Overview

overview

10

Static

static

1

URLScan

urlscan

1

http://youtube.com

windows10-1703-x64

4

http://youtube.com

windows10-2004-x64

1

http://youtube.com

windows11-21h2-x64

10

Analysis

  • max time kernel
    73s
  • max time network
    73s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    09-03-2024 18:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://youtube.com

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "http://youtube.com"
    1⤵
      PID:2472
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1920
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:3444
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:776
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4736
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:2224
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:2332
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:828

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZP3JQEV6\edgecompatviewlist[1].xml
      Filesize

      74KB

      MD5

      d4fc49dc14f63895d997fa4940f24378

      SHA1

      3efb1437a7c5e46034147cbbc8db017c69d02c31

      SHA256

      853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

      SHA512

      cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\098OHG3G\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6DU1ZYB2\rs=AGKMywELS6f8ECIe57ae1NiuKJATvfBR3Q[1].css
      Filesize

      2.7MB

      MD5

      1089bbf7f53d3ca4a7ad215894069ba8

      SHA1

      b52bd4ecd7f2ad42d2535b35d5a8531f5e7764f2

      SHA256

      ebe58b5b17b37332a851b1c0d16b226dd0c28010de42ec1ee0ed9f8e6aa8fdbe

      SHA512

      74a7dc3ff5c8c9f9dc85be6fe7a811eed4230dfa5d7f376926076da119490a573de83ff4b46f4b98ffe02f67d307af92484e3e8009c4d653f5ab884152d17328

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6DU1ZYB2\www-onepick[1].css
      Filesize

      1011B

      MD5

      5306f13dfcf04955ed3e79ff5a92581e

      SHA1

      4a8927d91617923f9c9f6bcc1976bf43665cb553

      SHA256

      6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc

      SHA512

      e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O0U3PBBG\network[1].js
      Filesize

      14KB

      MD5

      71464b30ee74399d9bcb61eb2506c9a7

      SHA1

      04ba39b53cce7deb7c316d0d70ac710128a47325

      SHA256

      99599ec6f3fb4d9ae90a3ac4fa8e73448cd94e47a0662c7b80bc1427004f4e67

      SHA512

      5ace36f2d24351e2af12d0aae0fdf6e1b287e0ae8bb75d9fda1204ab8d475ffbcdd97daccd7b057878b05e427212704218b14dc842e01ccddbb122f48d709a5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O0U3PBBG\scheduler[1].js
      Filesize

      9KB

      MD5

      dac3d45d4ce59d457459a8dbfcd30232

      SHA1

      946dd6b08eb3cf2d063410f9ef2636d648ddb747

      SHA256

      58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0

      SHA512

      4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O0U3PBBG\spf[1].js
      Filesize

      38KB

      MD5

      09724500269dc3256e3517a3b3526306

      SHA1

      cb72e3f6e5d0c8cad37bce37a5d81fa768d33037

      SHA256

      f333d8729a3c54012666dff2de67a567e3ade40c708cac4a1b6f7083cb1c5c63

      SHA512

      0fbba72fce072bacf3fc9ebaa4778272c15ac650e0978ec71e0423433b2c91884f4baf01f275aacebe693b57640d2f577d6b35ed77ec1c5505151561edcebadd

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O0U3PBBG\www-i18n-constants[1].js
      Filesize

      5KB

      MD5

      f3356b556175318cf67ab48f11f2421b

      SHA1

      ace644324f1ce43e3968401ecf7f6c02ce78f8b7

      SHA256

      263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd

      SHA512

      a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O0U3PBBG\www-tampering[1].js
      Filesize

      10KB

      MD5

      ce762a9d30d6c70bb0516e8cefc958bf

      SHA1

      da6cac9c717daa3a39f82f3421782c99edd9329d

      SHA256

      a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7

      SHA512

      230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XKEMAM6R\css2[1].css
      Filesize

      2KB

      MD5

      eacfa19ed277f5969e9c4d9fa737e769

      SHA1

      60fcef594f3374692a3158464efdbf6d4252912a

      SHA256

      182c76e0ecec974bb5c6ff96e9c250de8ce4f9c14eaf2625601a72752b2b1aaa

      SHA512

      cb94b78c81bf3eef8be7b7e2094d4702812980683a102f3d52a406bffea4d4dceddee27443ca04e3ca1479b03bd716d93b57778d084aa5e28a8ce6ac15dd8d82

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XKEMAM6R\intersection-observer.min[1].js
      Filesize

      5KB

      MD5

      936a7c8159737df8dce532f9ea4d38b4

      SHA1

      8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5

      SHA256

      3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9

      SHA512

      54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XKEMAM6R\web-animations-next-lite.min[1].js
      Filesize

      49KB

      MD5

      44ca3d8fd5ff91ed90d1a2ab099ef91e

      SHA1

      79b76340ca0781fd98aa5b8fdca9496665810195

      SHA256

      c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415

      SHA512

      a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XKEMAM6R\webcomponents-ce-sd[1].js
      Filesize

      95KB

      MD5

      c1d7b8b36bf9bd97dcb514a4212c8ea5

      SHA1

      e3957af856710e15404788a87c98fdbb85d3e52e

      SHA256

      2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a

      SHA512

      0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XKEMAM6R\www-main-desktop-home-page-skeleton[1].css
      Filesize

      4KB

      MD5

      9deae13c40798dfca19bd14ed7039d60

      SHA1

      4ba302a1435b094031e4f2e1bce1b6198f0cf825

      SHA256

      cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd

      SHA512

      95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XKEMAM6R\www-main-desktop-watch-page-skeleton[1].css
      Filesize

      5KB

      MD5

      81b422570a4d648c0517811dfeb3273d

      SHA1

      c150029bf8cebfc30e3698ae2631a6796a77ecf1

      SHA256

      3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d

      SHA512

      1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
      Filesize

      1KB

      MD5

      6aefb332dbd0b785fed5b355dc5df4a9

      SHA1

      061498dc178eb31a66537506e2536696a98eda1e

      SHA256

      ed30b06364f85f9dd46f57950ca2a8679f4a075e704ac7b9e13a20321774ac09

      SHA512

      bc33645ee9a94456c66dedd3332ee998c14667a955cc8a193d80d1f1d9ec3906b564390d552629f24f70cc3a6403ef3b6ee5fffd27060d38732fbc61f973c5c8

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
      Filesize

      724B

      MD5

      ac89a852c2aaa3d389b2d2dd312ad367

      SHA1

      8f421dd6493c61dbda6b839e2debb7b50a20c930

      SHA256

      0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

      SHA512

      c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_4B79F4EFDB2EC605ACBBA3237A005347
      Filesize

      472B

      MD5

      2e17baea5dd0ccab2334b139acbbd9f6

      SHA1

      81e9cd619707413bdb028490af06f5f6ef40a076

      SHA256

      e1d0d53c44d9d1b5ce0ba055b75c69ed14cb153c6454609ec1f858e8ee144a17

      SHA512

      347e2cd040cd168f9992f71fe2b9ca86c59e692883fad43a1b5092c73676dd13cc2fa1ab4b040fa0dec0871f4dd19244620d87224c9bf729764f332fd3416b88

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_08872284D8414653D8A6B617C1164F2D
      Filesize

      472B

      MD5

      d21a8d3bbc1dcfe1a8a91315d7b3a83f

      SHA1

      b0b673cbb7656442c01f93466e37d436b7cc65fd

      SHA256

      b1b128a22ef979fde9b92b2817db8ae9b89d7a8e2478f5db1e38a17fab983f9d

      SHA512

      4180154f5e4c577d3a43fa380eb1f1bbd21ac74df3df47615df6e27f61752ac02c698d9d4c3609e0e7f8cb02c86f1d5f4210c2f29a5758e5fb12af9060180e94

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
      Filesize

      410B

      MD5

      d83ea1a28f108adabaad34855caff741

      SHA1

      5ff3407d39bd7adf11ef26f20e3f0e1533af7e1d

      SHA256

      ff9a2a769eff9e47edf6f23dea78714a787e4be137dd6609148a9ef97628473b

      SHA512

      def3d2611f8ed67cbef214a65dddca49353d0aae3772a05a5f6070bed713f39b52ab19ef4fe6d98ccf57d288ab91ff1f96eb77bf8ef5c38b4ef43a5f5b59fce9

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
      Filesize

      392B

      MD5

      0e46bd59acfaef9d83dff9390065cde1

      SHA1

      c68e16ad7fe6e245b5008ccc1d37bb300925d802

      SHA256

      ae31dcb4e542a739ac85e830b7152294a85e015b4cfb6bf8d58056f7f920fc06

      SHA512

      76716d29e56b25caf964beae71b40588a04f77c1bc7e02ad3b43ab650c2629236d666e4b91b54f6ab9ad98e0dff5dd04604f5d4e7458ad9c06ae3ef6d91da1b5

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_4B79F4EFDB2EC605ACBBA3237A005347
      Filesize

      406B

      MD5

      382386f2d575b4374dceb2fb836e63fe

      SHA1

      6bd8bf3284d204afe4ecfab70b52accdd1cdcaba

      SHA256

      c02d5b9fadaf8a11f28500d06c7ec9827849c626b1efbf6cf70685efccc7eb4f

      SHA512

      0bfe80cc255b3e16e488f658167bd00da8e5355081de8032f2b01b5c6ca8decf8cf8ce0d60f120f317ab72a00da9e8142e9b37f5e7a5cef7c5c124a762bf68e9

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_08872284D8414653D8A6B617C1164F2D
      Filesize

      402B

      MD5

      24becf7c997e1e1e1ad79ece18e69ad7

      SHA1

      ac09507142f29d004f1f980f53e01118215175e8

      SHA256

      06dd71cbe2e8d90700ed72d7a6ab1c69edf550f2308c5ce110794b6c165ed470

      SHA512

      4bc49c5bb9a47e780f4e71115cd3196063e1d737e2667aef9ee22efa1644d05afd1b580ecf2ab0dadc6977f2ec9ee7741ff9b535666f11303fb960d1a8656f4d

      Download Submit

    • memory/828-177-0x0000024E3AB60000-0x0000024E3AB62000-memory.dmp

      Filesize

      8KB

      Download

    • memory/828-181-0x0000024E3ABA0000-0x0000024E3ABA2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/828-175-0x0000024E3AB40000-0x0000024E3AB42000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1920-202-0x000002854F000000-0x000002854F001000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1920-0-0x0000028546A20000-0x0000028546A30000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1920-35-0x00000285471B0000-0x00000285471B2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1920-201-0x000002854EFF0000-0x000002854EFF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1920-16-0x0000028546C30000-0x0000028546C40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2224-96-0x00000245D8870000-0x00000245D8890000-memory.dmp

      Filesize

      128KB

      Download

    • memory/2224-65-0x00000245D8820000-0x00000245D8822000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2224-68-0x00000245D8840000-0x00000245D8842000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2224-72-0x00000245D8F00000-0x00000245D8F02000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2332-163-0x00000251BAD70000-0x00000251BAD90000-memory.dmp

      Filesize

      128KB

      Download