Overview

overview

10

Static

static

10

quarantine...K.html

windows7-x64

3

quarantine...K.html

windows10-2004-x64

3

quarantine...C.html

windows7-x64

3

quarantine...C.html

windows10-2004-x64

3

quarantine...24.exe

windows7-x64

4

quarantine...24.exe

windows10-2004-x64

5

setup.exe

windows7-x64

1

setup.exe

windows10-2004-x64

7

quarantine/ht.exe

windows7-x64

10

quarantine/ht.exe

windows10-2004-x64

10

quarantine...Yj.exe

windows7-x64

10

quarantine...Yj.exe

windows10-2004-x64

10

quarantine/pic5.exe

windows7-x64

6

quarantine/pic5.exe

windows10-2004-x64

6

quarantine...m.html

windows7-x64

3

quarantine...m.html

windows10-2004-x64

3

quarantine/random.exe

windows7-x64

quarantine/random.exe

windows10-2004-x64

quarantine..._2.exe

windows7-x64

3

quarantine..._2.exe

windows10-2004-x64

3

quarantine..._3.exe

windows7-x64

10

quarantine..._3.exe

windows10-2004-x64

10

quarantine....0.exe

windows7-x64

10

quarantine....0.exe

windows10-2004-x64

10

quarantine...r.html

windows7-x64

3

quarantine...r.html

windows10-2004-x64

3

quarantine...g.html

windows7-x64

3

quarantine...g.html

windows10-2004-x64

3

quarantine...t.html

windows7-x64

3

quarantine...t.html

windows10-2004-x64

3

Analysis

  • max time kernel
    30s
  • max time network
    11s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-02-2025 19:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    quarantine/ORaMflC.html

  • Size

    162B

  • MD5

    1b7c22a214949975556626d7217e9a39

  • SHA1

    d01c97e2944166ed23e47e4a62ff471ab8fa031f

  • SHA256

    340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87

  • SHA512

    ba64847cf1d4157d50abe4f4a1e5c1996fe387c5808e2f758c7fb3213bfefe1f3712d343f0c30a16819749840954654a70611d2250fd0f7b032429db7afd2cc5

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\quarantine\ORaMflC.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1912
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd0aa46f8,0x7fffd0aa4708,0x7fffd0aa4718
      2⤵
        PID:1172
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13040552930392076540,3591166693969834282,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
        2⤵
          PID:1756
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,13040552930392076540,3591166693969834282,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1216
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,13040552930392076540,3591166693969834282,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
          2⤵
            PID:636
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13040552930392076540,3591166693969834282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
            2⤵
              PID:1856
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13040552930392076540,3591166693969834282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
              2⤵
                PID:4688
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,13040552930392076540,3591166693969834282,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
                2⤵
                  PID:4744
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,13040552930392076540,3591166693969834282,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:764
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13040552930392076540,3591166693969834282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
                  2⤵
                    PID:4456
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13040552930392076540,3591166693969834282,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
                    2⤵
                      PID:3040
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13040552930392076540,3591166693969834282,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
                      2⤵
                        PID:5008
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13040552930392076540,3591166693969834282,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
                        2⤵
                          PID:2548
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:3200
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:908

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            dece6c717c1c6a88ab10ed5d9f2f0257

                            SHA1

                            1ce1c431a5d2cd690b7a2b4f1ab5bb706f6eecb8

                            SHA256

                            611f0215a192bbd14d5a42d35f73e7bca48e1b718e1fae2107ebb1c04f11fe00

                            SHA512

                            80b14f0477f364864b3d4972382128baffae7aa6cb6df894ee27faf52aee1863a657e1299199a41cc99f20d2f278c2bbfb058bd5d820b0893aefcbb7408df4c2

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            f91980b62b90d41317a04af356dce089

                            SHA1

                            d24d7d9d58401c252aa827eaf85314679882dff1

                            SHA256

                            ef8000aef9ee91a897870d123c0ff9c5e880b1bd65721f07ce5cfa36c9b4d92e

                            SHA512

                            75b1ca2beac89adc1bbb783b9d445f29d356f6276e0c076454a572f84e517326234aa003caae802e39579f3250197f9332dbcd15620172e9784b62a1b7dc0726

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            64e53cbbe4952c3e0c731dacd567cfec

                            SHA1

                            b02b6de70e0362e3c87e7afa34ce1aed90afc963

                            SHA256

                            9a94f98c452581b51c63411ef87e5dfbe698b7b9d92d592b409d5fe41b1059c1

                            SHA512

                            d8372402b54cce00eb195473f33102c23be6d3d16e8104f83d9695440e79c5c85cd5c0341665ec47fc6a643d49ad887c0527876b17dbd450244bb3f01fd3a097

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            d3b1b87f5bb86307bae3e32ff9a0f230

                            SHA1

                            f370514e122bbcc5e649b92813819aee7c788e62

                            SHA256

                            64ab66eb6cd6d2bfeb73438a9b33f1060c3509b032517388f010fb0ef94d25e7

                            SHA512

                            1a8b11aa73b9dd2a530d10e2ea3c107944a1c43aa45c784be867da6d9c334994eddd0c743ab7c36ac53bd8a6c3a926068a6375b28f37fe87c36e947a573251f5

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                            Filesize

                            24KB

                            MD5

                            3bb9c8864893f1d8bed5bc55daf67f2a

                            SHA1

                            d29c32ab453d3f24d6f7623b21587fe6188d895b

                            SHA256

                            6d57e14fc9f6d2411c8a619d43062829192c31ee8d0c2598182f2a7ff0f0473d

                            SHA512

                            e19da877e9e056776a7ace575462a12536c38e61988c243fbc8cb255c1edb77ae609b371f8c7a081273f0463f60486c8290ae139edb3d97f2f0c6591cdd04723

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            10KB

                            MD5

                            2cd31e30e7841ea43a2074ed907d84b6

                            SHA1

                            1fc77ff543eb9088bda6050f76b5c484d7d72796

                            SHA256

                            dbe01352476cdcfff06d1aa2332df988af7a163aa190edcec250f1565b195e3f

                            SHA512

                            8b51c7f94c6862280549f7eb04e25531bebe1330799d750ff97c9dfc2a129f25a7a765a611f419bbca1be349059690e24f1e28240cb069c45763b08a795f3aca

                            Download Submit