Analysis
-
max time kernel
147s -
max time network
152s -
platform
windows11-21h2_x64 -
resource
win11-20241023-it -
resource tags
-
submitted
03-12-2024 16:27
General
-
Target
z.html
-
Size
7KB
-
MD5
ccf4e49ccfb6b6c7c21c67e3ff3ce1a2
-
SHA1
8885cb5bf35f1609dd8deb1242867cac6acf4ef5
-
SHA256
939c07b5592d0c696c7f0d1b777ff5cc6e01fc1cde2b5a89f654e89455f4475e
-
SHA512
edb0de5a7ab01d7c5aee773c7ea4cbe69ab93c5efd91bd7ce697c15b2b3b9cd4521d86fcfecf417eda26a0f28195017d025d0840f2a4645e70d7121a0f32b851
-
SSDEEP
192:PN2x2BCIUM7JJTyFatSaEuf4bRcgboTEyEN:AxiUiCatS1a4bigbokN
Malware Config
Signatures
-
Detected potential entity reuse from brand MICROSOFT.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 13 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\z.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd200f3cb8,0x7ffd200f3cc8,0x7ffd200f3cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,11472502024035834180,1994497149567166815,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,11472502024035834180,1994497149567166815,131072 --lang=it --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,11472502024035834180,1994497149567166815,131072 --lang=it --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11472502024035834180,1994497149567166815,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11472502024035834180,1994497149567166815,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11472502024035834180,1994497149567166815,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11472502024035834180,1994497149567166815,131072 --lang=it --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11472502024035834180,1994497149567166815,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11472502024035834180,1994497149567166815,131072 --lang=it --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,11472502024035834180,1994497149567166815,131072 --lang=it --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,11472502024035834180,1994497149567166815,131072 --lang=it --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11472502024035834180,1994497149567166815,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11472502024035834180,1994497149567166815,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11472502024035834180,1994497149567166815,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11472502024035834180,1994497149567166815,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11472502024035834180,1994497149567166815,131072 --lang=it --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1880 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11472502024035834180,1994497149567166815,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11472502024035834180,1994497149567166815,131072 --lang=it --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11472502024035834180,1994497149567166815,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11472502024035834180,1994497149567166815,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11472502024035834180,1994497149567166815,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11472502024035834180,1994497149567166815,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11472502024035834180,1994497149567166815,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,11472502024035834180,1994497149567166815,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6332 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD55431d6602455a6db6e087223dd47f600
SHA127255756dfecd4e0afe4f1185e7708a3d07dea6e
SHA2567502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763
SHA512868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829
-
Filesize
152B
MD57bed1eca5620a49f52232fd55246d09a
SHA1e429d9d401099a1917a6fb31ab2cf65fcee22030
SHA25649c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e
SHA512afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8
-
Filesize
216KB
MD5e0f201369a644c10985c4e7398989203
SHA1eb7c158b72235926dbe45d916c639ac6a024cf8d
SHA2564d257088ade91f86795ad4be5da9ace891dd40896e065759d8e57bfd117061cb
SHA512489e4b83f6c378897522e5664dabbdea2d7d8ad4604c4ab8441d8b5e4f8c09091def4ab06184376b7d30e33eff798de5c7bb75faf88b07d328480df987de9fed
-
Filesize
288B
MD57a8823fe8676e0b9bc84aeab580fab96
SHA1c15501e0c1c93394bdb03794bbdde830c9472c3a
SHA2562d4ee2c3f4dee437b6398152cea653fb23f6fbbc34d91d6487b8fd1263d5bf21
SHA512e9800f8e81fe62a69196c73c84283fa032bfc83dfed0f76dc49a21756109c7bd6d1eadce9b025069fdf76f926150a86710b2ff04b790dfd689b9765947e7d167
-
Filesize
144B
MD55187f1f1cb0cc8d416b71bad567b0e5f
SHA14f60bbb3b58d32591262f81c7ff17a07ded1007b
SHA2569c79e8ef14712bb398a551e1055ea8c1cde43ad25aa591dc6acc16b84b7bc633
SHA512d345d99e872cac93e29dc74ac59afcff8f4919c19a775404a00718d35ec9423bf1f5d6053ee2dcdf44a0ec090a5294cfeed4a7f7cf08c197af927c3b27b4377b
-
Filesize
1KB
MD5a3805ab30c06c99cf4b04f5c61c44107
SHA1fd554896d8a3872bc881429a4da5f19dcaf5d169
SHA256f1c4abb3471e22fb272d5899bb4611714cc4abba722126c3ac99eac8351b3583
SHA512852b31955ddf311dd3de73d3ce54cd5a4bb7aa0e69337273e445742553f99714be2ee1a4e25f3315228249de62645c61ea2456410da524cbcbbd13227f8f1f4f
-
Filesize
6KB
MD5668e04dda11b76244d27599f7da7d17d
SHA1688b25648db6f51f8aaed511fc3002890a26c0cf
SHA25671001da9eb8d750a09c9a42c2bb9fe3e3c1e0f4fc33f655e2b1040ce61b96c81
SHA5122d2eda49756618ea2335920b99ce90bee1eea094a9bd44bcb316ae6c9d307e902e243fb1055fd06e86fa18a9c12098ae0258e0b4d7dc32bba462ab2ee28b314a
-
Filesize
5KB
MD5f6a2b1bf6abcd13dc127ac56b7c6bc22
SHA1872df07e5be5fa21d6f9e213475115704463d2f7
SHA25637bde8c6bd4c8d3c29d588a563fcfa2d530b4a01547ef7b69ced6382fefe68a7
SHA5128f02e8f1c8843522f5bd1b6f9c1b08c532f95ac63a58ecd80cbbcf64c4a616d8561f3d495d47ce13dcfe5bfa2f6ae7a0f4bc4362e912f3db926a0db44bf7a789
-
Filesize
6KB
MD5e20cd2a3ff28e36206da21119e86ffed
SHA18c600cd5a9c2adbbd8b39fbc4e40d30985ea3008
SHA256fcfff9c7ae34e0d8c3f64fc255768b161ff7a5c5ae16cad0483f0bf35b83ac76
SHA512c32f829baaca156f12cd8d1fa8b64691ec035ca34bd53456f4cf3ef5d632bd196e29cb2fe83c6527a27afa1183829695691d09c6215d107c2bf79354b99ed071
-
Filesize
5KB
MD5f3803e88c66a77de871c83908815ed2f
SHA1f61076883f2306c57c4704ea1d2b66177d3eeea8
SHA25693330a0013fed2e885b8fcd068aafe9dd5ca598f74449ab38b946f9f25535f32
SHA5126c9b1c1cff3a728f6cb46839ec77c398245d2654b42efb35e3619383a6d4245a5520975e62a72a6642dd70161d46f03914c79e243a33add978d119b04318733d
-
Filesize
6KB
MD59ac067ac2a9c0c2016ac7d732b2fcba2
SHA1ba2bfced4ed8ec56d8152e4195c13bf0a8cfeba5
SHA2560148d1e6dc478fd93c9e5101e19f61698f2a5fa30548c6bfd9ff7524aa0020f4
SHA5128912850fbed2a84246bd9a032e9b3c9c3adb2260a9f956bdf2d8694ddd09eb26af7f974639d5052ee5779d52c72eb7cd56596b27414f2ca967aa3da7d7348711
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
10KB
MD5a8aeb41cb5de2c897feddf8418023862
SHA1b15f31ee621047498cf857d7e3484262f1f8e62c
SHA25633081b3662b18422a3f4c4cf395c3512d8c36384df800c97e812ae1b0bef64ca
SHA512c416a79fe65c332e4e80de1170c9202b7d4aaedf6e9b67a577eba7f4dddb9cfea073bc25b3cf9a0a848c1e71ef2ffc317dbf03d304beb14767b75376aa8ff8b8