a31ab95f1cd95d696e7b127f5d750cde6a227bbc8f12202bfde6889f8bddfea5

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
17/02/2025, 20:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

some-samples-master/0138333b333805fa0baf93f6d0ccf342.html
Size

3KB
MD5

0138333b333805fa0baf93f6d0ccf342
SHA1

a77bf28547fc0f7da297353b88239c416a8be4c0
SHA256

7b4e065405ee4c2a4823ed3fed74da74fb72bb7067fbc3a8f763b9f375efba4c
SHA512

b3de560b49414189c5f0a674eaf07e51857d1dc73b0b3d4fe70827edbcfc92d70252b105d9b438c24f751102b6fd0fe898dbcaee1e4664d27440368c9a1205fe

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4384	msedge.exe
4384	msedge.exe
2108	msedge.exe
2108	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2108	msedge.exe
2108	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 1912	2108	msedge.exe	83
PID 2108 wrote to memory of 1912	2108	msedge.exe	83
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 1712	2108	msedge.exe	85
PID 2108 wrote to memory of 4384	2108	msedge.exe	86
PID 2108 wrote to memory of 4384	2108	msedge.exe	86
PID 2108 wrote to memory of 856	2108	msedge.exe	87
PID 2108 wrote to memory of 856	2108	msedge.exe	87
PID 2108 wrote to memory of 856	2108	msedge.exe	87
PID 2108 wrote to memory of 856	2108	msedge.exe	87
PID 2108 wrote to memory of 856	2108	msedge.exe	87
PID 2108 wrote to memory of 856	2108	msedge.exe	87
PID 2108 wrote to memory of 856	2108	msedge.exe	87
PID 2108 wrote to memory of 856	2108	msedge.exe	87
PID 2108 wrote to memory of 856	2108	msedge.exe	87
PID 2108 wrote to memory of 856	2108	msedge.exe	87
PID 2108 wrote to memory of 856	2108	msedge.exe	87
PID 2108 wrote to memory of 856	2108	msedge.exe	87
PID 2108 wrote to memory of 856	2108	msedge.exe	87
PID 2108 wrote to memory of 856	2108	msedge.exe	87
PID 2108 wrote to memory of 856	2108	msedge.exe	87
PID 2108 wrote to memory of 856	2108	msedge.exe	87
PID 2108 wrote to memory of 856	2108	msedge.exe	87
PID 2108 wrote to memory of 856	2108	msedge.exe	87
PID 2108 wrote to memory of 856	2108	msedge.exe	87
PID 2108 wrote to memory of 856	2108	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\payload.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb319d46f8,0x7ffb319d4708,0x7ffb319d4718
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,13254378676933092552,9348713258077309141,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,13254378676933092552,9348713258077309141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,13254378676933092552,9348713258077309141,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13254378676933092552,9348713258077309141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13254378676933092552,9348713258077309141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,13254378676933092552,9348713258077309141,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f5da507c2059b715761792e7106405f0

SHA1
a277fd608467c5a666cf4a4a3e16823b93c6777f

SHA256
8c1d99de087ac5f2e7b2afce66eff36a646bef46800c0c1d7737d6f0df74b7e8

SHA512
01c92729dd8061aa122b116a674c73bb78016f66d2cb8f7fb64907352758a825e87a1e345334386440699d2a6d1e17baccb400c5aee151eb64e64019cbebb870

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3c6e13dc1762aa873320bed152204f3c

SHA1
38df427d38ca5ce6ce203490a9fb8461c7444e12

SHA256
5c441148843b7c8dbff4c4a72962a532aaf0bdd484d07a03dd9a32fd461b1371

SHA512
133054cb042e11013bfdad1bd11e3407d08cf26a66d0743bea9708d261aa904a1047bb0097b187ecf8436cb6cff3bec28c89e435862cad0e0fa264799556b70c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4cb8cd13be9e86dcf42738436b77d790

SHA1
5b3faa45f89c1d516b26a3c818ddb6e7cec77740

SHA256
b780fd7c33db8c21c7ba4a355a0bcc5c1d2a2687f44c66c2b3fc7325f7d2f54a

SHA512
b99ca414f69ba573d2add7cbf8a80f351c0fc72d7f43c2c46f1384384cbb38c6be0982be0f6d9868570376be5925ae79a652ae20738bf777878b35e31cc0625f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
468fc4e70551d2b29ff81ab7fb881140

SHA1
cc943b61429cb21d283fdf113e9adf33cb560609

SHA256
9bac785ca961c2f798072236291e5a82009b16af143956bba183ed7a25daa9ec

SHA512
39eb4460da4a10b3dcddfa52ace736d8d7ac70ac39023a0c788d74dfd0c1df43ca8a2bd36c1a0ce84a40b03139601e4fa918f9321449d5be2433555695106f91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
06a11e1dfffc13f1eea091b2f9c3e46c

SHA1
ff06a3e0ffb40b33bee378a7f3fdb91f7d421dad

SHA256
97b50dea6080a1558c694f517ab2818b35cf138afdd31f4a10a7e5dd60f5df5f

SHA512
8d922c1ca8445bf506d7779d4472e09005abdac4e2ea434aa29d6f56458dabf940fa3d6fb561e56c256d5eee06c1d98a41c12e2ed196d629457a4ea4056d7688

Download Submit