Resubmissions
13-12-2024 20:04
241213-ytcrhszkhq 313-12-2024 19:58
241213-yp8cmaxqh1 1013-12-2024 19:57
241213-ypg6fazkfr 413-12-2024 19:55
241213-ym6e9axqgz 3Analysis
-
max time kernel
1680s -
max time network
1684s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
13-12-2024 20:04
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20241007-en
General
-
Target
sample.html
-
Size
8KB
-
MD5
be3ab1d1fc19b664b3de254beb3086ef
-
SHA1
e944fdcb2d62e379c71624fa6e2815afd3cf7fba
-
SHA256
d94750830fcd3dadb1d2343135f5136042d63451712272a2d7c496d50940efaa
-
SHA512
bb9ba4db70d7315c21ee1497178418f0a6cd3a27f406595621f0fee4643168c9dd806d5dc01178004cd498224e093778d17faea78be1f890e8580b1d23c5c3e4
-
SSDEEP
192:PN2x2BpZge0zxfu/phJmw1fx+G4xrECBk1GVDSkXybwN:Axi0zxfaJpVlARGhwN
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3800 msedge.exe 3800 msedge.exe 872 msedge.exe 872 msedge.exe 2068 identity_helper.exe 2068 identity_helper.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 872 wrote to memory of 5052 872 msedge.exe 83 PID 872 wrote to memory of 5052 872 msedge.exe 83 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 2280 872 msedge.exe 84 PID 872 wrote to memory of 3800 872 msedge.exe 85 PID 872 wrote to memory of 3800 872 msedge.exe 85 PID 872 wrote to memory of 2896 872 msedge.exe 86 PID 872 wrote to memory of 2896 872 msedge.exe 86 PID 872 wrote to memory of 2896 872 msedge.exe 86 PID 872 wrote to memory of 2896 872 msedge.exe 86 PID 872 wrote to memory of 2896 872 msedge.exe 86 PID 872 wrote to memory of 2896 872 msedge.exe 86 PID 872 wrote to memory of 2896 872 msedge.exe 86 PID 872 wrote to memory of 2896 872 msedge.exe 86 PID 872 wrote to memory of 2896 872 msedge.exe 86 PID 872 wrote to memory of 2896 872 msedge.exe 86 PID 872 wrote to memory of 2896 872 msedge.exe 86 PID 872 wrote to memory of 2896 872 msedge.exe 86 PID 872 wrote to memory of 2896 872 msedge.exe 86 PID 872 wrote to memory of 2896 872 msedge.exe 86 PID 872 wrote to memory of 2896 872 msedge.exe 86 PID 872 wrote to memory of 2896 872 msedge.exe 86 PID 872 wrote to memory of 2896 872 msedge.exe 86 PID 872 wrote to memory of 2896 872 msedge.exe 86 PID 872 wrote to memory of 2896 872 msedge.exe 86 PID 872 wrote to memory of 2896 872 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:872 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd1c046f8,0x7fffd1c04708,0x7fffd1c047182⤵PID:5052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,1070519426956665346,9779880155327224530,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:22⤵PID:2280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,1070519426956665346,9779880155327224530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,1070519426956665346,9779880155327224530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:82⤵PID:2896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,1070519426956665346,9779880155327224530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:1304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,1070519426956665346,9779880155327224530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:3832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,1070519426956665346,9779880155327224530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 /prefetch:82⤵PID:184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,1070519426956665346,9779880155327224530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,1070519426956665346,9779880155327224530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:12⤵PID:1832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,1070519426956665346,9779880155327224530,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:12⤵PID:376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,1070519426956665346,9779880155327224530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:12⤵PID:4988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,1070519426956665346,9779880155327224530,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:12⤵PID:4524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,1070519426956665346,9779880155327224530,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1204 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4448
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1032
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2756
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD585ba073d7015b6ce7da19235a275f6da
SHA1a23c8c2125e45a0788bac14423ae1f3eab92cf00
SHA2565ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617
SHA512eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3
-
Filesize
152B
MD57de1bbdc1f9cf1a58ae1de4951ce8cb9
SHA1010da169e15457c25bd80ef02d76a940c1210301
SHA2566e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e
SHA512e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c
-
Filesize
6KB
MD520798c62c3f54f1d3bbc0a2fcf032462
SHA18e66b9dbde9f36f52d2abb8422cef942ff714aa7
SHA256ae2530d1b5bf19b527eb053f5dafcc8d8408d8ca5f0507e59720a2897dfeea5c
SHA5120b788994dd47839e81e68da57764a05d6bb8baa96967fb34c06799afbeb9e1d75be861f6088df4a7e16f1a5a982b344ef0d748621fdf75200d351b0edaa52863
-
Filesize
6KB
MD5024e97a28899bd0884bb287a78e369af
SHA12c65c40074d4238ea983f771f325e1fedae70b28
SHA256e78c35359fdcc5b00c12af40c6c9226d745c330c76d882389cbc34e199feca07
SHA51214a950535448a2088a6d05a1785472b4563b3e4af0aebf40c24adcea04e800a26bd88a1a078557dcfd7a5325f7287716091ffed8e45890216094ad0209e105a2
-
Filesize
5KB
MD5d2ff8c92abd8686d4434704e8ca931f0
SHA135a5621d03eceb366f4d726a710dbea77f1401b6
SHA25664e7d6722b081cddf7ed3b0bc90c3e3e394180655cbfe3ad6aa95da52720cb4d
SHA512852539993c1fee07e0266f711ab44bf073ece70c7ba7a2625d44835d8118f645600cfa3a701236f1c2c7fc13e9c30d8349074ca4091dbdd0fd2cf2b2ee9bba37
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD563ae6e6c2d6434faef1afd7f02ebb3c8
SHA1ad862f497bb6286ab01fdae8b9e913ab1ec392a7
SHA256f4d58cab9a7904701992fba4e6d475e7929d7400a6f28e15da45760f826422e2
SHA5129f96d18cb3c9106f92efd914fa528674e5c3ca3aa839bbef494468502fcc377b9f8772a27707d9eaf1d0cfd8eec90a4eca6733ad14fec25a5cefc2693d4a7d14