Overview

overview

10

Static

static

1

URLScan

urlscan

10

https://u.to/yFFjIA

windows10-1703-x64

4

Analysis

  • max time kernel
    69s
  • max time network
    69s
  • platform
    windows10-1703_x64
  • resource
    win10-20240214-en
  • resource tags

    arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system
  • submitted
    20-02-2024 16:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://u.to/yFFjIA

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://u.to/yFFjIA"
    1⤵
      PID:3388
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2504
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:2224
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2076
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4516
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:2872
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:2428
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:3056

      Network

      MITRE ATT&CK Matrix ATT&CK v13

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
        Filesize

        4KB

        MD5

        1bfe591a4fe3d91b03cdf26eaacd8f89

        SHA1

        719c37c320f518ac168c86723724891950911cea

        SHA256

        9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

        SHA512

        02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ER61J7VR\edgecompatviewlist[1].xml
        Filesize

        74KB

        MD5

        d4fc49dc14f63895d997fa4940f24378

        SHA1

        3efb1437a7c5e46034147cbbc8db017c69d02c31

        SHA256

        853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

        SHA512

        cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

        Download Submit
      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MY2G8UIE\04949b75724ed62efaceafe9dcace9b82321ab24b087[1].css
        Filesize

        5KB

        MD5

        8e61ebf5e7099224faae3ee61be0e439

        SHA1

        433ff93ebd0872fdb8750569824684eaee0dace1

        SHA256

        f653dbf761adb689f70bdfbc792ae65192e95b544d7e66dce483a4931b4c58e3

        SHA512

        f3a2c5b1471952950aebb30f6da4fdac54eafa8b5fdd66ca3d44171b0eec17a309460f15b22af8cec00da1703b89367db2348b12f0501c0f3ae3d3599040a741

        Download Submit
      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MY2G8UIE\3cdad215a43d21ea4fc87f4af5d02529b551fdd4cec8[1].css
        Filesize

        11KB

        MD5

        dacb80dabfaebd8b5c696ca29bddd59e

        SHA1

        d10bdeb6162bb0591b13799eac711d320958d1c5

        SHA256

        6a13129c52b4af929efe3e1fddeceb315a4f8038ad01c469f8d45d5c19483ac9

        SHA512

        dc812155362dd80a49c903dd65953594c0c75b665425616f203ff77e78499174eb400d9ebbec5b670a46b81c316f166eeed202e6b965f0f02587a49f2ada61f7

        Download Submit
      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MY2G8UIE\58f334a8a29f5ad81af0b81a8f3e765d20c98c4d09e9[1].css
        Filesize

        20KB

        MD5

        76b1bdbafa76a16eb077711e0852240f

        SHA1

        4eeaffc1d6645d958efdf93b127bd345134bdee0

        SHA256

        e72bfd5b2451298de330b65ffbf950c8f830c5d373435f26fce733e1264bef5d

        SHA512

        fa7e4606b736edfc15d42e00dc83e8e4ee20b8b79cd7c10b393d29ad220afb75fcad5b959b51fb37c74ee9970ebf80cd7a75d7e4e8be1bfa8ec3e79d2aca4cd1

        Download Submit
      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MY2G8UIE\82bcfc827562ecb3abc5f806658b862a4416b03adcf0[1].css
        Filesize

        19KB

        MD5

        2727c215f1b26015043511e9735a46f7

        SHA1

        7d1dc9acca9b896d0e880973e33e339188fab602

        SHA256

        dbdcded3c4261a3c9d79cb3cf9e641744ad1f2db504690f3a1a06f6b3893dda4

        SHA512

        dc048227b3c80caf9ba2193d2f58af19745e1c4efb893ed742a8b54c25509072186c9141aa963e0454bbb91dcb3945ff3862ac09cc12471d5e9a357246104708

        Download Submit
      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MY2G8UIE\9c0435910e043a2e10cb9b0061943b74e2d6494fa172[1].css
        Filesize

        75KB

        MD5

        d75bc33f0e1f113e13918a1574bed89e

        SHA1

        ce9524469a86d2cf429390d9a2b09151906f16f5

        SHA256

        c2815908a70bff8204d9c9dc034dd649f3f560a90112b11ddd5e0e53583bd39c

        SHA512

        151a8dfee28aaf232ed27150be0fd259b3c31f176187caf59ba231d067db9a6886bdf62e9bc73632cedd001847d7168fa2ad598e71b315385f547f899ec7361f

        Download Submit
      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OVKOBIGP\0f03dc12f2480e229ed1609f01c540a671a04e049968[1].css
        Filesize

        10KB

        MD5

        2113b6560d12d0fbaafcb9b964364591

        SHA1

        781afbd9b39e0ccfd8f6a5d906a48639b62105e0

        SHA256

        02ed5fedd4d231fd7599d828707a1af9728f3dd33876047b5b045c1cec3f5d02

        SHA512

        78c3d3d5056ca06dfb66cfad0820de44b947859b4f886e21ecc6700ba31ee9b7f51faf45d100e6ae591147382cbf18c79c8b9d42ab2dcd93e4318227bd404a8e

        Download Submit
      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OVKOBIGP\jquery-ui[1].js
        Filesize

        458KB

        MD5

        c811575fd210af968e09caa681917b9b

        SHA1

        0bf0ff43044448711b33453388c3a24d99e6cc9c

        SHA256

        d2f0522008bff05c6434e48ac8f11f7464331436a4d5d96a14a058a81a75c82e

        SHA512

        d2234d9e8dcc96bca55fafb83bb327f87c29ae8433fc296c48be3ef8c9a21a0a4305e14823e75416951eecd6221f56fbbb8c89d44b244a27be7b6bea310f2fd1

        Download Submit
      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OVKOBIGP\jquery.min[1].js
        Filesize

        86KB

        MD5

        220afd743d9e9643852e31a135a9f3ae

        SHA1

        88523924351bac0b5d560fe0c5781e2556e7693d

        SHA256

        0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

        SHA512

        6e722fce1e8553be592b1a741972c7f5b7b0cdafce230e9d2d587d20283482881c96660682e4095a5f14df45a96ec193a9b222030c53b1b7bbe8312b2eae440d

        Download Submit
      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GO736LCP\favicon[1].ico
        Filesize

        37KB

        MD5

        231913fdebabcbe65f4b0052372bde56

        SHA1

        553909d080e4f210b64dc73292f3a111d5a0781f

        SHA256

        9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

        SHA512

        7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

        Download Submit
      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\OS3GMZ8A\suggestions[1].en-US
        Filesize

        17KB

        MD5

        5a34cb996293fde2cb7a4ac89587393a

        SHA1

        3c96c993500690d1a77873cd62bc639b3a10653f

        SHA256

        c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

        SHA512

        e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        Download Submit
      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\zrx84lx\imagestore.dat
        Filesize

        46KB

        MD5

        023ee331cd77b3bf57b8cb8382850c46

        SHA1

        05f2a6a7940f4bab25972aa58fb9277b70770d80

        SHA256

        c65825cd46a3bfed668cf8f5285a6ff3f00ea4cdbda74f466fbb1c8d4fecb8ce

        SHA512

        be351935d2aaec421e822504b9f8680ac2b84f44cd8844a400872b57d2b490fd9bb55e8fc8b4fc2b7baa5b7dfbb75689350644b0881ce91aa5a7c6af9f056432

        Download Submit
      • memory/2504-0-0x000001C18BC20000-0x000001C18BC30000-memory.dmp
        Filesize

        64KB

        Download
      • memory/2504-35-0x000001C18C100000-0x000001C18C102000-memory.dmp
        Filesize

        8KB

        Download
      • memory/2504-16-0x000001C18C000000-0x000001C18C010000-memory.dmp
        Filesize

        64KB

        Download
      • memory/2504-328-0x000001C192530000-0x000001C192531000-memory.dmp
        Filesize

        4KB

        Download
      • memory/2504-329-0x000001C192540000-0x000001C192541000-memory.dmp
        Filesize

        4KB

        Download
      • memory/2872-273-0x0000022B2C090000-0x0000022B2C092000-memory.dmp
        Filesize

        8KB

        Download
      • memory/2872-347-0x0000022B29CB0000-0x0000022B29CB2000-memory.dmp
        Filesize

        8KB

        Download
      • memory/2872-254-0x0000022B2BCF0000-0x0000022B2BCF2000-memory.dmp
        Filesize

        8KB

        Download
      • memory/2872-269-0x0000022B2C070000-0x0000022B2C072000-memory.dmp
        Filesize

        8KB

        Download
      • memory/2872-243-0x0000022B2BD10000-0x0000022B2BD12000-memory.dmp
        Filesize

        8KB

        Download
      • memory/2872-279-0x0000022B2C340000-0x0000022B2C342000-memory.dmp
        Filesize

        8KB

        Download
      • memory/2872-283-0x0000022B2C350000-0x0000022B2C352000-memory.dmp
        Filesize

        8KB

        Download
      • memory/2872-238-0x0000022B2B4E0000-0x0000022B2B4E2000-memory.dmp
        Filesize

        8KB

        Download
      • memory/2872-203-0x0000022B2A620000-0x0000022B2A720000-memory.dmp
        Filesize

        1024KB

        Download
      • memory/2872-186-0x0000022B29AA0000-0x0000022B29AC0000-memory.dmp
        Filesize

        128KB

        Download
      • memory/2872-174-0x0000022B29960000-0x0000022B29980000-memory.dmp
        Filesize

        128KB

        Download
      • memory/2872-343-0x0000022B17BA0000-0x0000022B17BA2000-memory.dmp
        Filesize

        8KB

        Download
      • memory/2872-345-0x0000022B17BE0000-0x0000022B17BE2000-memory.dmp
        Filesize

        8KB

        Download
      • memory/2872-247-0x0000022B2BCE0000-0x0000022B2BCE2000-memory.dmp
        Filesize

        8KB

        Download
      • memory/2872-349-0x0000022B2A350000-0x0000022B2A352000-memory.dmp
        Filesize

        8KB

        Download
      • memory/2872-351-0x0000022B2A3E0000-0x0000022B2A3E2000-memory.dmp
        Filesize

        8KB

        Download
      • memory/2872-353-0x0000022B2A3F0000-0x0000022B2A3F2000-memory.dmp
        Filesize

        8KB

        Download
      • memory/2872-355-0x0000022B2A430000-0x0000022B2A432000-memory.dmp
        Filesize

        8KB

        Download
      • memory/2872-357-0x0000022B2A450000-0x0000022B2A452000-memory.dmp
        Filesize

        8KB

        Download
      • memory/2872-359-0x0000022B2A790000-0x0000022B2A792000-memory.dmp
        Filesize

        8KB

        Download
      • memory/2872-361-0x0000022B2A7C0000-0x0000022B2A7C2000-memory.dmp
        Filesize

        8KB

        Download
      • memory/2872-386-0x0000022B28AA0000-0x0000022B28AA2000-memory.dmp
        Filesize

        8KB

        Download
      • memory/2872-462-0x0000022B17FF0000-0x0000022B18000000-memory.dmp
        Filesize

        64KB

        Download
      • memory/2872-96-0x0000022B28AD0000-0x0000022B28AD2000-memory.dmp
        Filesize

        8KB

        Download
      • memory/2872-93-0x0000022B28A10000-0x0000022B28A12000-memory.dmp
        Filesize

        8KB

        Download
      • memory/2872-86-0x0000022B17FE0000-0x0000022B17FE2000-memory.dmp
        Filesize

        8KB

        Download