Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://drive.google...

windows10-1703-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-1703_x64
  • resource
    win10-20230703-en
  • resource tags

    arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
  • submitted
    24/08/2023, 15:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://drive.google.com/file/d/10zau_7uofFyiHOdBE5r7aelieLD2Crxf/view?usp=share_link

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Drops file in Windows directory 7 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://drive.google.com/file/d/10zau_7uofFyiHOdBE5r7aelieLD2Crxf/view?usp=share_link"
    1⤵
      PID:3632
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4056
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:3580
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4864
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1224
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:948
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:3024
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4916
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:4064
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:2444
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4444
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:4272
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:4964
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:5444

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R72PNTV7\edgecompatviewlist[1].xml
      Filesize

      74KB

      MD5

      d4fc49dc14f63895d997fa4940f24378

      SHA1

      3efb1437a7c5e46034147cbbc8db017c69d02c31

      SHA256

      853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

      SHA512

      cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D5MNN1DZ\cb=gapi[2].js
      Filesize

      77KB

      MD5

      d55c0d5ddbf043d18d2f9105695e8918

      SHA1

      2fd909287a3bba6cf7ebda93a9b120fb3ff184a9

      SHA256

      0cf5695131fffb70f601245d339b9ddb1fd881a106a5195b7b6da18d1580d92b

      SHA512

      373bad6217548a77205e90f0863245c611ea25c2bd80bbd428a9c53bec82052977ec290d484421904bb340782a0f0d62926f79e93d7a5c6004e319e4c4397263

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D5MNN1DZ\warmup[2].gif
      Filesize

      43B

      MD5

      325472601571f31e1bf00674c368d335

      SHA1

      2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

      SHA256

      b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

      SHA512

      717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JLPVYOQS\cleardot[2].gif
      Filesize

      43B

      MD5

      fc94fb0c3ed8a8f909dbc7630a0987ff

      SHA1

      56d45f8a17f5078a20af9962c992ca4678450765

      SHA256

      2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

      SHA512

      c87bf81fd70cf6434ca3a6c05ad6e9bd3f1d96f77dddad8d45ee043b126b2cb07a5cf23b4137b9d8462cd8a9adf2b463ab6de2b38c93db72d2d511ca60e3b57e

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\49TGH5N3\drive.google[1].xml
      Filesize

      13B

      MD5

      c1ddea3ef6bbef3e7060a1a9ad89e4c5

      SHA1

      35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

      SHA256

      b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

      SHA512

      6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\7VJVYHCX\www.bing[1].xml
      Filesize

      1KB

      MD5

      2d1b25c26f86c9ee0a1c795db7289f84

      SHA1

      cc781376fbde2271764630825ffcd756d2628eed

      SHA256

      291359353906f54df5484a9806fd10c6010716600fc62cb81a3993e9ae6c573a

      SHA512

      f90b3d0a5e86fb79594b68effbe2d7b29cf55cf9f0fbc8bbab31863a19d01898f9eaae10a4f3bbdb416babf97e55dffbaab10aac418e04892a4f0e936a49bcd3

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\7VJVYHCX\www.bing[1].xml
      Filesize

      9KB

      MD5

      b57fb8bd863e17568263a51ae95a6ca0

      SHA1

      b101061f807b0b228cc91043b0d39ab3be4ab4b8

      SHA256

      f47d9277c26a6e832cf67f16d77743558399689f2a9bf23d4b83f46f142a3f00

      SHA512

      4a5f31686fdea08a56ccb1ad0704ad4806ed9ff7a1a0c2bdec9eef0558c9a5f624d2b0a20f0ff0a62f997f9ba9c172d35d4b4b48f6d5ea1888c859cdaeaeebb3

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
      Filesize

      4KB

      MD5

      f7dcb24540769805e5bb30d193944dce

      SHA1

      e26c583c562293356794937d9e2e6155d15449ee

      SHA256

      6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea

      SHA512

      cb5ad678b0ef642bf492f32079fe77e8be20c02de267f04b545df346b25f3e4eb98bb568c4c2c483bb88f7d1826863cb515b570d620766e52476c8ee2931ea94

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\H9G6HMTE\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\PZ3HMQB4\favicon[1].ico
      Filesize

      758B

      MD5

      84cc977d0eb148166481b01d8418e375

      SHA1

      00e2461bcd67d7ba511db230415000aefbd30d2d

      SHA256

      bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c

      SHA512

      f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ZELBU5G0\drive_2020q4_32dp[1].png
      Filesize

      831B

      MD5

      916c9bcccf19525ad9d3cd1514008746

      SHA1

      9ccce6978d2417927b5150ffaac22f907ff27b6e

      SHA256

      358e814139d3ed8469b36935a071be6696ccad7dd9bdbfdb80c052b068ae2a50

      SHA512

      b73c1a81997abe12dba4ae1fa38f070079448c3798e7161c9262ccba6ee6a91e8a243f0e4888c8aef33ce1cf83818fc44c85ae454a522a079d08121cd8628d00

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
      Filesize

      1KB

      MD5

      753780af70c08b0772f51e140ec02a30

      SHA1

      5582cfb1553a9f0856a2a14f2bb9058d3262b190

      SHA256

      1d3402915bf8cb0460ed3451221a55fc4454c4920fa9ead2c5ced1924d4e984b

      SHA512

      031f938f35cb188cbf6865d2bd07d281369160bd41db9e4a414fe4f792eae72a1a7d55c07b37230091ac715ebb0797cdc85aae84a7ca62ae316607fc043834da

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
      Filesize

      404B

      MD5

      66e186c77fc7054a872a5393e4e2be17

      SHA1

      2abae379b975a55ae2357bc393625d76d5a5f8b1

      SHA256

      1e3732189b34a3a6755b8f1788bb03a32066a71fbf71916d8ae839ed447f7c6a

      SHA512

      88a3f75832ce085ea90c74ec5fbbd41ebc6e16380ac6459692ba3c6a80ba9926c6155459b2ab2f54fd599b6be582cab7061f01c1ad71a22c22e7dcd8622ed881

      Download Submit

    • memory/948-271-0x0000024FEE7F0000-0x0000024FEE7F2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/948-295-0x0000024FF0070000-0x0000024FF0072000-memory.dmp

      Filesize

      8KB

      Download

    • memory/948-235-0x0000024FEE280000-0x0000024FEE282000-memory.dmp

      Filesize

      8KB

      Download

    • memory/948-244-0x0000024FEE3A0000-0x0000024FEE3A2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/948-249-0x0000024FEE440000-0x0000024FEE442000-memory.dmp

      Filesize

      8KB

      Download

    • memory/948-252-0x0000024FEE450000-0x0000024FEE452000-memory.dmp

      Filesize

      8KB

      Download

    • memory/948-256-0x0000024FEE620000-0x0000024FEE622000-memory.dmp

      Filesize

      8KB

      Download

    • memory/948-261-0x0000024FEE660000-0x0000024FEE662000-memory.dmp

      Filesize

      8KB

      Download

    • memory/948-268-0x0000024FEE7B0000-0x0000024FEE7B2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/948-84-0x0000024FEC600000-0x0000024FEC620000-memory.dmp

      Filesize

      128KB

      Download

    • memory/948-275-0x0000024FEFA00000-0x0000024FEFA02000-memory.dmp

      Filesize

      8KB

      Download

    • memory/948-282-0x0000024FEFBB0000-0x0000024FEFBB2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/948-278-0x0000024FEFA20000-0x0000024FEFA22000-memory.dmp

      Filesize

      8KB

      Download

    • memory/948-286-0x0000024FEFFF0000-0x0000024FEFFF2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/948-291-0x0000024FF0010000-0x0000024FF0012000-memory.dmp

      Filesize

      8KB

      Download

    • memory/948-227-0x0000024FEE1E0000-0x0000024FEE1E2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/948-299-0x0000024FF0090000-0x0000024FF0092000-memory.dmp

      Filesize

      8KB

      Download

    • memory/948-309-0x0000024FF0F30000-0x0000024FF0F32000-memory.dmp

      Filesize

      8KB

      Download

    • memory/948-312-0x0000024FF0F70000-0x0000024FF0F73000-memory.dmp

      Filesize

      12KB

      Download

    • memory/948-316-0x0000024FF0FD0000-0x0000024FF0FD2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/948-213-0x0000024FF0500000-0x0000024FF0600000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/948-91-0x0000024FEDBC0000-0x0000024FEDBC2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/948-93-0x0000024FEEE20000-0x0000024FEEE22000-memory.dmp

      Filesize

      8KB

      Download

    • memory/948-108-0x0000024FEE0E0000-0x0000024FEE1E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/948-105-0x0000024FEE880000-0x0000024FEE980000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/948-102-0x0000024FEE880000-0x0000024FEE980000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/948-95-0x0000024FEEEA0000-0x0000024FEEEA2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4056-143-0x0000014CD78D0000-0x0000014CD78D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4056-144-0x0000014CD78E0000-0x0000014CD78E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4056-0-0x0000014CD1120000-0x0000014CD1130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4056-35-0x0000014CD6860000-0x0000014CD6862000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4056-16-0x0000014CD1700000-0x0000014CD1710000-memory.dmp

      Filesize

      64KB

      Download