76f5e69a69072d21752284e29dd87d4c6563552f5d1e56359508248b9a5e99db

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-01-2025 20:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VirusShare_005b93f47b373357864bb926a7f6df8c.html
Size

125KB
MD5

005b93f47b373357864bb926a7f6df8c
SHA1

58aa32bcc48445d16adb273f1022fb3da22927db
SHA256

76f5e69a69072d21752284e29dd87d4c6563552f5d1e56359508248b9a5e99db
SHA512

ddf1d422c980355e81982ea2aaf1bc6b2d206098a93dc4d8c024e98bbeb69d867c70bfc7f685952a4e4835537e079c47a350c58008b883493f8ba61446ca8c50
SSDEEP

1536:69JEEJXF9BxmCjanDD9BVZfkjnJKlf5wrw+iA:6lJXbXmCjanfVZfcZ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1188	msedge.exe
1188	msedge.exe
396	msedge.exe
396	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe
1320	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
396	msedge.exe
396	msedge.exe
396	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 396 wrote to memory of 4924	396	msedge.exe	83
PID 396 wrote to memory of 4924	396	msedge.exe	83
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 3628	396	msedge.exe	84
PID 396 wrote to memory of 1188	396	msedge.exe	85
PID 396 wrote to memory of 1188	396	msedge.exe	85
PID 396 wrote to memory of 4368	396	msedge.exe	86
PID 396 wrote to memory of 4368	396	msedge.exe	86
PID 396 wrote to memory of 4368	396	msedge.exe	86
PID 396 wrote to memory of 4368	396	msedge.exe	86
PID 396 wrote to memory of 4368	396	msedge.exe	86
PID 396 wrote to memory of 4368	396	msedge.exe	86
PID 396 wrote to memory of 4368	396	msedge.exe	86
PID 396 wrote to memory of 4368	396	msedge.exe	86
PID 396 wrote to memory of 4368	396	msedge.exe	86
PID 396 wrote to memory of 4368	396	msedge.exe	86
PID 396 wrote to memory of 4368	396	msedge.exe	86
PID 396 wrote to memory of 4368	396	msedge.exe	86
PID 396 wrote to memory of 4368	396	msedge.exe	86
PID 396 wrote to memory of 4368	396	msedge.exe	86
PID 396 wrote to memory of 4368	396	msedge.exe	86
PID 396 wrote to memory of 4368	396	msedge.exe	86
PID 396 wrote to memory of 4368	396	msedge.exe	86
PID 396 wrote to memory of 4368	396	msedge.exe	86
PID 396 wrote to memory of 4368	396	msedge.exe	86
PID 396 wrote to memory of 4368	396	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\VirusShare_005b93f47b373357864bb926a7f6df8c.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce47c46f8,0x7ffce47c4708,0x7ffce47c4718
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,1576303248796912475,8674878926369399608,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2252,1576303248796912475,8674878926369399608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2252,1576303248796912475,8674878926369399608,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,1576303248796912475,8674878926369399608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,1576303248796912475,8674878926369399608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,1576303248796912475,8674878926369399608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,1576303248796912475,8674878926369399608,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5ce0b2a890a44c9cb368ec95b1505239

SHA1
ef2f67d7c7277fb49ac175d03245719ef09199b8

SHA256
1a326b71a4948b58e7f4d46034c90450ea22890f94f3d64406cf7e2ec7e4962c

SHA512
8df61cadcb9c8f482632e72de423985506eea9aefae5bf9b3299ed5dfd989c9d238fa013f3c250e1b7bf5db29c387d87eb7cc73c724bb09ef24de298354c5623

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
32c05438003cf0848adb15843abd17bc

SHA1
832c485854b851fee956d86e209a29f530c2150e

SHA256
8367765476ad292235978f0bee3bdafec0053f14b996b04201299ddb75ad1a11

SHA512
fd2e32befec989ff906f3d411b44d2f3fb927c6b4c590b3a15e2e7bf2da53a299d918968d20545466281696d67eba4eeba5287e8d66a79123650d76148d7cf24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
10c03994cf7ec142465228ea848ef05e

SHA1
f0c415beb3e6bbed8a3e46ffa52b4b8857c565f0

SHA256
686f367e14b367ceee4a2b9bae5d73b5baae4154098e228fb8824845469eb0e2

SHA512
f679a7c36895714f5c8b07789a4e171f43ea2d366e0a78e26b238198a9618636657a8ad98689a0cf580dead9afd6e67a82216a504be2c7e0c9fee502604fc991

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
3a3785678f4b0483d0f7a0976c8833cf

SHA1
963201a6b8fdf0e67d975d6a96ed45fe418b70b0

SHA256
bb8d3f37b0025025bb6a4baaff37a8b240973a2bd7ed05a3c0c11075435831fb

SHA512
d175b042e5a930c3c2f4f60f49d4d5a24fd90d884a0a3f87169358a4a248283e4ee151335c0325e1486d40b73793b23b48183e9d41196fc6963300e0bf469504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580460.TMP

Filesize
699B

MD5
6f4edb09691a71493956dd9bb8cac28d

SHA1
67ad550b3dae8b8525d6810a3800ece3c296be5f

SHA256
31ffdd8a5c13590523535276061f9ee4a46712ec0e8ea72a112fafe982891803

SHA512
6be98584afd90a081753b97b4dfe79967ed78a307565c33b10bc1750ddcd3c760a04b7678bf409879f59e976c14041f74c248d804e92c18e64b0122fb1d71661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6a7f2f287b691bbfdf269a3594316245

SHA1
17994bad60325ae9a4152d1f524879e4aa4a6f85

SHA256
1c71def6cda90d3c3b7bd7a0614436dbc77ba7ae1fc8da7754d457fa35bcb779

SHA512
eaa93448ca83743f079485a9d916dc0a2962af652977c6a01c5087b380b2fcd6b24ecc7e3d9bfe771f0685df98a814fd9e3d45cf94db03ad0967e74450e3ee0d

Download Submit