Resubmissions
04-12-2024 20:49
241204-zl8dwszrc1 304-12-2024 20:47
241204-zk7qzazqh1 304-12-2024 20:47
241204-zkt5wawmhk 504-12-2024 20:45
241204-zj17sswmdm 504-12-2024 20:44
241204-zjk6kszqbt 304-12-2024 20:42
241204-zhdecazpfs 304-12-2024 20:42
241204-zg22bazpet 704-12-2024 20:41
241204-zgm76azpds 304-12-2024 20:35
241204-zc576swjgk 704-12-2024 20:32
241204-zbbl6szlgv 3Analysis
-
max time kernel
22s -
max time network
23s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
04-12-2024 20:44
General
-
Target
Payslip_Amendment12009.htm
-
Size
5KB
-
MD5
931df36f406e0f5495c5d77fa91bf035
-
SHA1
01bbb0abb4f14451a48800e47d203732bc139920
-
SHA256
09dd2d9fe7934ea2d88ab8a7d13a824bb462e73d9d2d982e26d8f9a35646e5d5
-
SHA512
df882dd9eb3f6ed9290cb5b764653afdb3833bac947e6b18124454394380b1fc7cf6a7c5b7001108266aeb50813f6b5905e6bf94507f3116e76e66049bba1351
-
SSDEEP
96:ekUhhhIFDkrQJoSheziDftDIhfBDIEDHhDhiDgBhDMDftDIsjNhFiDIEDIfDhyDl:6hhhIFDkrQJoSheziDftDIhfBDIEDHhD
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\Payslip_Amendment12009.htm1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd446646f8,0x7ffd44664708,0x7ffd446647182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,4204908907062739722,3372106020362336040,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,4204908907062739722,3372106020362336040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,4204908907062739722,3372106020362336040,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4204908907062739722,3372106020362336040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4204908907062739722,3372106020362336040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4204908907062739722,3372106020362336040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4204908907062739722,3372106020362336040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4204908907062739722,3372106020362336040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,4204908907062739722,3372106020362336040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,4204908907062739722,3372106020362336040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4204908907062739722,3372106020362336040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4204908907062739722,3372106020362336040,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4204908907062739722,3372106020362336040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4204908907062739722,3372106020362336040,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4204908907062739722,3372106020362336040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4204908907062739722,3372106020362336040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4204908907062739722,3372106020362336040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4204908907062739722,3372106020362336040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4204908907062739722,3372106020362336040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4204908907062739722,3372106020362336040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5b8880802fc2bb880a7a869faa01315b0
SHA151d1a3fa2c272f094515675d82150bfce08ee8d3
SHA256467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812
SHA512e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2
-
Filesize
152B
MD5ba6ef346187b40694d493da98d5da979
SHA1643c15bec043f8673943885199bb06cd1652ee37
SHA256d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73
SHA5122e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5ce0c5ce5d6656b9406efcf7afbdafc16
SHA1d58dc9d2ecf353259c4dece75be5488298d63b38
SHA256cc02d41923d2c4c17f37bc2f9d85c9140e6b48f96097b82add71d99af9c6a41c
SHA512e9dd357dc32e94dc594df8cc31a04a28e32cb69fd3134db1d49aabdf63fc1030d49a3733ab05d9b19f67d1013e59eb720828e2e8590223fdf8623cb3be255984
-
Filesize
6KB
MD5e6a9bbd7b51cb87d90dae67497af7f70
SHA168bcb3e3aa6d8eb705c4af4226172e8d92f4088c
SHA2568b0b1bc1de54c3f3b8dd6ef4a7d1ebbfd1541ffd68be7b0d0182487e55361ab2
SHA5128e86f3682dd4a07b5380267f63c1f026c4aa18852949f518e03137b270412ef886d355a14905f3076a6710638bae5334032abd2aea777215114e9ebbb9d5b046
-
Filesize
96B
MD5ee7687a93d5f7db56bdea505f47fb48d
SHA14ac230f45491c42772d14a6352e4c720037fad7c
SHA256d9367ad186a6e22902037e26f8793a2dfdbd93c9665dbd8a870919cf074da47f
SHA512c3679b16009e75e135d911ee99a20b70e0a88f7a4a0394f58460ca772fa6492b02f1f69616049294b4b92f99086c395dba4ebdd47010573e719d7d6e0d34bd5b
-
Filesize
48B
MD59131e3ff0964684edb3466da0f0b0458
SHA1a3a6060efeb6b0b467850425e265d946e6794998
SHA25629b6d75e2d7aaf29d9d0d65edf3c25ba9e3adf0558e5721d090738837503f70a
SHA51221d37210afcafff19878ea74afbf284ff486867335780e810d82213d2217c7718bead3588af06604167be384532e38f133d2d5edae94d4d16b68464dc956b857
-
Filesize
96B
MD572afc92c02977a260cfbc766d30893be
SHA122d78b2dd4797f0039a5b190d9c6d680734d6ce0
SHA256aa6c2b525a807810c4652b22d2c811ab835d30eeb6b7fd18c4616d2af430829e
SHA51228299756db5c6d6872b42a2d73046d2894e25d7222bebf22e99a3a88b6de71713b7d4d8b4fd1b9c30f5f34204161d4915ccd5caf368e9e6a3522d5d8ffe695a6
-
Filesize
48B
MD56c8318e5ca0a080bb53bf084bc22c09f
SHA199860ad36c44f6798f4b5ef466733039c7cec55d
SHA256e26554b31ddd625a39b9a9d0ae674740d5d2cc8f134f52271c2c9aa38c392ac2
SHA512d5858ecb93b69021a9c820a9cad7740ee93682c7ff29a82e38492f2686fe12f9c1fe75414a622bfb1e657711d1afcf9ad95d5aafe91a3151eb5b1683055200ea
-
Filesize
107B
MD575a640c7e16a7e58262e4177c54dab7f
SHA101975fa0220d0abcaa23be65485072ad3ff00f2b
SHA2564f7fd14ddac8f7cd7ae64786f8c8fa781ddba7edeb2b04fed5032bfc59575cbe
SHA5126fe59ad069088e0a09af3d2e80f2328fe04ccd18750a50dc1b62694538c4947e8796ef1429f43838d30018566e27042e34e334ed43ca63e28fbd039835f26db6
-
Filesize
181B
MD53390c51d9ecac46423bfa3afca61b232
SHA1c104aff606da01d981a529c8eb58de12ac9d545e
SHA256c2546c5e636233899c9356a2a959ba239e41fa4bf2a15994b4880a758710f690
SHA5125cd9b3bd11fd3938085e52a70b1adcf48511f64bc4593b621f739356a9f6fee2322b79da6ca640e6f2c0099078e3f019d28432e797167706ad8a1b9f8696cf7f
-
Filesize
1KB
MD53c00758a8b41a330bbbe793536bdc954
SHA13290bcabe4b6151ae41749a75aa6c1db237d14f9
SHA2568c66e0e418a5693dcd4a0d6d6c7a549c01013ace9707393c2d686f75e38f1df4
SHA5126085cf60c1f76a76fdc4d462fd0ed8950d6a7fe27b33a53ccd817cfa716a4ee9bae812f3bc8e4098853328e88e974221986c1df62f1ff3b9710ff11fd35979cc
-
Filesize
204B
MD50667412652db1d4f299d61533b191714
SHA12baf15ca8f5cc8eaf443ba95f169ea64063f7443
SHA2567571abbf6475e59fb95ce99b00eb14c8799ffed80163084edbed8155ece583b1
SHA512c55070c9660002c40e5f39aa42ccb043f1373d13b204d3d7cdcd01ef790bc57e0b9e0f9af7488e4c817c69bde6061ab3fa54ecab5f3aef66a647d05d8c73d5f2
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5250e24eb2ac4335545d3335d866e1a02
SHA1b4e0ab945a2711062ac159cf86e38371430301cd
SHA256330e851e5478ff52f27533d9714ba20551e902902e9f4da25c21f9347469249c
SHA5127d7bac26a1c403dd40b81c131f05eff65938d3416efecb5a3b9f510b8d75c2d8985e724643ab5e5deb1717210714b88bef5d000a19c992102104227d0d82007d