Analysis

  • max time kernel
    149s
  • max time network
    143s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    04/04/2024, 13:32

General

  • Target

    small-games.info.url

  • Size

    50B

  • MD5

    705d7159a663cea1b3db58bdedc96f77

  • SHA1

    04a1d8bc075829ae8f05a8def19a95352855808b

  • SHA256

    64030dfb4f3b9face0252a464d3c96e1e757cde2bd28604d134a1b8c2efaafaf

  • SHA512

    682d38c4296c47ca28e4f9b672313b94f81e0995e8a34bfed3f2e9c53b45b76dc127c4b10af72e973fa2d8a3a84754df8a7951314df88b1595a54f5767dc8b30

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\small-games.info.url
    1⤵
    • Checks computer location settings
    PID:1848
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5032
  • C:\Windows\system32\browser_broker.exe
    C:\Windows\system32\browser_broker.exe -Embedding
    1⤵
    • Modifies Internet Explorer settings
    PID:4664
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:648
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2588
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:2584
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    PID:4236

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E0BFK5N1\edgecompatviewlist[1].xml

          Filesize

          74KB

          MD5

          d4fc49dc14f63895d997fa4940f24378

          SHA1

          3efb1437a7c5e46034147cbbc8db017c69d02c31

          SHA256

          853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

          SHA512

          cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\2ZZRPTVO\vk[1].xml

          Filesize

          13B

          MD5

          c1ddea3ef6bbef3e7060a1a9ad89e4c5

          SHA1

          35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

          SHA256

          b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

          SHA512

          6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\2ZZRPTVO\vk[1].xml

          Filesize

          270B

          MD5

          3abcf5d7d5a72c083d3176f80c396907

          SHA1

          06a1018e932f0e8a7e01f94cb415b7d3b03cca3e

          SHA256

          dd62e353856c0a25697d430f6999336bbe3ff23d53e987ea5c6d687836aa05a4

          SHA512

          fec88e1d5b6d4e13dcb9b3d516ead7d9ea8beab5d8777af7d27c49de894f4a233d1fec403616b3b16634e2294fc4d9496e2d0fdaea7701f58b0b8e326125c545

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\2ZZRPTVO\vk[1].xml

          Filesize

          394B

          MD5

          60ada55ca24fa8095e7ada9116f2bd88

          SHA1

          5a08d304df5ea10451a3ebb8dbd846cd263c5c84

          SHA256

          b14fb225fc9cd6732614bf3d74728bbb891acc3a9d337506b601383c9a9aefa5

          SHA512

          6b433b04946f45eddde3017f9ed85c45d833d87a8e8d52302ced02f97b8dee134b8127e18bc730ca5404206a3fe2ee2dd55a1f40b154edccbae918b143c31297

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\2ZZRPTVO\vk[1].xml

          Filesize

          510B

          MD5

          99b9184d91e0d171051a3a62f3919505

          SHA1

          923a7a77a614f4f749e8dc5f8487e0c3af182594

          SHA256

          bb0ee1751ad354c687ed3cd6c741644d803aa292a72920006e231020b4bb6b48

          SHA512

          46406978f4378d2065a8a39ddedbd8fc0297257043b13c5382438f0fb1a6e3d3ca00f3807720efe4e25c24b48f56ef1a3481a85c38575fe964bbf5abf81225fe

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\IUY6W5C0\small-games[1].xml

          Filesize

          86B

          MD5

          4bb3223c8d6bb24ad999184c57f79a09

          SHA1

          0cd4403d7aeae3fc6b936315c1b28f2e68a81c33

          SHA256

          b2df112069723f16bb09f5fe170c21bbe64ee3282ed178c3c5b99d665667b09f

          SHA512

          cb12a89ec8696de06ed34315c693fea0b3f718970157906edc99ed92bd6d240291d935dc66c2abc85808a13497d7080eaa1e52340406414f389992a98c54b747

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\IUY6W5C0\small-games[1].xml

          Filesize

          354B

          MD5

          6971615543a997415332b89345e66b4f

          SHA1

          3c21ad6ea63757a18e302a03c76c7a5c81c93d5d

          SHA256

          0ae1330b67397eefcd1c8147a9d8bcdf5c4f6efa88848783c3cc34cb6ef6e888

          SHA512

          6cd5cbdc8a178e577863cfaf0089781e8bfdfc1a2951af5703a583571ae148316251b43adf928a45728891b54480a8c93cb2c043149a0763bb9e7c28fd29f927

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\IUY6W5C0\small-games[1].xml

          Filesize

          1KB

          MD5

          a1b75717128c6202c22e94b0ef7b7e05

          SHA1

          404c7a52d2bd5cb585f718264cbb2b875aa9bb27

          SHA256

          dcd75870c26f1a8bff55a4276860c2e128b8861cd97cdb60decc02629d809b17

          SHA512

          268cb0450032aaa0c90a6fa9ab49212149d9c27e5af14dcca377fffc7e21d7b413c02e272f0d660e41c0d34205d56e123484dbee88c96d6a1ff55ed5ce0b9218

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\0GHAFUHV\suggestions[1].en-US

          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\HH1VPV0V\favicon[1].ico

          Filesize

          894B

          MD5

          2a913dbd3744e7021cab39a02f60e7e9

          SHA1

          6e86a56aacb1c1339fa0d7f332694438a8aa76b1

          SHA256

          118d40b9d4fe561f8cbb4e97e063f0564881efbf9b9db02b57912d659dfe13d2

          SHA512

          8e6d1a93d0e2262020f1ddc493c8fdc402e0faba9c78dd6403de141c2acd182333996a30f1342a5c055796b1aa9d7316f706f4a2c0ff305e9e4d982b482a2548

        • memory/2584-93-0x00000154AA820000-0x00000154AA822000-memory.dmp

          Filesize

          8KB

        • memory/2584-173-0x00000154BCE80000-0x00000154BCE82000-memory.dmp

          Filesize

          8KB

        • memory/2584-178-0x00000154BDB90000-0x00000154BDC90000-memory.dmp

          Filesize

          1024KB

        • memory/2584-154-0x00000154BBA60000-0x00000154BBA80000-memory.dmp

          Filesize

          128KB

        • memory/2584-136-0x00000154BBEA0000-0x00000154BBEA2000-memory.dmp

          Filesize

          8KB

        • memory/2584-229-0x00000154BE1B0000-0x00000154BE2B0000-memory.dmp

          Filesize

          1024KB

        • memory/2584-232-0x00000154BE1B0000-0x00000154BE2B0000-memory.dmp

          Filesize

          1024KB

        • memory/2584-239-0x00000154BB9F0000-0x00000154BB9F2000-memory.dmp

          Filesize

          8KB

        • memory/2584-86-0x00000154AA6D0000-0x00000154AA6D2000-memory.dmp

          Filesize

          8KB

        • memory/2584-243-0x00000154BBA80000-0x00000154BBA82000-memory.dmp

          Filesize

          8KB

        • memory/2584-139-0x00000154BBED0000-0x00000154BBED2000-memory.dmp

          Filesize

          8KB

        • memory/2584-91-0x00000154AA800000-0x00000154AA802000-memory.dmp

          Filesize

          8KB

        • memory/2584-153-0x00000154BB9C0000-0x00000154BB9E0000-memory.dmp

          Filesize

          128KB

        • memory/2584-321-0x00000154BEC00000-0x00000154BED00000-memory.dmp

          Filesize

          1024KB

        • memory/2584-141-0x00000154BBEF0000-0x00000154BBEF2000-memory.dmp

          Filesize

          8KB

        • memory/5032-281-0x0000020BD2B10000-0x0000020BD2B11000-memory.dmp

          Filesize

          4KB

        • memory/5032-0-0x0000020BCC320000-0x0000020BCC330000-memory.dmp

          Filesize

          64KB

        • memory/5032-280-0x0000020BD2B00000-0x0000020BD2B01000-memory.dmp

          Filesize

          4KB

        • memory/5032-35-0x0000020BCB4E0000-0x0000020BCB4E2000-memory.dmp

          Filesize

          8KB

        • memory/5032-16-0x0000020BCC520000-0x0000020BCC530000-memory.dmp

          Filesize

          64KB