Overview

overview

10

Static

static

5

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    299s
  • max time network
    291s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    18-04-2024 22:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    84b0f0e332c0f89c1e4346ebf6b4db137fc8246da589a6fe1556635c3b13d889.exe

  • Size

    896KB

  • MD5

    e5d30da3a3bc7c7f4f249d62f1fb4cc6

  • SHA1

    1e41fc56866dd4418f2dad668e00e5a6a1927ffc

  • SHA256

    84b0f0e332c0f89c1e4346ebf6b4db137fc8246da589a6fe1556635c3b13d889

  • SHA512

    df996521c5ae662e7cf5417014824f88fa4c18e86aa2d75087d519d3c40027c1c5e57de833c683b33fd98875684f8162a3b0db2620054b1b2f935d33fcccff34

  • SSDEEP

    24576:ZqDEvCTbMWu7rQYlBQcBiT6rprG8aADV:ZTvC/MTQYxsWR7aAD

Score
10/10
googlephishing

Malware Config

Signatures

  • Detected google phishing page
    phishinggoogle
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in Windows directory 8 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\84b0f0e332c0f89c1e4346ebf6b4db137fc8246da589a6fe1556635c3b13d889.exe
    "C:\Users\Admin\AppData\Local\Temp\84b0f0e332c0f89c1e4346ebf6b4db137fc8246da589a6fe1556635c3b13d889.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1640
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:804
  • C:\Windows\system32\browser_broker.exe
    C:\Windows\system32\browser_broker.exe -Embedding
    1⤵
    • Modifies Internet Explorer settings
    PID:1344
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4448
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2264
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:440
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:524
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:5072
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:2680
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:828
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    PID:2380

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LICIZUQP\edgecompatviewlist[1].xml
    Filesize

    74KB

    MD5

    d4fc49dc14f63895d997fa4940f24378

    SHA1

    3efb1437a7c5e46034147cbbc8db017c69d02c31

    SHA256

    853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

    SHA512

    cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

    Download Submit
  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\0Q5WFQJA\favicon[1].ico
    Filesize

    5KB

    MD5

    f3418a443e7d841097c714d69ec4bcb8

    SHA1

    49263695f6b0cdd72f45cf1b775e660fdc36c606

    SHA256

    6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

    SHA512

    82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

    Download Submit
  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ECRD2SXD\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\FSKP83PL\4Kv5U5b1o3f[1].png
    Filesize

    610B

    MD5

    a81a5e7f71ae4153e6f888f1c92e5e11

    SHA1

    39c3945c30abff65b372a7d8c691178ae9d9eee0

    SHA256

    2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e

    SHA512

    1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

    Download Submit
  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    e4631530ca2d3fdd6a35f596669e54e7

    SHA1

    68d9ab4969b7609ee8a93fa2ae766c9781748d37

    SHA256

    9e7216e6a933186a53c67090fe23f1849f1b3036897eddfed00313bef9370fb7

    SHA512

    dd58af9d8cb5e508e4d04872cb477f1cf9c04c68db87ccae04820fe351362296c5572b45ab416c08d41cb97374ceec3b0b0d28dfed750267622c5bf4dd79dad2

    Download Submit
  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    ac89a852c2aaa3d389b2d2dd312ad367

    SHA1

    8f421dd6493c61dbda6b839e2debb7b50a20c930

    SHA256

    0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

    SHA512

    c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

    Download Submit
  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_9E23C1D3BC042F285396F92A9773D1F3
    Filesize

    471B

    MD5

    7d7e784f655eb849f188f2ff7b62513b

    SHA1

    0cab55085edd877b2f4fb48c6c5c02a45d3f2e7d

    SHA256

    d5af2542ad112462b260c73499fa73845e28df8ba121a9751fb1ae436b3d0f0a

    SHA512

    85c5c9b9b5c8fe99c721b754ec5dcb9de93439e8063ce6d9eee60fe8a5ac5e1b464ee60d95976c923313833770de9c14bbdf35fb67cdfcdb0abb9b1cedd68196

    Download Submit
  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    c6e13c8b9b64090f7f0022f4d7b6681a

    SHA1

    d5ca48e405febd5ab413f919e7de19d507b90cc9

    SHA256

    aa1bf5819df32fb56e6298edc8769888137b1c91158f85cb592350e1a4aec178

    SHA512

    f984f259b45f8351b27c0dc7ae5ec4fc213d5632d014259edd7f38874d6f57ae4c10beae938b74a6d52f24dc9fc3da80e4241e9d3b9f0fa305f935a013c14902

    Download Submit
  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    0d569891cf5ffa591fdaec6d89b143db

    SHA1

    5ceecd7157c106f7ca1c3880fb4cbdba6497dafb

    SHA256

    67a83999415c21a9ab1d3dd4a629b4955823a943ca816c9e29633576bbfe107a

    SHA512

    e39826db8f2c557eacd6a83c0204057c0852b3e5ffa7a53affcfee91dd5b6d4684613aa97d5b2bbd23f163f60cd65923576ea9b2c33b4b7f05eaacd0db2d6896

    Download Submit
  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_9E23C1D3BC042F285396F92A9773D1F3
    Filesize

    406B

    MD5

    1cade7cb257bce4f48204f9f58e31d15

    SHA1

    e538ea60792577119abfa19ee55a826534cff957

    SHA256

    7f415515eabad63f194019d6cd14d1a74bd71ade626b3c0338e35099d5ebe355

    SHA512

    bc222f06fe2b781b13f1cc2da8698b8863fd84f33ffee5d5e0d6fd84f282d373cae9ae33a82fa568815732423c5f98f86e651937d6406837fa64cd954542c524

    Download Submit
  • memory/440-99-0x0000015BC8FF0000-0x0000015BC8FF2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/440-105-0x0000015BC9370000-0x0000015BC9372000-memory.dmp
    Filesize

    8KB

    Download
  • memory/440-107-0x0000015BC9380000-0x0000015BC9382000-memory.dmp
    Filesize

    8KB

    Download
  • memory/524-387-0x0000021D4F1B0000-0x0000021D4F1B2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/524-380-0x0000021D4F170000-0x0000021D4F172000-memory.dmp
    Filesize

    8KB

    Download
  • memory/524-161-0x0000021D4D3C0000-0x0000021D4D3E0000-memory.dmp
    Filesize

    128KB

    Download
  • memory/524-231-0x0000021D3C000000-0x0000021D3C100000-memory.dmp
    Filesize

    1024KB

    Download
  • memory/524-249-0x0000021D4CCE0000-0x0000021D4CD00000-memory.dmp
    Filesize

    128KB

    Download
  • memory/524-314-0x0000021D4E700000-0x0000021D4E800000-memory.dmp
    Filesize

    1024KB

    Download
  • memory/524-156-0x0000021D4D700000-0x0000021D4D800000-memory.dmp
    Filesize

    1024KB

    Download
  • memory/524-351-0x0000021D4D1E0000-0x0000021D4D1E2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/524-342-0x0000021D4EBD0000-0x0000021D4EBD2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/524-358-0x0000021D4EED0000-0x0000021D4EED2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/524-361-0x0000021D4EEE0000-0x0000021D4EEE2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/524-364-0x0000021D4F050000-0x0000021D4F052000-memory.dmp
    Filesize

    8KB

    Download
  • memory/524-367-0x0000021D4F070000-0x0000021D4F072000-memory.dmp
    Filesize

    8KB

    Download
  • memory/524-371-0x0000021D4F090000-0x0000021D4F092000-memory.dmp
    Filesize

    8KB

    Download
  • memory/524-376-0x0000021D4F150000-0x0000021D4F152000-memory.dmp
    Filesize

    8KB

    Download
  • memory/524-159-0x0000021D4D3A0000-0x0000021D4D3C0000-memory.dmp
    Filesize

    128KB

    Download
  • memory/524-384-0x0000021D4F190000-0x0000021D4F192000-memory.dmp
    Filesize

    8KB

    Download
  • memory/524-403-0x0000021D4CCC0000-0x0000021D4CCE0000-memory.dmp
    Filesize

    128KB

    Download
  • memory/524-390-0x0000021D4F1C0000-0x0000021D4F1C2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/524-393-0x0000021D4EA30000-0x0000021D4EA32000-memory.dmp
    Filesize

    8KB

    Download
  • memory/524-401-0x0000021D4E700000-0x0000021D4E800000-memory.dmp
    Filesize

    1024KB

    Download
  • memory/804-0-0x000001EE5A220000-0x000001EE5A230000-memory.dmp
    Filesize

    64KB

    Download
  • memory/804-124-0x000001EE60A80000-0x000001EE60A81000-memory.dmp
    Filesize

    4KB

    Download
  • memory/804-123-0x000001EE60A70000-0x000001EE60A71000-memory.dmp
    Filesize

    4KB

    Download
  • memory/804-35-0x000001EE576F0000-0x000001EE576F2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/804-16-0x000001EE5A600000-0x000001EE5A610000-memory.dmp
    Filesize

    64KB

    Download
  • memory/828-447-0x0000011FB38A0000-0x0000011FB38A2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/828-450-0x0000011FB38D0000-0x0000011FB38D2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/828-452-0x0000011FB38F0000-0x0000011FB38F2000-memory.dmp
    Filesize

    8KB

    Download