Overview

overview

3

Static

static

1

.html

windows7-x64

1

.html

windows10-2004-x64

3

Resubmissions

14/03/2025, 11:10

250314-m9yhdaspw2 3

14/03/2025, 11:07

250314-m8enway1fw 4

14/03/2025, 11:00

250314-m359mssnw2 4

22/01/2025, 12:48

250122-p189maxjfs 10

22/01/2025, 12:46

250122-pzmdgaxjat 10

22/01/2025, 12:43

250122-pxynqawrcy 8

Analysis

  • max time kernel
    11s
  • max time network
    10s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250313-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/03/2025, 11:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .html

  • Size

    474B

  • MD5

    10957f24772eea915bc129c12ad964c9

  • SHA1

    875b9ce0b9fe2f519d28cc8a3e8e957db9779360

  • SHA256

    218a3a1f233acd4e53bc25d4be1919a926cf72ac5f787c779c8b52e3c9a66e44

  • SHA512

    dd351894c8596e496a8e3ee3411e7b4a9cca1b9d13919eaa333c1b093377c18c93d8b2002b36027fb398685907b558a9021e60d8af51b2711c4452b1ff8d1602

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 1 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\.html
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2980
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ffc1017f208,0x7ffc1017f214,0x7ffc1017f220
      2⤵
        PID:2160
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1664,i,14571726158369948338,13960031623856181283,262144 --variations-seed-version --mojo-platform-channel-handle=2308 /prefetch:3
        2⤵
          PID:5796
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2272,i,14571726158369948338,13960031623856181283,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:2
          2⤵
            PID:5108
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2528,i,14571726158369948338,13960031623856181283,262144 --variations-seed-version --mojo-platform-channel-handle=2644 /prefetch:8
            2⤵
              PID:3168
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3452,i,14571726158369948338,13960031623856181283,262144 --variations-seed-version --mojo-platform-channel-handle=3472 /prefetch:1
              2⤵
                PID:4024
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3460,i,14571726158369948338,13960031623856181283,262144 --variations-seed-version --mojo-platform-channel-handle=3476 /prefetch:1
                2⤵
                  PID:2008
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4956,i,14571726158369948338,13960031623856181283,262144 --variations-seed-version --mojo-platform-channel-handle=4908 /prefetch:1
                  2⤵
                    PID:4572
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=3528,i,14571726158369948338,13960031623856181283,262144 --variations-seed-version --mojo-platform-channel-handle=3564 /prefetch:1
                    2⤵
                      PID:2548
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4800,i,14571726158369948338,13960031623856181283,262144 --variations-seed-version --mojo-platform-channel-handle=5216 /prefetch:8
                      2⤵
                        PID:1588
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4948,i,14571726158369948338,13960031623856181283,262144 --variations-seed-version --mojo-platform-channel-handle=5236 /prefetch:8
                        2⤵
                          PID:4312
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5644,i,14571726158369948338,13960031623856181283,262144 --variations-seed-version --mojo-platform-channel-handle=5588 /prefetch:8
                          2⤵
                            PID:932
                          • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5880,i,14571726158369948338,13960031623856181283,262144 --variations-seed-version --mojo-platform-channel-handle=5904 /prefetch:8
                            2⤵
                              PID:1180
                            • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5880,i,14571726158369948338,13960031623856181283,262144 --variations-seed-version --mojo-platform-channel-handle=5904 /prefetch:8
                              2⤵
                                PID:5492
                            • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                              1⤵
                                PID:6072

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                280B

                                MD5

                                998db8a9f40f71e2f3d9e19aac4db4a9

                                SHA1

                                dade0e68faef54a59d68ae8cb3b8314b6947b6d7

                                SHA256

                                1b28744565eb600485d9800703f2fb635ecf4187036c12d47f86bbd1e078e06b

                                SHA512

                                0e66fd26a11507f78fb1b173fd50555dbd95b0d330e095cdd93206757c6af2780ece914a11a23cd4c840636a59470f44c6db35fa392303fb583806264e652016

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
                                Filesize

                                2B

                                MD5

                                99914b932bd37a50b983c5e7c90ae93b

                                SHA1

                                bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                SHA256

                                44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                SHA512

                                27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
                                Filesize

                                107KB

                                MD5

                                40e2018187b61af5be8caf035fb72882

                                SHA1

                                72a0b7bcb454b6b727bf90da35879b3e9a70621e

                                SHA256

                                b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

                                SHA512

                                a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
                                Filesize

                                2B

                                MD5

                                d751713988987e9331980363e24189ce

                                SHA1

                                97d170e1550eee4afc0af065b78cda302a97674c

                                SHA256

                                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                SHA512

                                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                17KB

                                MD5

                                7ffdd0029ade84415062d0c34af58307

                                SHA1

                                02adc4587f90d9226f4cb6775452cf7bd624c203

                                SHA256

                                3237ea8e6cfe3a1b303909ffc32d0bf25c238d938e51cdfb79355a1ed6fa2862

                                SHA512

                                98af4e3dc35f2c24a0ceb79dc15aada91ce8cb62531a4d6c3612635eaf8f111f78ef6ff6aaa2d44c36db4e0927bc1e3b4d344135738538e221d6b80ef2682325

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                Filesize

                                36KB

                                MD5

                                53e01e40731eda0adba8c8b2326c9876

                                SHA1

                                7ab93083170298b14edb0ffb941a8d219534c31c

                                SHA256

                                2dad7fcf4c3f3c652feb1e0e0e0c38eca6d4ff8f975321e40b89c77428ff8ffa

                                SHA512

                                530aa50cd4d62048ae44a88ee9d354244cf1444fa67a5a44536819a3c12590f343a7f58a5553e5979079086f02d3d2dc1ead5d7ee19d82e925b126909ee4bc39

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
                                Filesize

                                22KB

                                MD5

                                134082b1cf1b194bf3b982a17ad128ee

                                SHA1

                                0ab7d6a07ca7ae454ef46a6d5d5889e3702a71f2

                                SHA256

                                6ae8a07e472c01683817c1785b74bf04884c3234e2e43ab3f8b309713c0bc912

                                SHA512

                                d5975255917c87e69906d581bb8f2811eedde0641c0385c26eb9b7fd0c3007054b4ad6d46fc43a8143fdb65d4b6d610c292d98409a1448d82866c99d799228cc

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                49KB

                                MD5

                                ad37120b625b32eac712257de459a95e

                                SHA1

                                aaa3a01b34856431360fdd765bc51a6d0e9c6a37

                                SHA256

                                3b2c5faea58933a0a2347250bfeb93f61bbefdc4f4341e372ae8eaad08563e2a

                                SHA512

                                5f2a77c70152836c325b7b465857acd5b9c5157c42eb0c1f9cb7ad0544bdd0a2d387ce8bb3ed062700dbf93cfd320644f8d6844cc224b741ef0a76b78d5935aa

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                40KB

                                MD5

                                ba5dea4316621a140773cda08f364bf7

                                SHA1

                                07e77ffa72d95d24befc86b1de8d7fdb7afdbc36

                                SHA256

                                88612c7e7337e4d688c610de50940408bf365724b273893d677bff77b48c32a6

                                SHA512

                                999f7c01f26033529baa8d19473798428695f14667518e59561aecbf5eb35efa632fcec0c8d17500bfb9447f630aa7da74d8316a5ffd39041bad7969bfd93a77

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
                                Filesize

                                2KB

                                MD5

                                2fd5f579557c46e31e8f5470479d9b3b

                                SHA1

                                7208114aa6a8489995a6f8c97efe57a9d7dc37ca

                                SHA256

                                8a692477ed45dc893320cb47b3c4876b0d121329f6b5e8ea00808bf82ec203b3

                                SHA512

                                9f788e157dea6633f0a1f608f464813344f7456cb54a55348c45262b2fb650f556f5f4bbb98623d4f992fedf4e12ffb2c1899602521b682502408c29bdfd505b

                                Download Submit