Overview

overview

4

Static

static

1

URLScan

urlscan

1

https://www.findingf...

windows10-1703-x64

4

Analysis

  • max time kernel
    63s
  • max time network
    62s
  • platform
    windows10-1703_x64
  • resource
    win10-20231215-en
  • resource tags

    arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
  • submitted
    22/01/2024, 15:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.findingfoley.com//_api/invoice/b5246a8e-3821-4730-8765-ffc91b36f9aa:710a1af7-d3aa-4045-b9a8-3ac71b1fd723/view?token=c85b8749-c91a-42ec-9667-f08deae80b88

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://www.findingfoley.com//_api/invoice/b5246a8e-3821-4730-8765-ffc91b36f9aa:710a1af7-d3aa-4045-b9a8-3ac71b1fd723/view?token=c85b8749-c91a-42ec-9667-f08deae80b88"
    1⤵
      PID:4784
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4612
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:4264
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4720
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:648
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4580
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:1776
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:3440
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:4572

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
            Filesize

            4KB

            MD5

            1bfe591a4fe3d91b03cdf26eaacd8f89

            SHA1

            719c37c320f518ac168c86723724891950911cea

            SHA256

            9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

            SHA512

            02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DNDP7OJQ\edgecompatviewlist[1].xml
            Filesize

            74KB

            MD5

            d4fc49dc14f63895d997fa4940f24378

            SHA1

            3efb1437a7c5e46034147cbbc8db017c69d02c31

            SHA256

            853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

            SHA512

            cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\R5RCO447\favicon[1].ico
            Filesize

            3KB

            MD5

            f4feb61d53bc0de67557513853fa54f1

            SHA1

            c1219a3da6d6130c9ca4f3e52f96a91077b16041

            SHA256

            295a1f6f927fd11a3842a4c9f508b4152eca150cb4c54d6cfb64736fad659b80

            SHA512

            20ce839d90305e05f2ec9ec322ae660f8d43ddd2705f67269b2231f0150575a168b7b33b22c813609bcb7e111f0b97ecc475bccb53db0283acc4a9fb2774e833

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF932ACA16F0E4B971.TMP
            Filesize

            16KB

            MD5

            cf171fd3725cc6c91c43bc697d86087b

            SHA1

            e4be2ecf1b98672bb650417ec43e4e2b5d8e74f2

            SHA256

            dffef1f307eac81bb0627f67d71e2e6d7b81ed986c489d69e7b32327c0fe3d67

            SHA512

            542b0016f720475ac1450da0ae06e52c58feecd9fb96bf8ee6b2c45cdca845336f3d845401e35ea3ed00e49c2c721459ea29c6dd45249a0682a07885d0e7795f

            Download Submit

          • memory/4580-110-0x000002CFF0040000-0x000002CFF0042000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4580-114-0x000002CFF0070000-0x000002CFF0072000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4580-118-0x000002CFF0200000-0x000002CFF0202000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4580-95-0x000002CFDEF30000-0x000002CFDEF50000-memory.dmp

            Filesize

            128KB

            Download

          • memory/4612-135-0x0000026C96FC0000-0x0000026C96FC1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4612-136-0x0000026C96FD0000-0x0000026C96FD1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4612-0-0x0000026C90720000-0x0000026C90730000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4612-35-0x0000026C90AA0000-0x0000026C90AA2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4612-16-0x0000026C91040000-0x0000026C91050000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4612-170-0x0000026C90EA0000-0x0000026C90EA2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4612-173-0x0000026C90AD0000-0x0000026C90AD1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4612-177-0x0000026C90A90000-0x0000026C90A91000-memory.dmp

            Filesize

            4KB

            Download