Overview

overview

10

Static

static

5

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    299s
  • max time network
    244s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    08-05-2024 00:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ecdf6f17579b62cc24d6f2a15af41ae188aeef25168eb3997c830ea4b59fc88a.exe

  • Size

    897KB

  • MD5

    46ba8050e99ba3b9cc6b4de89b243f48

  • SHA1

    dd6445f353993453185057d94f45811a4376fecb

  • SHA256

    ecdf6f17579b62cc24d6f2a15af41ae188aeef25168eb3997c830ea4b59fc88a

  • SHA512

    505e7152e63a241fc8f77547aeadac454d63ea27cfdbaf2c147481ca76b802d4e3afaf8539d3ad5cee939096671b3d2801ed7d9bd8840f5eba8911cec49dcebb

  • SSDEEP

    12288:eqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgajTB:eqDEvCTbMWu7rQYlBQcBiT6rprG8a3B

Score
10/10
googlephishing

Malware Config

Signatures

  • Detected google phishing page
    phishinggoogle
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in Windows directory 8 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 30 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ecdf6f17579b62cc24d6f2a15af41ae188aeef25168eb3997c830ea4b59fc88a.exe
    "C:\Users\Admin\AppData\Local\Temp\ecdf6f17579b62cc24d6f2a15af41ae188aeef25168eb3997c830ea4b59fc88a.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4092
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3000
  • C:\Windows\system32\browser_broker.exe
    C:\Windows\system32\browser_broker.exe -Embedding
    1⤵
    • Modifies Internet Explorer settings
    PID:1596
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5080
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:3128
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:664
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:596
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:2004
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:96
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:5104
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    PID:4492

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OHP8MVFQ\edgecompatviewlist[1].xml
    Filesize

    74KB

    MD5

    d4fc49dc14f63895d997fa4940f24378

    SHA1

    3efb1437a7c5e46034147cbbc8db017c69d02c31

    SHA256

    853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

    SHA512

    cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\JM591X2J\4Kv5U5b1o3f[1].png
    Filesize

    610B

    MD5

    a81a5e7f71ae4153e6f888f1c92e5e11

    SHA1

    39c3945c30abff65b372a7d8c691178ae9d9eee0

    SHA256

    2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e

    SHA512

    1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\JQN3SUKG\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\OGIX1B8C\favicon[1].ico
    Filesize

    5KB

    MD5

    f3418a443e7d841097c714d69ec4bcb8

    SHA1

    49263695f6b0cdd72f45cf1b775e660fdc36c606

    SHA256

    6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

    SHA512

    82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    af14424bd91fa356e225129fe451aacc

    SHA1

    4046dc95051bf8382196ff1fec36326c22dc1aae

    SHA256

    26f7df2742be7eae0cecb3954ab69d2f1ad25c6b63a21e3a477ea34dee8301ae

    SHA512

    362068ce189ee00c318b574ebc8fc4f2e09add21f6c79aea8fe2f69ece44c0beaeb6c7fec7297a0b758ea5b8879ab0e9993c74ab262e200e289c05833e734179

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_527BC5AE70FADE67FCC98047A960E62C
    Filesize

    472B

    MD5

    d1f0ab4627f537d1c6f23d3bfd94920e

    SHA1

    6e583085a4876db8a70884f505ceaf9d7ff987df

    SHA256

    473b71ecf033c652897c8d338ecf2863bdc9b37e84b413f3443fbee795cbeb2a

    SHA512

    cb4b66dd69a2239eae8d6922ae0c1b4e11566cc202033a4607eb51d08af0a3b44ece58069bef4ba6c7c7037708422c034334c3d00d39493f700ab91c94583f7f

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
    Filesize

    4KB

    MD5

    1bfe591a4fe3d91b03cdf26eaacd8f89

    SHA1

    719c37c320f518ac168c86723724891950911cea

    SHA256

    9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

    SHA512

    02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_3CD096171F9FB100FF26D7BE0A4738FB
    Filesize

    471B

    MD5

    bf56f5bf051e9adbdcb23851a207d429

    SHA1

    b55f5be1e93596ee7ac16d78c474e7ab9eb1b269

    SHA256

    8c1bd835f62c4fbd657493bd5704f85b9271eeca3f9ce0e69ce0776a79aac03d

    SHA512

    eda586ffd6837c27d4c242ed8b2ea986926dcd81892a5e6a24a4185d83f654d08966466ff434c36dd0f68deebfb8d93bdd277ec21deb79cec494bb1ae4684f75

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    ac89a852c2aaa3d389b2d2dd312ad367

    SHA1

    8f421dd6493c61dbda6b839e2debb7b50a20c930

    SHA256

    0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

    SHA512

    c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    17d8955ea99f9c653f8458a4e0578e27

    SHA1

    d551cb6870750c247e64debc1a3d34e9286aa420

    SHA256

    3997ad36d6098a0e603abfb69dfc1a4766b405fa7183063a0bea7f62f970f230

    SHA512

    9d112a202338311cda1d3e5b264ad256c7b107e097ca34735fb1477c207d89f6a457210a1f6150e3c5cbf8d353f1669826e4a3ffaa8ad9c6bde030955efa9362

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_527BC5AE70FADE67FCC98047A960E62C
    Filesize

    402B

    MD5

    157c2f1f1f0358977506a4d2ee81e078

    SHA1

    1dbb94bd5945444af5b7c4ef1a5a7a4c892720ea

    SHA256

    fded56bd6420458c12b1a7a9175f510f892a0f26f22e3f712556308010e5d3b8

    SHA512

    a6c3eb042c3fa7e057be160a32a00634f7bdbd1d8083a1747e9bb004f307dd250abe507b3235ead17b320023b8b49bc44c21eb05e56728302bbc8be982fceea5

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
    Filesize

    338B

    MD5

    5b3f7508d04aa02f30f3e4bf8ddb043b

    SHA1

    284667bfdc80c6df337a340c19cb3ff0be8c4af0

    SHA256

    85ad277a8351d7bf573437ce96cf363765735e1217bb2106998d618a469febb6

    SHA512

    5697c5bc10a2799f6ccfc11a03a92e2b2d95303279fc0dbae5cf409e44c05f1952e27ad2851957e1701dd84675178c0f51d08cf08c883afa6caee3abfed70949

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_3CD096171F9FB100FF26D7BE0A4738FB
    Filesize

    406B

    MD5

    6a03021f171ce8648b999213cc39f042

    SHA1

    4b36fcaef1bdf27d4b3ba6e30e3532b16a7fc549

    SHA256

    b76c316db5cb9a3f2b75e40ec00ae2209b47d8585d6e815b4ff7bb42fa91f6a2

    SHA512

    b5b71ba680b5aeab5ed5189ee64376eae9d5369c9f76874750c4071fb47253c0534df1f969fb07bb7b39737ffa723ffbe0cfc18ed12fae568ac1ccdc891f7909

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    68eab8cead2be689f6f925001cf71f87

    SHA1

    9d6663a1b767313a0970e629bbdf66ac0c131735

    SHA256

    8d396603936b8faddb6b10949c204042faad47d097f46044993088cc0b4a856f

    SHA512

    701e031d36ebc6ec0564adb5713a4781e73bc5e28d3b2518f10300358982ba93721e75327374d0493cf0a13a6a6c507d2e8a44dc19c277f58d63f4bf7e6c4053

    Download Submit

  • memory/596-475-0x000002B7600C0000-0x000002B7600C2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/596-201-0x000002B75E200000-0x000002B75E220000-memory.dmp

    Filesize

    128KB

    Download

  • memory/596-467-0x000002B75FFA0000-0x000002B75FFA2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/596-469-0x000002B75FFC0000-0x000002B75FFC2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/596-473-0x000002B7600A0000-0x000002B7600A2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/596-186-0x000002B75E400000-0x000002B75E500000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/596-200-0x000002B75E0C0000-0x000002B75E0E0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/596-465-0x000002B75FF90000-0x000002B75FF92000-memory.dmp

    Filesize

    8KB

    Download

  • memory/596-471-0x000002B75FFE0000-0x000002B75FFE2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/596-457-0x000002B75FAE0000-0x000002B75FAE2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/596-453-0x000002B75FB20000-0x000002B75FB22000-memory.dmp

    Filesize

    8KB

    Download

  • memory/596-256-0x000002B75D9E0000-0x000002B75DA00000-memory.dmp

    Filesize

    128KB

    Download

  • memory/596-263-0x000002B75E600000-0x000002B75E700000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/596-404-0x000002B75F400000-0x000002B75F500000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/596-97-0x000002B74CD00000-0x000002B74CE00000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/596-429-0x000002B75F700000-0x000002B75F702000-memory.dmp

    Filesize

    8KB

    Download

  • memory/664-104-0x0000017157900000-0x0000017157A00000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/664-130-0x000001716AAB0000-0x000001716AAB2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/664-125-0x000001716A6E0000-0x000001716A6E2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/664-128-0x000001716AAA0000-0x000001716AAA2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2004-112-0x0000026954D10000-0x0000026954D12000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2004-110-0x0000026954B00000-0x0000026954B02000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2004-109-0x0000026142600000-0x0000026142700000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2004-114-0x0000026954DD0000-0x0000026954DD2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3000-226-0x0000018A68760000-0x0000018A68761000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3000-225-0x0000018A68750000-0x0000018A68751000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3000-0-0x0000018A61620000-0x0000018A61630000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3000-35-0x0000018A5EBC0000-0x0000018A5EBC2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3000-16-0x0000018A61720000-0x0000018A61730000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3128-44-0x00000257B7740000-0x00000257B7840000-memory.dmp

    Filesize

    1024KB

    Download