Overview
overview
10Static
static
10some-sampl...1.html
windows7-x64
3some-sampl...1.html
windows10-2004-x64
3some-sampl...0ff.js
windows7-x64
3some-sampl...0ff.js
windows10-2004-x64
3some-sampl...2.html
windows7-x64
3some-sampl...2.html
windows10-2004-x64
3some-sampl...04ed7b
ubuntu-24.04-amd64
6some-sampl...2.html
windows7-x64
3some-sampl...2.html
windows10-2004-x64
3some-sampl...60.exe
windows7-x64
some-sampl...60.exe
windows10-2004-x64
some-sampl...5f4.js
windows7-x64
3some-sampl...5f4.js
windows10-2004-x64
3some-sampl...5fc.js
windows7-x64
3some-sampl...5fc.js
windows10-2004-x64
3some-sampl...6fd.js
windows7-x64
3some-sampl...6fd.js
windows10-2004-x64
3some-sampl...ed5.js
windows7-x64
3some-sampl...ed5.js
windows10-2004-x64
3some-sampl...9.html
windows7-x64
3some-sampl...9.html
windows10-2004-x64
3some-sampl...bb5.js
windows7-x64
3some-sampl...bb5.js
windows10-2004-x64
3some-sampl...4.html
windows7-x64
3some-sampl...4.html
windows10-2004-x64
3some-sampl...e.html
windows7-x64
3some-sampl...e.html
windows10-2004-x64
3some-sampl...a4f.js
windows7-x64
3some-sampl...a4f.js
windows10-2004-x64
3some-sampl...0f6.js
windows7-x64
3some-sampl...0f6.js
windows10-2004-x64
3some-sampl...7.html
windows7-x64
3Analysis
-
max time kernel
147s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20250217-en -
resource tags
arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system -
submitted
17-02-2025 20:54
Static task
static1
Behavioral task
behavioral1
Sample
some-samples-master/000c817925bc84f700337ac1307bb1b1.html
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
some-samples-master/000c817925bc84f700337ac1307bb1b1.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
some-samples-master/00c5a99a4a45fd4fa41f2a1dcf8690ff.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral4
Sample
some-samples-master/00c5a99a4a45fd4fa41f2a1dcf8690ff.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
some-samples-master/00d2876c4ad4ef3bfefe452f55da9432.html
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
some-samples-master/00d2876c4ad4ef3bfefe452f55da9432.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
some-samples-master/010c1e2ffb9d2fc30a429b7db204ed7b
Resource
ubuntu2404-amd64-20240729-en
ubuntu-24.04-amd64
Behavioral task
behavioral8
Sample
some-samples-master/0138333b333805fa0baf93f6d0ccf342.html
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral9
Sample
some-samples-master/0138333b333805fa0baf93f6d0ccf342.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
some-samples-master/0157d50dcd839afb5ec4b79cae965360.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral11
Sample
some-samples-master/0157d50dcd839afb5ec4b79cae965360.exe
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
some-samples-master/015f8027e55c523a326dd06a1082b5f4.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral13
Sample
some-samples-master/015f8027e55c523a326dd06a1082b5f4.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
some-samples-master/019be7ae89b0e13eb1b0f1ceb1d355fc.js
Resource
win7-20250207-en
windows7-x64
Behavioral task
behavioral15
Sample
some-samples-master/019be7ae89b0e13eb1b0f1ceb1d355fc.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
some-samples-master/01ac76f3ad93c942aa0c88ff747d06fd.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral17
Sample
some-samples-master/01ac76f3ad93c942aa0c88ff747d06fd.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
some-samples-master/01c3927bd930a986d3eb6b8662527ed5.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral19
Sample
some-samples-master/01c3927bd930a986d3eb6b8662527ed5.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
some-samples-master/01cf52ba3d0b385551b1d9fcad2e7b59.html
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral21
Sample
some-samples-master/01cf52ba3d0b385551b1d9fcad2e7b59.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
some-samples-master/01d8f0b4a1bef3acef8ec448a640bbb5.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral23
Sample
some-samples-master/01d8f0b4a1bef3acef8ec448a640bbb5.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
some-samples-master/01e080585e79879ea4e54844a2737d84.html
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral25
Sample
some-samples-master/01e080585e79879ea4e54844a2737d84.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
some-samples-master/01ed8720e305d7f53ee7cf91f1e4ca8e.html
Resource
win7-20250207-en
windows7-x64
Behavioral task
behavioral27
Sample
some-samples-master/01ed8720e305d7f53ee7cf91f1e4ca8e.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
some-samples-master/02150a19ad62efe92ebb7bc8a15daa4f.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral29
Sample
some-samples-master/02150a19ad62efe92ebb7bc8a15daa4f.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
some-samples-master/02169ba27d563c5b0bcf3cae3910a0f6.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral31
Sample
some-samples-master/02169ba27d563c5b0bcf3cae3910a0f6.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
some-samples-master/027159c684c78666d4a1eac52f89cd57.html
Resource
win7-20241023-en
windows7-x64
General
-
Target
some-samples-master/000c817925bc84f700337ac1307bb1b1.html
-
Size
16KB
-
MD5
000c817925bc84f700337ac1307bb1b1
-
SHA1
f915dfe7bf6721ad96cdde36774a68dcffab2f19
-
SHA256
79dfcff48dbafb3622d04cd48638db5154894868c73a186e9d84f3877ac3e9f5
-
SHA512
c795e2ed9da16c070802a464074076922e346ed5569add1b269e5e8d271f524b336a099a5f7a0ae6f5f2032ead5d112bbab7d02e20398ca45c8839b6d835a6bf
-
SSDEEP
192:Pz2UUXOUM+6Bk4CfLEb6ehNXNlsqBsXw++nnl2:qUMOU36G4KwRB++nM
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4968 msedge.exe 4968 msedge.exe 4056 msedge.exe 4056 msedge.exe 708 msedge.exe 708 msedge.exe 708 msedge.exe 708 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4056 msedge.exe 4056 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe 4056 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4056 wrote to memory of 2288 4056 msedge.exe 81 PID 4056 wrote to memory of 2288 4056 msedge.exe 81 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 2356 4056 msedge.exe 82 PID 4056 wrote to memory of 4968 4056 msedge.exe 83 PID 4056 wrote to memory of 4968 4056 msedge.exe 83 PID 4056 wrote to memory of 4984 4056 msedge.exe 84 PID 4056 wrote to memory of 4984 4056 msedge.exe 84 PID 4056 wrote to memory of 4984 4056 msedge.exe 84 PID 4056 wrote to memory of 4984 4056 msedge.exe 84 PID 4056 wrote to memory of 4984 4056 msedge.exe 84 PID 4056 wrote to memory of 4984 4056 msedge.exe 84 PID 4056 wrote to memory of 4984 4056 msedge.exe 84 PID 4056 wrote to memory of 4984 4056 msedge.exe 84 PID 4056 wrote to memory of 4984 4056 msedge.exe 84 PID 4056 wrote to memory of 4984 4056 msedge.exe 84 PID 4056 wrote to memory of 4984 4056 msedge.exe 84 PID 4056 wrote to memory of 4984 4056 msedge.exe 84 PID 4056 wrote to memory of 4984 4056 msedge.exe 84 PID 4056 wrote to memory of 4984 4056 msedge.exe 84 PID 4056 wrote to memory of 4984 4056 msedge.exe 84 PID 4056 wrote to memory of 4984 4056 msedge.exe 84 PID 4056 wrote to memory of 4984 4056 msedge.exe 84 PID 4056 wrote to memory of 4984 4056 msedge.exe 84 PID 4056 wrote to memory of 4984 4056 msedge.exe 84 PID 4056 wrote to memory of 4984 4056 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\payload.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4056 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc531346f8,0x7ffc53134708,0x7ffc531347182⤵PID:2288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8950134944191597686,3208760757167369241,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵PID:2356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,8950134944191597686,3208760757167369241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,8950134944191597686,3208760757167369241,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2588 /prefetch:82⤵PID:4984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8950134944191597686,3208760757167369241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8950134944191597686,3208760757167369241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:4272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8950134944191597686,3208760757167369241,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:708
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2380
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3660
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e4e54650fb0a7903f379034c9d82ac20
SHA1d919492abb1872dadf1cd7bb06ee2b5015054077
SHA256e5f9de12025a9ba17526352d4087a562df4db1a174441a12473fef875b8523e6
SHA51206da3dcaf3033c152da33c0c5b633a759317ba9846deff164830364f7482057ff80870e0da0037601bdbda679952a527ffae6d4714d38b5ce89ea8e5395a707c
-
Filesize
152B
MD5aa378723292221de057e05f75936b4c2
SHA1d1d52fca8f9ce32735017b9ef3e76c3be33fc2a6
SHA25648c30b3381ea9417e0c9e02534294378d28d61b6a382294d8096dd5417b6982b
SHA512f150891a568036089dd727d5d8613fd86e0b528f95ca2887a1be937f59f0e450f2d79fb8b63149abdc47b72bf20085b444e8f8188e221a6fefba08149c7360fd
-
Filesize
5KB
MD5c6458139a46a69ee6cb1847db94f3f16
SHA1a8586714a1a8ea6d1b919f8338bfa6fb3be0e247
SHA256c628747b46fd5a05efdf38065eb4c7082b418302e3b91f7d0ef30c62e99fb22f
SHA5124dff0c8f76e7e48698966ee13b44b235aea663ea3e388839d8b423702a7698bb094f555ccf70231b60f17214fe6a21ce6492ce1e8f7264f1b1316606444c3834
-
Filesize
5KB
MD55bb3416f4547cc08262f278376af1c54
SHA185d70e60009dae400e144bb7b8d9b2ebc76380fe
SHA256bd60927719020b6e03ebaa2bc4a1b4f90a0a5cb604795b045269c894f7b576a3
SHA512b439de1e33603577bda33e7333925e38a719fb238048775c3f75ff5859fc2ac13a61fd5fa8128892800515d84e4e261be179684dd7a93be837f7f20e5037122b
-
Filesize
24KB
MD512998953cab3415bfd740ab071b9889e
SHA1b919bede30bfaccd6f058062ef2483e136f23077
SHA256015eb45910f2258fbf839b8f0188e679555a70f90de7fa6828e49b4e328c2259
SHA512912e9c06836623ab1a75b9ba7670454f8ba129811478a35561d6a16b5291b6ef34a206af810e5877c49464c264661bfa37666dc7360afdd906b63093582ede58
-
Filesize
10KB
MD5553a4c1f7bcedb911cf1861f97b0931f
SHA136c8c2fc95016512207be2242bbc37e10396e362
SHA2560ca21c6303c612cf6cd7fa593e258910d9ff445bfa551328441995bf19172d66
SHA51292a08c0b2134753991f017f70db5c8b6f92d8fa53e720bdd8bd93b164fed364a965a4ab86236f376d7c941a5fe711c381179d7b569cd63027076fc5e1620c860