Overview

overview

10

Static

static

5

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    299s
  • max time network
    304s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    18-04-2024 23:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f47c2e47261d87476b14bba3b2804d7d9fe72a8e7c1aad84492f9ac7f2d47535.exe

  • Size

    896KB

  • MD5

    1683d2b3854ff7bfa19e7a0166af3d89

  • SHA1

    dcdd43a633a615901a1fa7d64c0f64cc575067e9

  • SHA256

    f47c2e47261d87476b14bba3b2804d7d9fe72a8e7c1aad84492f9ac7f2d47535

  • SHA512

    ec1ed7e47e978c2b6ebd30a7b7491722e1a5226d0bc1b1e809afc057c92e0aab104e6fd9196f7f8c453e58430fdf0fa881a3ee217a8ce8954205fee19325dfdb

  • SSDEEP

    12288:oqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaNTX:oqDEvCTbMWu7rQYlBQcBiT6rprG8aJX

Score
10/10
googlephishing

Malware Config

Signatures

  • Detected google phishing page
    phishinggoogle
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in Windows directory 8 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f47c2e47261d87476b14bba3b2804d7d9fe72a8e7c1aad84492f9ac7f2d47535.exe
    "C:\Users\Admin\AppData\Local\Temp\f47c2e47261d87476b14bba3b2804d7d9fe72a8e7c1aad84492f9ac7f2d47535.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2440
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4608
  • C:\Windows\system32\browser_broker.exe
    C:\Windows\system32\browser_broker.exe -Embedding
    1⤵
    • Modifies Internet Explorer settings
    PID:4180
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1768
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4712
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:3516
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:4856
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:2664
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:4284
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:4520
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:1856
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    PID:436

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZQ81V7UB\edgecompatviewlist[1].xml
    Filesize

    74KB

    MD5

    d4fc49dc14f63895d997fa4940f24378

    SHA1

    3efb1437a7c5e46034147cbbc8db017c69d02c31

    SHA256

    853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

    SHA512

    cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\IGXNE9GB\4Kv5U5b1o3f[1].png
    Filesize

    610B

    MD5

    a81a5e7f71ae4153e6f888f1c92e5e11

    SHA1

    39c3945c30abff65b372a7d8c691178ae9d9eee0

    SHA256

    2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e

    SHA512

    1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\T1596GMC\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\X5B8TXLA\favicon[1].ico
    Filesize

    5KB

    MD5

    f3418a443e7d841097c714d69ec4bcb8

    SHA1

    49263695f6b0cdd72f45cf1b775e660fdc36c606

    SHA256

    6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

    SHA512

    82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\2IKVHYJ3.cookie
    Filesize

    314B

    MD5

    e89bf29317f1034e7149c2a07a4fa6b4

    SHA1

    de0cea13b662af0a8d0e1d6e0928634a80795b92

    SHA256

    05dc1c110394ece786719df7186e62d0dce3df7c96586ab77bd73315479fdef8

    SHA512

    e77b73e96d58c2c430b61f2dbfad1f6fe3a4593101b6e7764b39d1e55a8fa3fe846e1a11ebfe9f220377f3ae14c745c81fff789e583517b2ec3c2a1b17f7e052

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\U1KBT2GA.cookie
    Filesize

    132B

    MD5

    c0acfe5b75a351c511f44beef04ba1aa

    SHA1

    2c60a75ca1888b30f442ee7f586ae0256a331dd0

    SHA256

    9cfc0403709442727fa5e2865ec34e9c86963ea65d57a534728c27b78fc80ed4

    SHA512

    556496ff340de90c9e0ac123375afc5c3ceb455647445d93e3dc8bfd03321948fb2d3e813f80fb5cd24af90a9201131b34d68d4882b9c815f5078036b960fd3e

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    e4631530ca2d3fdd6a35f596669e54e7

    SHA1

    68d9ab4969b7609ee8a93fa2ae766c9781748d37

    SHA256

    9e7216e6a933186a53c67090fe23f1849f1b3036897eddfed00313bef9370fb7

    SHA512

    dd58af9d8cb5e508e4d04872cb477f1cf9c04c68db87ccae04820fe351362296c5572b45ab416c08d41cb97374ceec3b0b0d28dfed750267622c5bf4dd79dad2

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_C0E9A060DFB4E460CC3576DA89FF9A7C
    Filesize

    471B

    MD5

    bc281a09d3e949376c8e2dbdb0f82a3f

    SHA1

    c87b2987c450a8b07484d7772f3a0a5c52e99818

    SHA256

    674a69dd0079032ff724774bb9427aca3210977262c1ea0c5fe2bfdc8f1a3052

    SHA512

    96615636865ce92f856c476f84664fd81b8fdd6b87c10bc9ad1a99c5f98213bc57db9c31bec747cfcdfc9afc4115dade8eb8bbbf64b8c0bf45b341517bf8f58d

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    ac89a852c2aaa3d389b2d2dd312ad367

    SHA1

    8f421dd6493c61dbda6b839e2debb7b50a20c930

    SHA256

    0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

    SHA512

    c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_9E23C1D3BC042F285396F92A9773D1F3
    Filesize

    471B

    MD5

    7d7e784f655eb849f188f2ff7b62513b

    SHA1

    0cab55085edd877b2f4fb48c6c5c02a45d3f2e7d

    SHA256

    d5af2542ad112462b260c73499fa73845e28df8ba121a9751fb1ae436b3d0f0a

    SHA512

    85c5c9b9b5c8fe99c721b754ec5dcb9de93439e8063ce6d9eee60fe8a5ac5e1b464ee60d95976c923313833770de9c14bbdf35fb67cdfcdb0abb9b1cedd68196

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    371ed3c43c6ef50e5a41570e813016fd

    SHA1

    bc8ff16e6966678cbe0c36f15fbc155fadd07987

    SHA256

    1ad99baf73d2d5ed9e53cd5ae59f885542e794be55229a21d320165b390d1882

    SHA512

    ae6bccf0a96783c7d1047fb62894347d3d14a20e46fada507962aa53362a01e2e06771000eea32c58fab725da77b7cdc4f1af2153dba4713d85442c30b926a00

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    4cffd5c38b51959999d20a8962acb628

    SHA1

    e242ca538a6badcc50957108ed1f52aab0408305

    SHA256

    3a43c99a9708d4e85270bbfb0300733b93e2f4898a69fd75b758f429013a081c

    SHA512

    9cc81649690fae9bf7257a5de611ccec99076c8a8c7a05f427bf512b5c9dc27829b87161e5f6786c1adf53a16e5f9277dcaed344435292f649b15bbee2c6062f

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_C0E9A060DFB4E460CC3576DA89FF9A7C
    Filesize

    406B

    MD5

    af728133cdfca66a2faa3197e574b2a2

    SHA1

    ef42fd75a0aa483ad5a8ea4628cb38216f5516e4

    SHA256

    d176b8c5d07ccbae3b2316a9b4986504cf7d07efa8239664482eb7131ef4a1ca

    SHA512

    60d43726ede57da31bcfd9ed2524fec54943e0bcf7488577eb5ac75810a5fd6ede111e8dbd5d3dd3f22f1d85e14e8d5b8f3a111dfc0e5f84c8882d04f3612447

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    0b99a648df89d6a6d2d0dd244c516ae0

    SHA1

    362e9ef12fe1c7c5f00c135bcb605ce614cec76c

    SHA256

    b24b1af1211848ec70e29e17cfb20b05fb9d8d728722ab659b899a6372193cdc

    SHA512

    551f76755f96b06c9667ddc0c1e2b5cd35ccaeab7b1f1d66f7260b47b510caee4c42f62076325177f80d6fdb0f757da2126baa576e78e6c79ec3ad684fac1789

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_9E23C1D3BC042F285396F92A9773D1F3
    Filesize

    406B

    MD5

    9b93b048432fae9451019c550ab6f762

    SHA1

    10fc4628ddcf5d3725ba691628945580459149a5

    SHA256

    cfc67f3668027aabf93388ab8093784dd5e6129f4b3492f6a7f2425b97e278ef

    SHA512

    28f88d006b4267bc4ab89d0801bb5ea226878c21e5df7ea06e54abcf143405a6cb173bf08f5b89d96b359ce8b3222f01a14411ae327f3ccdfe6f9c530da80e32

    Download Submit

  • memory/3516-129-0x0000025827650000-0x0000025827652000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3516-149-0x00000258276E0000-0x00000258276E2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3516-143-0x00000258276C0000-0x00000258276C2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3516-139-0x00000258276A0000-0x00000258276A2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3516-136-0x0000025827680000-0x0000025827682000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3516-153-0x00000258278A0000-0x00000258278A2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3516-168-0x00000258278F0000-0x00000258278F2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4608-240-0x00000276720D0000-0x00000276720D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4608-238-0x00000276720C0000-0x00000276720C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4608-0-0x000002766B420000-0x000002766B430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4608-35-0x000002766A7C0000-0x000002766A7C2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4608-16-0x000002766BC00000-0x000002766BC10000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4856-285-0x00000255F0EB0000-0x00000255F0ED0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4856-396-0x00000255F3BE0000-0x00000255F3BE2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4856-398-0x00000255F3BF0000-0x00000255F3BF2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4856-400-0x00000255F3FD0000-0x00000255F3FD2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4856-402-0x00000255F3FF0000-0x00000255F3FF2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4856-404-0x00000255F4010000-0x00000255F4012000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4856-406-0x00000255F40D0000-0x00000255F40D2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4856-408-0x00000255F40F0000-0x00000255F40F2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4856-410-0x00000255F4110000-0x00000255F4112000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4856-412-0x00000255F4130000-0x00000255F4132000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4856-414-0x00000255F4140000-0x00000255F4142000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4856-441-0x00000255F1960000-0x00000255F1980000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4856-392-0x00000255F1DA0000-0x00000255F1DA2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4856-389-0x00000255F2B60000-0x00000255F2B62000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4856-383-0x00000255F1810000-0x00000255F1812000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4856-333-0x00000255F3500000-0x00000255F3600000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/4856-196-0x00000255F2600000-0x00000255F2700000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/4856-187-0x00000255F17E0000-0x00000255F1800000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4856-183-0x00000255F2300000-0x00000255F2400000-memory.dmp

    Filesize

    1024KB

    Download