e21228bfb805c55533e1c18b05380fa433df0f56ec75acc0fc255501d1b0c67d

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2025, 23:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e21228bfb805c55533e1c18b05380fa433df0f56ec75acc0fc255501d1b0c67d.html
Size

99KB
MD5

727720b78d29d7e017027a2454c22cde
SHA1

d39db7ba167bb9f8bcfe7009a320d99e70f22816
SHA256

e21228bfb805c55533e1c18b05380fa433df0f56ec75acc0fc255501d1b0c67d
SHA512

d4b76b9f33d0fba6a9db5fbc52d6edfe96001d29bec80db2958ab8cbf7df74f3e54beb5a65440b83913e705e5e5a1de56c41c3fc51a470463c88502a34400801
SSDEEP

3072:RRlBuh/b5vfdikc8IL1VIS2OBNnoCphLZDrciTW41vyOntMrU:vlBuxb5vfdikcBLQOBNnoCphLZDrcpU

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2576	msedge.exe
2576	msedge.exe
3732	msedge.exe
3732	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3732 wrote to memory of 2148	3732	msedge.exe	88
PID 3732 wrote to memory of 2148	3732	msedge.exe	88
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 4364	3732	msedge.exe	89
PID 3732 wrote to memory of 2576	3732	msedge.exe	90
PID 3732 wrote to memory of 2576	3732	msedge.exe	90
PID 3732 wrote to memory of 3436	3732	msedge.exe	91
PID 3732 wrote to memory of 3436	3732	msedge.exe	91
PID 3732 wrote to memory of 3436	3732	msedge.exe	91
PID 3732 wrote to memory of 3436	3732	msedge.exe	91
PID 3732 wrote to memory of 3436	3732	msedge.exe	91
PID 3732 wrote to memory of 3436	3732	msedge.exe	91
PID 3732 wrote to memory of 3436	3732	msedge.exe	91
PID 3732 wrote to memory of 3436	3732	msedge.exe	91
PID 3732 wrote to memory of 3436	3732	msedge.exe	91
PID 3732 wrote to memory of 3436	3732	msedge.exe	91
PID 3732 wrote to memory of 3436	3732	msedge.exe	91
PID 3732 wrote to memory of 3436	3732	msedge.exe	91
PID 3732 wrote to memory of 3436	3732	msedge.exe	91
PID 3732 wrote to memory of 3436	3732	msedge.exe	91
PID 3732 wrote to memory of 3436	3732	msedge.exe	91
PID 3732 wrote to memory of 3436	3732	msedge.exe	91
PID 3732 wrote to memory of 3436	3732	msedge.exe	91
PID 3732 wrote to memory of 3436	3732	msedge.exe	91
PID 3732 wrote to memory of 3436	3732	msedge.exe	91
PID 3732 wrote to memory of 3436	3732	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e21228bfb805c55533e1c18b05380fa433df0f56ec75acc0fc255501d1b0c67d.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab12246f8,0x7ffab1224708,0x7ffab1224718
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,14024876695139918901,15059607312605214002,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,14024876695139918901,15059607312605214002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,14024876695139918901,15059607312605214002,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,14024876695139918901,15059607312605214002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,14024876695139918901,15059607312605214002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,14024876695139918901,15059607312605214002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,14024876695139918901,15059607312605214002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,14024876695139918901,15059607312605214002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,14024876695139918901,15059607312605214002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,14024876695139918901,15059607312605214002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,14024876695139918901,15059607312605214002,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5800 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56361f50f0ee63ef0ea7c91d0c8b847a

SHA1
35227c31259df7a652efb6486b2251c4ee4b43fc

SHA256
7660beecfee70d695225795558f521c3fb2b01571c224b373d202760b02055c0

SHA512
94582035220d2a78dfea9dd3377bec3f4a1a1c82255b3b74f4e313f56eb2f7b089e36af9fceea9aa83b7c81432622c3c7f900008a1bdb6b1cd12c4073ae4b8a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0621e31d12b6e16ab28de3e74462a4ce

SHA1
0af6f056aff6edbbc961676656d8045cbe1be12b

SHA256
1fd3365fdb49f26471ce9e348ce54c9bc7b66230118302b32074029d88fb6030

SHA512
bf0aa5b97023e19013d01abd3387d074cdd5b57f98ec4b0241058b39f9255a7bbab296dce8617f3368601a3d751a6a66dc207d8dd3fc1cba9cac5f98e3127f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
120B

MD5
f7e4244251ce8a5bc3207b2cbcfefa92

SHA1
eb825f2a491dc29a54c4c5e5969c2c2819a79631

SHA256
2cf572e0035ebb9c43a547bfe2e1a5f1fbfa73154d57f567ef975918e77bf654

SHA512
0b8a33d133102b29076209184bf66e839ce8829767c9c1668f28902381ab4d5830b13972bde41d0aaf4ead3213d311bcb46828c502bd4d58d73431398cd7eb53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
644B

MD5
ba8dec9dcc76a66658dbcb085109e4c3

SHA1
6538cf8772efcb84def47bdb4dc4a5096e468007

SHA256
d987a56a32406d91e045db1c89403b26ef5c45a72306413ea1029d625bedcef6

SHA512
2af44ac3fad7a345e44e4e7ea026079e8361ccbfad4bb3ffc9e81a2ba97d13887769613be94deb66bdac943123ef9749c3a35c846a65bca18758a83c20962554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9fda1955307cceac13636d388a5b1ea6

SHA1
14da1cf292d174701aad8037e1d2ef35ff612172

SHA256
940338dbc9527ec63078a7155d6d469baca6fd007121820157c30b1e1e42bd27

SHA512
b2b08eae002eb8491245fd094b5c76d9515916f27a0f9af5f233ed1c537c1f823d57456b0c3f7285ad48b96791a9de4c891343fc9c3c4e54bd5c419199bb87cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8f740105743de9e78b8bd287c03f0107

SHA1
eff320124379a21a5345504d100cfb1aa049c259

SHA256
a001bff76f0cb5874264cd6b498cf84527698a1dbade94bc746def89d44121ed

SHA512
779d2ce610306176dbffe58b39145162608082596e43bc3ba8a7152aceee2f99f2fe85718568b6328e922f07f4325be45a2b5934baa4b3a0bba1e951f384c688

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
102d8c16659fe82445cec00ea26d4134

SHA1
d17e850863e2e14631e8f9c40498d0b473be395a

SHA256
785bc8aaf4e1feb1f0a9efba1f0f10bb6adae041f77d0ba63a4741524e6dae48

SHA512
94485085248052621633bf29217b11d20670603b82cf7bfe1acf9570fee78329f2fd7e8ce5891dd8ff423028431075078cc11b3fea72086d2152e3ab5b65d83e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
0d14437780beaed01871ab508c7f4d74

SHA1
e91a9d23a257cfd9ee5f4de1c132dd34c32f98a8

SHA256
73fb1617d7bddcc77bbf2d92bf64a0ca6963747fdbee6aab67df6ea3a5a360de

SHA512
1b25d91c9b1c6d18945e0be7c32a2a0d2665845e2e702b9ff8724fc29e329e26c577385040abc11ff60e6600a9e35c0e3a79f42560a4b23d3805ff825a96fd3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59f320.TMP

Filesize
203B

MD5
46d525f2ce3b79679caf877ad436cc7e

SHA1
44a00ccd5cb118d90886d345224b68c020d8db6c

SHA256
dce2ccab63fb1f7f7c473c0d5fb8f03e82041363cf1f87193a63308658d6056e

SHA512
f4e1c205decf4bb0dc5426c0e439d4c5f49ceb9ba1ac23bace12ea0bff6f06d0c0fd3b747b5816075492d8f6c28916487c2e70aa8954fb637c8a065be5f86a74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b2cf23cf8c26e86bd42e779648d37607

SHA1
4049d4c50defaea292c06448aa0c9b7c67d7dcfa

SHA256
17bcb28d51bbfd9fd2d1524c81fb94bdc4344b7a21ac4e114d60b685ec02f565

SHA512
ba6d44b77a92c61cec78205984f49abcc0fc9a1e5c8d5e5f10350969bd8be0f184d58ae8193bd52d5afb2ccdbbee16b8e724dd72230b0c13915b61bcb8623dc4

Download Submit