Analysis
-
max time kernel
83s -
max time network
90s -
platform
windows10-1703_x64 -
resource
win10-20240221-en -
resource tags
-
submitted
11/03/2024, 21:12
General
-
Target
download.html
-
Size
117KB
-
MD5
0d7adc631c43d54a7902b20a47789c81
-
SHA1
8e2b0b3ae5c2285a192e024abbb6e3b766160892
-
SHA256
c5451af6287cc48f761b476ae4d1cf7def11ad6482ce63a2bf973f67d4972f25
-
SHA512
6226062383e29b4ec6fc4b71737654eccd4945c505a4bc0eef6e864494f650957a553decf39aa025c11b22f67daa797c0a0640f5300b69d0ca1cb3d5e0718dda
-
SSDEEP
1536:snAltI+SFMN3/yapwzEApQ4iRTTsBFA0gfvQH8mciKyH2H8Lquju8oIER:q+SFM7KzeRQH8tyH2H8WujuZIER
Malware Config
Signatures
-
Drops file in Windows directory 7 IoCs
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 3 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: MapViewOfSection 14 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\LaunchWinApp.exe"C:\Windows\system32\LaunchWinApp.exe" "C:\Users\Admin\AppData\Local\Temp\download.html"1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4660.0.625773458\127521772" -parentBuildID 20221007134813 -prefsHandle 1688 -prefMapHandle 1680 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbb39d76-4f92-47aa-8607-32600b34f11b} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" 1764 178764d6858 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4660.1.418012903\393507720" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86ef2cde-cec7-461e-a9d5-41a6597ca98f} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" 2120 1786b272858 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4660.2.665577858\1341704565" -childID 1 -isForBrowser -prefsHandle 2796 -prefMapHandle 2692 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cb2f1ec-12e0-47c1-b60c-416cd4ad9358} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" 2840 1787a4a7058 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4660.3.1110288384\2103040576" -childID 2 -isForBrowser -prefsHandle 2932 -prefMapHandle 2708 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bacf11c5-7ed8-4e8b-a402-f03bb5da328a} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" 3468 1787b213858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4660.4.100910250\765115198" -childID 3 -isForBrowser -prefsHandle 4324 -prefMapHandle 4328 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {37577090-c0b9-407e-9a77-e5145c261d96} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" 4240 1787c490658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4660.5.1179265068\782260837" -childID 4 -isForBrowser -prefsHandle 4804 -prefMapHandle 4800 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee2f9917-0a08-414e-be79-cfe32ef3bcf0} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" 4812 1787c654558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4660.6.648838\2135706208" -childID 5 -isForBrowser -prefsHandle 4952 -prefMapHandle 4956 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {19531547-ddc9-4fbb-a19c-a29f91f36abb} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" 5036 1787c95e358 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4660.7.1360001985\1259431216" -childID 6 -isForBrowser -prefsHandle 5148 -prefMapHandle 5152 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d49ea7aa-a6cc-4a62-a10d-ee22418dac4f} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" 5140 1787c95f258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4660.8.1742904198\1455589918" -childID 7 -isForBrowser -prefsHandle 4800 -prefMapHandle 4384 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {209b1691-c3c7-418d-a59f-dedb3c9e2ba0} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" 4404 1786b25e858 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
74KB
MD5d4fc49dc14f63895d997fa4940f24378
SHA13efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a
-
Filesize
43B
MD5325472601571f31e1bf00674c368d335
SHA12daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
SHA256b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
SHA512717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc
-
Filesize
4KB
MD51bfe591a4fe3d91b03cdf26eaacd8f89
SHA1719c37c320f518ac168c86723724891950911cea
SHA2569cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA51202f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db
-
Filesize
426KB
MD59407efa17b9fa09288ff833eeb111cc7
SHA14fba1d46d43eeaeff48b8493245e5cda953285c8
SHA2569cfaaf4e24c9a20159123c632711d2cbb98854a66ab659a5c24373633f180d4a
SHA512f864566e20f37099463b4bb39665a52293402d293f9bdbccdac3b6cda7db41f91ce79c34786129f84c822f2c35a7a0976060fcd97271dd27685e4f6255f70b0a
-
Filesize
38KB
MD5ccc7bdfd4fec43bb4e2ee254705af6f9
SHA19a2a188ff810fd0f025266d2b65f448a5ca84181
SHA2560881d43075354250e7ca66af2628b7f894bca339f73be5add8c16e166d253708
SHA51293e7b2cf7c54dda5bacede673dee2829335642aca27eb36afc4a117ee38e00bbc2ee801d751c7af5cbd1c31d0fb92643a862ca710f243e4e9fe64027fa0e39b0
-
Filesize
23KB
MD504a736599abd9d35460f225bdd4d2c6b
SHA1f3a6c5e12a6862451d6a457230a506ce0dbd4007
SHA2568dab3ce341beacb7483049495e317f00aad8ec7d960f98f2619536fb8f2f75f1
SHA512a30d77969ff900e42f743bbbc44ff76a7c6abfba0641ebba1e8e93df72e8b232b774daa105252ecf52042bc6a995bbce17f9e91b2343f844776adc40967adccc
-
Filesize
2KB
MD505f7055a18edb147620491f116be4c9e
SHA1a6491a587419554cc07f4907b00de33d94d2b46c
SHA256bae56e5ef291cfc91b5b0eafbd1271b0418551d33f06eae650d96fd3442eb42a
SHA5129fbf9e8069d4e4eb1fb9feb577e7eb7ca97f3d1f255afb58b43a51509e087cdca7c60d9834fb305ca69606cbc67881b3072f2bc76a24dd9ef40f8409d8a48feb
-
Filesize
485B
MD57e6af01fec51fbf4fd1ec30aa7872236
SHA1be8a5989a71d71a133f0627d2e4bd93b1ff54353
SHA256c7d5d62717ec4ba9ff123a2f69bb72174bb9f566dd4c4620f5b8d6bda9db18d7
SHA512a056de4962fe64bc9e7bc69954ee6d21495f668927ff6009a8db11e22999fa7e8dab1b959816be37fb905f73bc9208d5d6dd60ae2aa0f82f2b70afc9a3c18ab4
-
Filesize
1KB
MD5205bbb2aabbf6df9290da61026a3f6f2
SHA14f21bf0657e6ec6427ebf8145139c855863c2099
SHA25669c03ffd2ac94497289f61e7cb55e9fe34eaf7b67dc7a7aebb075dbcfca4470b
SHA512d4539cd9e4fbb594dc95f9cf3dc35f35a39155327e6eb2149ec45b5d0e9581f62392cdeba446c29fb295995609ace51028903c89ecb42b0a5d759fc7714e5502
-
Filesize
20KB
MD5c76092fcbb905028a0384a3b85c7a9eb
SHA18504a87bbbd5e518c1f99da3285a9bc441ac08e8
SHA256c87d38136f87c621820a4577e53ff9466ab01126778b7597d4e12ce518e893c7
SHA51280ab3e968be0a9c52befadb4369299aa5b4664819948431085d6a4def110b40b15ce2ca7817f4fdee90190e2d52454da2960dc9e6dddfd28f43d11f4059227ee
-
Filesize
2KB
MD500c32612a7d3d158a6ef5b48898d7e79
SHA10a5627587fdd5e06cc705608297e4d1467f8eb30
SHA256e419937d98961a024d3c46f132ab9fb7523a29adcae818dd87a36a4cfbcb5321
SHA512b6f5c417a6b49007eca5a5365ec22768ba15f98e6a49dbc6668e3eca3793fed4c73725309cc650a68bfa33cf51b44cf4769dc4146089c4b86c25149ba0290ace
-
Filesize
746B
MD51486fff2e44b2033b009d8e47329a19b
SHA190477de895dec2529232d525abaec086cd67dab1
SHA256c4e0e7490c226238fdeaf927620dc95bc43162ebde62b98b126b91f37c25e360
SHA51237078c87e6bc2eab04bbbbaf31bc4ea400f6bef9eaefb492a29cba6de457dea9f30c5bf8222fc79a2b7a247141c6f510d43ab8af9a8998893ef1561e7add4b24
-
Filesize
6KB
MD520e7af9c25aa92036f5207285d21bd73
SHA16d154616ccc6bcdb897ec38fe7961364380647d2
SHA256171450dc3b2043d6e51a943c918a4a4d4c9830ea82786ce1a4da4a06cdd4c727
SHA51271544820498a5e9e6ab005a3efca5517dd69c287b0a6a7457af14a3c2bde59d09cb730ff0dbe699fdd08a524306e04aa8ee3683f4fb63a8965aed1d372508183
-
Filesize
6KB
MD5f4160b42bb0c2a5fcef9a7a2d09ebd3a
SHA1c5772dc8a8412d9f49497e155a39adfd0d762ef9
SHA256ea811f4828138457bb3addc32dec52cb749c6ec1af8a9e398e87e5215ba23984
SHA51294ec078136d946e37c51e87794ab0136799c98498faf066c26e0e249c8831a0ef88ef3420e1381cf39c5e95e824c53e0f951f6d11c5041f20f47dd9b127ebd24
-
Filesize
6KB
MD5163f2b6be781d05ce4653d6fd88f6f39
SHA138fb3a56f61296a98f6d4773f057af777d2df82d
SHA2566b89ce45c4c81341a67d9e23a5750879e2807e306dd4e19f26a0afd5fda50eeb
SHA512c1f12b4e4f0265a2b31c7eced57641c7b5b154649de81c517e3e55141b4060f13515edd5485211617125bcb16580a85d28f581c607cc34ab64d36c5aaa919230
-
Filesize
1KB
MD53bcdef0c4aab58f3f5ce81581ac3b709
SHA1be995bbf03570c8339de680d06f7c821c6fbf2bf
SHA25696527d21e5cc99e7b2ad756847e5b6df692edbe13d0f37c84cabd0e90b2c804b
SHA512cfbec5e4781a5059a5f24167bacd9f3c620b2c3c453e0919118aac3b073e74861d2b54141981436ef45e7f5819db92b524d40fdd3595836999a7904b2ff3ce6c
-
Filesize
1024KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
128KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
64KB
-
Filesize
8KB
-
Filesize
64KB
