e21228bfb805c55533e1c18b05380fa433df0f56ec75acc0fc255501d1b0c67d

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2025, 23:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e21228bfb805c55533e1c18b05380fa433df0f56ec75acc0fc255501d1b0c67d.html
Size

99KB
MD5

727720b78d29d7e017027a2454c22cde
SHA1

d39db7ba167bb9f8bcfe7009a320d99e70f22816
SHA256

e21228bfb805c55533e1c18b05380fa433df0f56ec75acc0fc255501d1b0c67d
SHA512

d4b76b9f33d0fba6a9db5fbc52d6edfe96001d29bec80db2958ab8cbf7df74f3e54beb5a65440b83913e705e5e5a1de56c41c3fc51a470463c88502a34400801
SSDEEP

3072:RRlBuh/b5vfdikc8IL1VIS2OBNnoCphLZDrciTW41vyOntMrU:vlBuxb5vfdikcBLQOBNnoCphLZDrcpU

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
116	msedge.exe
116	msedge.exe
1640	msedge.exe
1640	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 1508	1640	msedge.exe	85
PID 1640 wrote to memory of 1508	1640	msedge.exe	85
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 3536	1640	msedge.exe	86
PID 1640 wrote to memory of 116	1640	msedge.exe	87
PID 1640 wrote to memory of 116	1640	msedge.exe	87
PID 1640 wrote to memory of 668	1640	msedge.exe	88
PID 1640 wrote to memory of 668	1640	msedge.exe	88
PID 1640 wrote to memory of 668	1640	msedge.exe	88
PID 1640 wrote to memory of 668	1640	msedge.exe	88
PID 1640 wrote to memory of 668	1640	msedge.exe	88
PID 1640 wrote to memory of 668	1640	msedge.exe	88
PID 1640 wrote to memory of 668	1640	msedge.exe	88
PID 1640 wrote to memory of 668	1640	msedge.exe	88
PID 1640 wrote to memory of 668	1640	msedge.exe	88
PID 1640 wrote to memory of 668	1640	msedge.exe	88
PID 1640 wrote to memory of 668	1640	msedge.exe	88
PID 1640 wrote to memory of 668	1640	msedge.exe	88
PID 1640 wrote to memory of 668	1640	msedge.exe	88
PID 1640 wrote to memory of 668	1640	msedge.exe	88
PID 1640 wrote to memory of 668	1640	msedge.exe	88
PID 1640 wrote to memory of 668	1640	msedge.exe	88
PID 1640 wrote to memory of 668	1640	msedge.exe	88
PID 1640 wrote to memory of 668	1640	msedge.exe	88
PID 1640 wrote to memory of 668	1640	msedge.exe	88
PID 1640 wrote to memory of 668	1640	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e21228bfb805c55533e1c18b05380fa433df0f56ec75acc0fc255501d1b0c67d.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9375346f8,0x7ff937534708,0x7ff937534718
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,1951977632713122214,4824202682613876995,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,1951977632713122214,4824202682613876995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,1951977632713122214,4824202682613876995,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1951977632713122214,4824202682613876995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1951977632713122214,4824202682613876995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1951977632713122214,4824202682613876995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1951977632713122214,4824202682613876995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1951977632713122214,4824202682613876995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1951977632713122214,4824202682613876995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,1951977632713122214,4824202682613876995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,1951977632713122214,4824202682613876995,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5544 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56361f50f0ee63ef0ea7c91d0c8b847a

SHA1
35227c31259df7a652efb6486b2251c4ee4b43fc

SHA256
7660beecfee70d695225795558f521c3fb2b01571c224b373d202760b02055c0

SHA512
94582035220d2a78dfea9dd3377bec3f4a1a1c82255b3b74f4e313f56eb2f7b089e36af9fceea9aa83b7c81432622c3c7f900008a1bdb6b1cd12c4073ae4b8a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0621e31d12b6e16ab28de3e74462a4ce

SHA1
0af6f056aff6edbbc961676656d8045cbe1be12b

SHA256
1fd3365fdb49f26471ce9e348ce54c9bc7b66230118302b32074029d88fb6030

SHA512
bf0aa5b97023e19013d01abd3387d074cdd5b57f98ec4b0241058b39f9255a7bbab296dce8617f3368601a3d751a6a66dc207d8dd3fc1cba9cac5f98e3127f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\88797983-aac9-449f-b217-4a691ebd5f47.tmp

Filesize
5KB

MD5
1b9490be315bd94d79b8273ac157d591

SHA1
3a8ab7c48d9f900ba4ed3117de6e5dc9a859b28e

SHA256
b6439592f170f4458304bf9af69b47d9759a685c58d920c4f75ebea2c5740264

SHA512
c0cd7c116e129c7141f759a3b8af5614cbf218e62b9b9452a0088218100d68e343cf2ac6e23fcfb32139e6f0b14c7fd2681b976ad63786ad1857ea6f4d4aa293

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
4a8cfe5be89663214ab1e0f2a50618cc

SHA1
a06726e194de1e966a042ff05ca89c4cb0f37edf

SHA256
48925f1581dbeecc5c244bce47d86ede729efba1b2754bb4763b4bcf2c926d4c

SHA512
5da72ba14cd339b582a854cc113ace77572e4ccf50857f7a1065179a117aaee98c4a3bf36f7bce487a0f1d3fa102b92d4c71b64dd034c44668d6feac10c7c459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
644B

MD5
9795af23cd1a412666978b986ecf7e36

SHA1
75bbed18f261bdc6714c42de2cbe999e90a2f9ba

SHA256
ec10d2ac6444f914d6a00dfbb5a082c339b9a0cf372996a6268ed6a6595ed618

SHA512
74be034b0504c877825441fa3a806e6e088d023e30914eb8f1e3bef60102b92b995069a76fcf0f7632cc19667dab0e533d23cddb520ee6d0902a2deba77279f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
39952a09baf2ad0db34e272772be32fa

SHA1
445a68c31fd8d35ca15dc4847715f1e532450111

SHA256
ded0cb1d7d03bf41d08d6699d3b8dea497096fef2bfbcb31fe21e34aa579335c

SHA512
245b2360b572d40af59471f943b913132fc2a63cddc8fbc03d62221c5b22f50d4230c15b8f0cd40c2b7fd3f3aa811b8b23b6996ffbaebbab04ddaf6015abd2d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
645a708d92c2f381bccb0f8d79f3bc17

SHA1
f3aa8bdf0e21c56ec039a69ea1fe5cb5d254b80a

SHA256
5fe05996cf81f7f4f967133e0d778bcda758aef328da7a398408dfc09a3b8c86

SHA512
971f62d7badf862ee27c5483b6b75ea1a9df85565b05663bb42ddc3e5fd9ef1e50788ef1d16d9ae20111bc696907a06786b7ad127c96f5d3c8ec1e167b52e635

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
b7643d689495f49089bf32b647f42c24

SHA1
287064360d729fd30710cb64c7324adb3f0b04c2

SHA256
634ba7b8087df60a534cf360d6aeb1691e992b84fbca232fb06399d55403bd8d

SHA512
da690084e464da983d354b4893adac04b7f803b4ecfb06ae4ee2ba538ab6e56e5704c573df68f8d56d7d0690132eb922b558746d407b464b90d2c98c7283b684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5963d1.TMP

Filesize
203B

MD5
852a60467c08c28eaee168dc87183ad4

SHA1
04de6b74d70ad1eeed3d7b9f8c1692c065d0a583

SHA256
1802441086a0b982cd1c9251f246e2d7efb3e4ff905b75710fb310e0c4a1b2d7

SHA512
01beb2785753a5ebac1547955101ab48b9c506c7ba2899ea7f12d2f3d785f58a5ac227b323b29590d6a8a3bae67f8f089e11dd9d6ba45d7817d7b105c309f05f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fdaeebb67eb40267b24499357a16ea2e

SHA1
adf2f7d36aacb0c15566a5883a9b920b48f5d2c7

SHA256
a26b5d83d5838a6e678f65adb8dd5bc9b098ab3c6b191e10957dacf5fe5d02aa

SHA512
48192372bb3f1ea4e34eb1a2375ffcb2feb7043d47f26f5b2017af6945a5affeeb5a7cc056782c1c5dff33bcf381b31197d84547f91831bdaf0eb360dd9ab82c

Download Submit