Overview
overview
10Static
static
10some-sampl...1.html
windows7-x64
3some-sampl...1.html
windows10-2004-x64
3some-sampl...0ff.js
windows7-x64
3some-sampl...0ff.js
windows10-2004-x64
3some-sampl...2.html
windows7-x64
3some-sampl...2.html
windows10-2004-x64
3some-sampl...04ed7b
ubuntu-24.04-amd64
6some-sampl...2.html
windows7-x64
3some-sampl...2.html
windows10-2004-x64
3some-sampl...60.exe
windows7-x64
some-sampl...60.exe
windows10-2004-x64
some-sampl...5f4.js
windows7-x64
3some-sampl...5f4.js
windows10-2004-x64
3some-sampl...5fc.js
windows7-x64
3some-sampl...5fc.js
windows10-2004-x64
3some-sampl...6fd.js
windows7-x64
3some-sampl...6fd.js
windows10-2004-x64
3some-sampl...ed5.js
windows7-x64
3some-sampl...ed5.js
windows10-2004-x64
3some-sampl...9.html
windows7-x64
3some-sampl...9.html
windows10-2004-x64
3some-sampl...bb5.js
windows7-x64
3some-sampl...bb5.js
windows10-2004-x64
3some-sampl...4.html
windows7-x64
3some-sampl...4.html
windows10-2004-x64
3some-sampl...e.html
windows7-x64
3some-sampl...e.html
windows10-2004-x64
3some-sampl...a4f.js
windows7-x64
3some-sampl...a4f.js
windows10-2004-x64
3some-sampl...0f6.js
windows7-x64
3some-sampl...0f6.js
windows10-2004-x64
3some-sampl...7.html
windows7-x64
3Analysis
-
max time kernel
145s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20250217-en -
resource tags
arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system -
submitted
17-02-2025 20:54
Static task
static1
Behavioral task
behavioral1
Sample
some-samples-master/000c817925bc84f700337ac1307bb1b1.html
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
some-samples-master/000c817925bc84f700337ac1307bb1b1.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
some-samples-master/00c5a99a4a45fd4fa41f2a1dcf8690ff.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral4
Sample
some-samples-master/00c5a99a4a45fd4fa41f2a1dcf8690ff.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
some-samples-master/00d2876c4ad4ef3bfefe452f55da9432.html
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
some-samples-master/00d2876c4ad4ef3bfefe452f55da9432.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
some-samples-master/010c1e2ffb9d2fc30a429b7db204ed7b
Resource
ubuntu2404-amd64-20240729-en
ubuntu-24.04-amd64
Behavioral task
behavioral8
Sample
some-samples-master/0138333b333805fa0baf93f6d0ccf342.html
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral9
Sample
some-samples-master/0138333b333805fa0baf93f6d0ccf342.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
some-samples-master/0157d50dcd839afb5ec4b79cae965360.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral11
Sample
some-samples-master/0157d50dcd839afb5ec4b79cae965360.exe
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
some-samples-master/015f8027e55c523a326dd06a1082b5f4.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral13
Sample
some-samples-master/015f8027e55c523a326dd06a1082b5f4.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
some-samples-master/019be7ae89b0e13eb1b0f1ceb1d355fc.js
Resource
win7-20250207-en
windows7-x64
Behavioral task
behavioral15
Sample
some-samples-master/019be7ae89b0e13eb1b0f1ceb1d355fc.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
some-samples-master/01ac76f3ad93c942aa0c88ff747d06fd.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral17
Sample
some-samples-master/01ac76f3ad93c942aa0c88ff747d06fd.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral18
Sample
some-samples-master/01c3927bd930a986d3eb6b8662527ed5.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral19
Sample
some-samples-master/01c3927bd930a986d3eb6b8662527ed5.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral20
Sample
some-samples-master/01cf52ba3d0b385551b1d9fcad2e7b59.html
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral21
Sample
some-samples-master/01cf52ba3d0b385551b1d9fcad2e7b59.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral22
Sample
some-samples-master/01d8f0b4a1bef3acef8ec448a640bbb5.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral23
Sample
some-samples-master/01d8f0b4a1bef3acef8ec448a640bbb5.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral24
Sample
some-samples-master/01e080585e79879ea4e54844a2737d84.html
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral25
Sample
some-samples-master/01e080585e79879ea4e54844a2737d84.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral26
Sample
some-samples-master/01ed8720e305d7f53ee7cf91f1e4ca8e.html
Resource
win7-20250207-en
windows7-x64
Behavioral task
behavioral27
Sample
some-samples-master/01ed8720e305d7f53ee7cf91f1e4ca8e.html
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral28
Sample
some-samples-master/02150a19ad62efe92ebb7bc8a15daa4f.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral29
Sample
some-samples-master/02150a19ad62efe92ebb7bc8a15daa4f.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral30
Sample
some-samples-master/02169ba27d563c5b0bcf3cae3910a0f6.js
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral31
Sample
some-samples-master/02169ba27d563c5b0bcf3cae3910a0f6.js
Resource
win10v2004-20250217-en
windows10-2004-x64
Behavioral task
behavioral32
Sample
some-samples-master/027159c684c78666d4a1eac52f89cd57.html
Resource
win7-20241023-en
windows7-x64
General
-
Target
some-samples-master/01ed8720e305d7f53ee7cf91f1e4ca8e.html
-
Size
82KB
-
MD5
01ed8720e305d7f53ee7cf91f1e4ca8e
-
SHA1
39258cbf87dd414a8e81f60ee023ce1d138b3080
-
SHA256
c9e6b16ee832c784cacf282d87b1e59f5a863a774a42e9a2dea19ba759a495f8
-
SHA512
c0554a0835902297cca0853a5f881bbe6e7caed5f4051c405003767163a58927fcdf78063f50243b7fd86e340756f51b036cdaa18e4a608125aa1ca51fd7aa60
-
SSDEEP
1536:sryWV9WlDhl/UAwzeszexze6zeu3WgZOaxhlYolyIjL:sr4BF3EaxhlYolyIjL
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2028 msedge.exe 2028 msedge.exe 4232 msedge.exe 4232 msedge.exe 4132 msedge.exe 4132 msedge.exe 4132 msedge.exe 4132 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4232 msedge.exe 4232 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe 4232 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4232 wrote to memory of 3224 4232 msedge.exe 83 PID 4232 wrote to memory of 3224 4232 msedge.exe 83 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 1952 4232 msedge.exe 84 PID 4232 wrote to memory of 2028 4232 msedge.exe 85 PID 4232 wrote to memory of 2028 4232 msedge.exe 85 PID 4232 wrote to memory of 3488 4232 msedge.exe 86 PID 4232 wrote to memory of 3488 4232 msedge.exe 86 PID 4232 wrote to memory of 3488 4232 msedge.exe 86 PID 4232 wrote to memory of 3488 4232 msedge.exe 86 PID 4232 wrote to memory of 3488 4232 msedge.exe 86 PID 4232 wrote to memory of 3488 4232 msedge.exe 86 PID 4232 wrote to memory of 3488 4232 msedge.exe 86 PID 4232 wrote to memory of 3488 4232 msedge.exe 86 PID 4232 wrote to memory of 3488 4232 msedge.exe 86 PID 4232 wrote to memory of 3488 4232 msedge.exe 86 PID 4232 wrote to memory of 3488 4232 msedge.exe 86 PID 4232 wrote to memory of 3488 4232 msedge.exe 86 PID 4232 wrote to memory of 3488 4232 msedge.exe 86 PID 4232 wrote to memory of 3488 4232 msedge.exe 86 PID 4232 wrote to memory of 3488 4232 msedge.exe 86 PID 4232 wrote to memory of 3488 4232 msedge.exe 86 PID 4232 wrote to memory of 3488 4232 msedge.exe 86 PID 4232 wrote to memory of 3488 4232 msedge.exe 86 PID 4232 wrote to memory of 3488 4232 msedge.exe 86 PID 4232 wrote to memory of 3488 4232 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\payload.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4232 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffee4c46f8,0x7fffee4c4708,0x7fffee4c47182⤵PID:3224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1114906239475302639,7939380961443944771,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:22⤵PID:1952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,1114906239475302639,7939380961443944771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,1114906239475302639,7939380961443944771,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:82⤵PID:3488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1114906239475302639,7939380961443944771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:2220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1114906239475302639,7939380961443944771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:12⤵PID:4640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1114906239475302639,7939380961443944771,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4132
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1932
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1976
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD56738f4e2490ee5070d850bf03bf3efa5
SHA1fbc49d2dd145369e8861532e6ebf0bd56a0fe67c
SHA256ca80bbae3c392e46d730a53d0ee4cfecbbe45c264ad3b3c7ee287252c21eaeab
SHA5122939edf5e6c34c9ea669a129a4a5a410fbbd29cd504dc8e007e9b3b3c7fbb9bea8c14d6177ac375d0c481995774a02d210328569231cb01db07b59452333b22b
-
Filesize
152B
MD593be3a1bf9c257eaf83babf49b0b5e01
SHA1d55c01e95c2e6a87a5ece8cc1d466cc98a520e2a
SHA2568786fd66f4602e6ed3fa5248bd597b3f362ffa458f85207eaa154beb55522348
SHA512885b09dd3072921f375eedb5f0575561adc89700ecfbe999bc3e5ea1d7cb45e19d85c5e420f2c0a12b428742e1110e66f4ceecbe5a6badddd36cc9e0aff48e52
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
6KB
MD5df4b6a520a5b49fc3cec4a055142c08f
SHA1341a7f5deffb4be26444cafa6772610aedcc9f06
SHA2568db3122b17a7bc910a2fa6c8a52b7d4775a74ff10b4a7149a3c67233b2ab5bfa
SHA5125f8379d568427972db1790029cd80c14f808dc006d85b9e69a7138940c9878d48f72eab2d010edbc373da9966e3aef7565c8abb820cfc3cbde43e73f967fd6b6
-
Filesize
6KB
MD5e5a57ca8bb0e5ae99d02c4a026730069
SHA1c30a0428833ecdf3553fa2f9444dec87e29caa7f
SHA25687903afbc538f7a914c6aad22bfb057a88ee6ca61c20b181d570bacde634e497
SHA512fbe26afbdd05dc8962994692fb241320cfdb5fc326f4668b0d9f3d53678d7ec0afbd7d320c87837c8055f6a3b687a7b74f0ee7de85f68e674af38f2a4092cab6
-
Filesize
10KB
MD587b3614bc237f61dda4367ad1d6001db
SHA195234761c15d137cf2673046edf73c8b2e149997
SHA256b9b285e65ad723f15f053da443a90637bfa2abf1be22ac8d72e8abdaeed9b2d0
SHA512780d956dae9225b717dce94589587d4c0a5d2e16265cc43c25abcf94cd1985f2f0ccc6286b7dbfa7e0837e45f79dbef4543fd3822aff9b07ae770b4e53caad99