb0373f5ecd65b8
SHA10e8bde426270dfa3ea285c2c5b7282ab37771d4c
SHA256bdec91a5061c6a400ef33c2dca5b1d0c16c1fe9e464f8ec99a72442b752e6a97
SHA5125ea1b33784438acd246c02c95716f72c78293bc8d8e8e6d71aeaab370ae9fc2063ba8ffa443bbfc26c96e45a95549b62894b846a459c986531b34a110d0be38d
-
Filesize
24KB
MD50e98d1679e15688ad133f11eee8458ee
SHA1a4b1a83f0a3f2867954d3146d95d314441950606
SHA2568aa7eaf918f2969424996a8f3575478006d9d74b308a750f996fe4f5f045554e
SHA512eb34d52a8df4992444000a93c8d0d11254069b5f43a68a6def21061be03a538f36c42b2e968a8637f12b93235de3140002b0212aa2cdebe0950fd115c04bc72f
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
1KB
MD54f1927876d3c1c893c130ce8f5f9b4db
SHA1062c507d5ef58e0d5842a6f21d5da4a867c64545
SHA25639f0e3cb2335ca8c86c54d970bead02864f971ddaee200cd65bb3019ececa8b1
SHA512eb82a95f68800aac7e6f12801530b068260fce4a49b03664b7a7ea4f12970bb020c7a42e12a01655a8ff29f36d289fb90a2fb6bd477bdcf2ac01c70528284434
-
Filesize
1KB
MD5b0d322a88ddb0b9e874c74eb9e6d7dee
SHA11523ce0ce8d8743d48c3707d0de32c3fc7671ef6
SHA2560f310e0c4cb18ea3cb3de69828bdf50659751065ce570818b2c885978b8c0720
SHA51237e2a1ba7065c8c927477e6a33862834eac66dcb9706f70e25cbfeec03d74f09e164edd1c8b10620454068b6395bdeb664db20d7c6b9a6a602c2b55f7830c5a3
-
Filesize
204B
MD5465ef6e988e2f56a22d1f9614c0a534e
SHA1152d78fe22d7923382631eb2442c9b51e45b0fdf
SHA25625121ceb9564991d126f5f51cb0db927fb1ea13e301ae75d08b917d6b6eb8bc3
SHA512cb87ab217e2f71a04c3c55271b11e0a6931af0006c714e8b57aa21dda8713723121cf95ea32f5ae2d94462f2e1f378a726fe3e60ee116419a8ae084d0cbb0575
-
Filesize
5KB
MD5f2da5d6445d3640cc4d0393f4e974a94
SHA162deb6f5bc4ce864a3f26bb064d777e39098682a
SHA2561dde9c64e6b82e6723b019dfc6cf2d4411ba2ac6bebdffa4b9ef2c2e8244e5e5
SHA5125ff4d784b26fcad90bead04ba480b3fd714ba0954b9d8a6deded03322a663d5d4ad6e06ee729440acc5ad4f197af920f4065471cbce83632a2228c23ac11e2a3
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
8KB
MD5c3ab000286b9b24bee29f70aa0dc3a6f
SHA171dd5366bf80f43cc180f5c51691c26614715e54
SHA25681178068042d7fb3fb5a8535fd76b19ead2435a6a0eef6866a636a73069470c7
SHA512766c296c2662083851a47318ca5493dcdb5fbab58149094858ff9ab19b01a6e09cdfb43b902aa7970e62806c3af2a736b21da2e6ce0f5f678e036fb45484b228
-
Filesize
3KB
MD5e2ff660cde5a083c6005d7d46949338c
SHA1be34099ed3eb80b600f2b9e30132ead338d95cda
SHA25686979f1f237bde7599ec07f4c09cd3dc9ba83bc03b0665e1cbfd17292768ec99
SHA51228de0543c99873e737b1acda8d3b8f63a20461126a231036847b6fc9fe1e0e4a58205b148d22b366dbe8e06a2ac7854d8dd4de6e6db9563c4c965a582d3ef610
-
Filesize
3KB
MD512a9a4bdb8377de8907e7158d8de1919
SHA1db25bc4c1e20a73b09826560101a834563c01f99
SHA256783a9a209468bb90d4c7e025117f1a6faf9891630d74fb4838629c5c6e1efbb4
SHA51246007b37ca01516f9e33a36bc3842db7748aa462412a8280f71683b2f9f74ce88c12e20da1b9212bdfa2a703ad677ee7eed1f648f3ba2c1385ab0e1025e8a7bc