Overview

overview

10

Static

static

1

URLScan

urlscan

10

https://bit.ly/3Jn9t...

windows10-1703-x64

4

Analysis

  • max time kernel
    132s
  • max time network
    134s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    19-04-2024 20:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://bit.ly/3Jn9tO9

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 19 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 32 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://bit.ly/3Jn9tO9"
    1⤵
      PID:4104
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3256
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      PID:4540
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" https://steamcommumnuty.com/getgift/carw/50
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:408
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:408 CREDAT:82945 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:4152
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1452
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1612
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:3968
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:4276
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4764
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:3196
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:316

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\7T1RN7A9\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\AD9LFUM4\favicon[1].ico
      Filesize

      37KB

      MD5

      231913fdebabcbe65f4b0052372bde56

      SHA1

      553909d080e4f210b64dc73292f3a111d5a0781f

      SHA256

      9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

      SHA512

      7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\jy91ein\imagestore.dat
      Filesize

      46KB

      MD5

      317a75a9acd9c80bfad2363ef671e617

      SHA1

      f1055b1469e8a8bf75c2d2e638aaf03bee5be2d8

      SHA256

      c22638c091542a5e1a19d2ba3fe38387d1ce32558d38da793191272f7f3f2dce

      SHA512

      d2436f0f5fdff1cc5e55e98ffe373abce6222056ead1ddba6aa5d6b2978939e6c43582b11a47c32d2fc6c437c7270f8e4697d9788802dccbd25a8baadd4d5a33

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
      Filesize

      1KB

      MD5

      5b121a7a52f3006896ed592436d639b8

      SHA1

      632d50b0321b02508806f709bf216604c25d5a0b

      SHA256

      95b4c8faafe749b26c6e93dd581ae9be3fadcebd65d052afae4c9092fef61d50

      SHA512

      bb3bfa2f47e35032dadfa5472d3b6c47643786a5fdb7d9fed79641f75c7e043d15f50fa5eb87133cc982547079b3e616247c9384c1154204b158ad83b11d77e2

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
      Filesize

      724B

      MD5

      8202a1cd02e7d69597995cabbe881a12

      SHA1

      8858d9d934b7aa9330ee73de6c476acf19929ff6

      SHA256

      58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

      SHA512

      97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
      Filesize

      410B

      MD5

      aadb67f34cac91d97f1fad521935aa85

      SHA1

      e964dcb035e5f6c3f0c46560e1f2e61d7b66a02e

      SHA256

      de2ca77400dc59c19664d70f1b2070dc82dd4df52e75dc033de3bdd4315cab40

      SHA512

      45541136eca3d795e0c898c9e0ecb0a4d490b83c74ab401dd7786e2886e7ef25d1ab3d04d12bf8b8acc8654fe16734eafddc81974d09551debbe5f9319ca6e4e

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
      Filesize

      392B

      MD5

      99df5d107f69febc728745729bf382ad

      SHA1

      db7c6073d59f376762bb9b06b8ae5bfa44dace27

      SHA256

      b40a9028c54dc98e95eefb59b736a2bde0ae152cc44a85002ed00ba24986f486

      SHA512

      fbcb6c7668f862beeb4e1b1171b3b4556d4656e0b216062d82203577539fb549d7f318b46b5e3e312d3165fa5d4676be8371a1d812dc2b302a46cd4dc53bd1a8

      Download Submit
    • memory/3256-0-0x0000028491F20000-0x0000028491F30000-memory.dmp
      Filesize

      64KB

      Download
    • memory/3256-109-0x00000284986A0000-0x00000284986A1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3256-110-0x00000284986B0000-0x00000284986B1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3256-35-0x0000028491090000-0x0000028491092000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3256-16-0x00000284927C0000-0x00000284927D0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/3256-337-0x0000028499100000-0x0000028499FC2000-memory.dmp
      Filesize

      14.8MB

      Download
    • memory/3968-258-0x00000251EA8D0000-0x00000251EA8D2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3968-321-0x00000251D76D0000-0x00000251D76D2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3968-260-0x00000251EA8E0000-0x00000251EA8E2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3968-266-0x00000251EA8F0000-0x00000251EA8F2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3968-276-0x00000251EAC40000-0x00000251EAC42000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3968-301-0x00000251E8C10000-0x00000251E8C12000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3968-305-0x00000251E8C30000-0x00000251E8C32000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3968-255-0x00000251EA880000-0x00000251EA882000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3968-323-0x00000251D77F0000-0x00000251D77F2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3968-251-0x00000251EA0F0000-0x00000251EA0F2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3968-212-0x00000251E9820000-0x00000251E9840000-memory.dmp
      Filesize

      128KB

      Download
    • memory/3968-104-0x00000251E89E0000-0x00000251E89E2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3968-72-0x00000251D7BD0000-0x00000251D7BD2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3968-74-0x00000251D7BF0000-0x00000251D7BF2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3968-69-0x00000251D7BA0000-0x00000251D7BA2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/4764-436-0x00000219A3870000-0x00000219A3872000-memory.dmp
      Filesize

      8KB

      Download