Overview

overview

4

Static

static

1

URLScan

urlscan

1

https://youtube.com

windows10-1703-x64

4

Resubmissions

25/05/2024, 12:09

240525-pbs64saa42 6

23/05/2024, 14:41

240523-r2rgbaef5t 8

23/05/2024, 13:11

240523-qe56hscc21 10

23/05/2024, 13:11

240523-qe3qdscd66 1

23/05/2024, 13:03

240523-qat8fsbh47 1

Analysis

  • max time kernel
    44s
  • max time network
    33s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    13/05/2024, 12:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://youtube.com

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://youtube.com"
    1⤵
      PID:2216
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2820
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:5100
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1784
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:856
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:1292
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4060
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4484

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L5P12AEX\edgecompatviewlist[1].xml
      Filesize

      74KB

      MD5

      d4fc49dc14f63895d997fa4940f24378

      SHA1

      3efb1437a7c5e46034147cbbc8db017c69d02c31

      SHA256

      853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

      SHA512

      cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\75EX6ENP\network[1].js
      Filesize

      14KB

      MD5

      a36f25447b3d55d31fdfdc30fa31c3f6

      SHA1

      81154e36fdda94a482fb7f079ef683fa3af68f1b

      SHA256

      1432216f926190d39c5e9b17f38a4e075c692650eddb3df32e2a55d6b3eb6f9f

      SHA512

      2b396c5f278953dfb1ffa324e35150cd375218cc993510fc1643df68847d7d951efe2208423fd8f467a46f4b14fd8b3d7af06c7d24ab8f1753789cfc920587fe

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\75EX6ENP\spf[1].js
      Filesize

      38KB

      MD5

      9df260ef5f689e597011f8a110bf0156

      SHA1

      7cf9959f50ee5c0eb7653cd7b9d56e9e13c61325

      SHA256

      8e184352e6a0026e43c829910615fc408a900dad2f388d1b284756d1a7b0b62e

      SHA512

      099ea70bc08630b933e83c3033ae049c19940ca9e8f0eb42eb764552a9649493606eab56f683aa72df356ef53a9b37a63493a349e86a098fa82aa0ef75387cd8

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\75EX6ENP\www-tampering[1].js
      Filesize

      10KB

      MD5

      ce762a9d30d6c70bb0516e8cefc958bf

      SHA1

      da6cac9c717daa3a39f82f3421782c99edd9329d

      SHA256

      a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7

      SHA512

      230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\901MWWMO\css2[1].css
      Filesize

      2KB

      MD5

      5912f3bba71c222672dfa244a60acef0

      SHA1

      317a49729bb8654c3986e6b32278258a1d692d81

      SHA256

      48708ab3b01bc53a736f7f85e0badd9174872faa981e78b32c16c4efcaa59d99

      SHA512

      770f13af0d6ebe7ff9d925efccd05b0b2e5afd5fbe19770562d88936d541a298a49aea028f5122a255fb5026b4a5f37c0cf52831212ecaaf378a5769ff0379f7

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\901MWWMO\web-animations-next-lite.min[1].js
      Filesize

      49KB

      MD5

      44ca3d8fd5ff91ed90d1a2ab099ef91e

      SHA1

      79b76340ca0781fd98aa5b8fdca9496665810195

      SHA256

      c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415

      SHA512

      a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\901MWWMO\webcomponents-ce-sd[1].js
      Filesize

      95KB

      MD5

      c1d7b8b36bf9bd97dcb514a4212c8ea5

      SHA1

      e3957af856710e15404788a87c98fdbb85d3e52e

      SHA256

      2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a

      SHA512

      0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9ZJEAVZ9\intersection-observer.min[1].js
      Filesize

      5KB

      MD5

      936a7c8159737df8dce532f9ea4d38b4

      SHA1

      8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5

      SHA256

      3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9

      SHA512

      54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9ZJEAVZ9\rs=AGKMywHw8P15sCCOBQ8vbOPNYb44dk1IXg[1].css
      Filesize

      2.7MB

      MD5

      e5429c4db8eb24e0c0a2b0f13ad0b1df

      SHA1

      54e59ca16ceaf26fe03bf6a48f98455d7795d822

      SHA256

      7fb894f3fc1346ff0dffd0626f193fa3f7636b6baaa277b9d566529e770bfa9f

      SHA512

      a4f2e390d2b4669abae92e3ac510687a9978e73ab470843113f6ba75bd37529d5542f174b8e2f88da0f79366e0a91ba2a346728c593ea234424d04ef2acd2221

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9ZJEAVZ9\www-main-desktop-home-page-skeleton[1].css
      Filesize

      4KB

      MD5

      9deae13c40798dfca19bd14ed7039d60

      SHA1

      4ba302a1435b094031e4f2e1bce1b6198f0cf825

      SHA256

      cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd

      SHA512

      95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9ZJEAVZ9\www-onepick[1].css
      Filesize

      739B

      MD5

      9ace9ca4e10a48822a48955cbd3f94d0

      SHA1

      1f0efa2ee544e5b7a98de5201fb8254b6f3eb613

      SHA256

      f8fdbb9c5cdceb1363bb04c5e89b3288ea30d79ef1a332e7a06c7195dd2e0ec4

      SHA512

      25354aeecb224fd6d863c0253cd7ad382dce7067f4147790ee0ce343f8c3e0efb84e54dd174116e7ad52d4a7e05735039fa1085b739abbe80f9e318e432eed73

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D4FQUVMS\scheduler[1].js
      Filesize

      9KB

      MD5

      dac3d45d4ce59d457459a8dbfcd30232

      SHA1

      946dd6b08eb3cf2d063410f9ef2636d648ddb747

      SHA256

      58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0

      SHA512

      4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D4FQUVMS\www-i18n-constants[1].js
      Filesize

      5KB

      MD5

      f3356b556175318cf67ab48f11f2421b

      SHA1

      ace644324f1ce43e3968401ecf7f6c02ce78f8b7

      SHA256

      263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd

      SHA512

      a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
      Filesize

      1KB

      MD5

      35a62188a39dacbf08f0e3e71892d707

      SHA1

      f3ee7d50d054091e6d75febef0ff6fbd94e8e1ee

      SHA256

      f0767ba73af0701ad4b9064e1577a383d20bdfb96ea73cd4c114d56439a1fbc6

      SHA512

      201391e2e85b771b0bce0332a6d24aa38d94eb43b6bd9c87845bfec1d6eff513a84ba802df1c958abb1807629937b3963898c40a1c2f67a3a6912522224ff230

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
      Filesize

      724B

      MD5

      ac89a852c2aaa3d389b2d2dd312ad367

      SHA1

      8f421dd6493c61dbda6b839e2debb7b50a20c930

      SHA256

      0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

      SHA512

      c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_6E4381F77BE6F6EB436B295D285593C5
      Filesize

      471B

      MD5

      5a9904faebec3b8f5e2901208811fb5b

      SHA1

      8cd21e8b4f938951f805f3066fb3468c03b3dc23

      SHA256

      a6b1be0586c89ff27db5c72f99b72ba9a07c91c991e6d13683e8de37c60d86bb

      SHA512

      d306c4d45ced62d1f5df8eb234d492880fb6831f83f615aa5dcdf22b1b60d125787f8ec6b2aa6d8ebe5cb894661f4d4f2175e4516c3769d0b918784cbc8816e1

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_C1E2A77661EBC4E08BAA8B13AD8BA2EF
      Filesize

      471B

      MD5

      d84c66d26dcbcabe786491eb6243c2e7

      SHA1

      20069978000b6fa2e86ee6b8f34faba8948ccbf9

      SHA256

      b9ace3ee2e4a29ed4f302f8cac1bcd79f847a78972d62f748854dc3fa9ead549

      SHA512

      975cf6df3939069faa250d5683406e80d66023fb3a4e60d37fd068247f880e8a9d0e43b782c3887c930291828c7c8f8b0fffed137de57b142f6cd446e811d908

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
      Filesize

      410B

      MD5

      ec5f2e495834c70cf38078d8bcadffb4

      SHA1

      380e50f6c74fc020224fa7f26e5d64c3a63a2f9a

      SHA256

      264d99833104f69d02b87893e1a5dc5dff6275076edeeb4c48a3d582f3ab9105

      SHA512

      95c8ebd2cfda4f59618a1e886481e2455d1a58acca26efb820428a5a73678589176f2c50f8dbabdc35752b70e4945b668b66f7fdafe6966020f71bdb91103b2c

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
      Filesize

      392B

      MD5

      eb3bfaf0981b090a032760b26512146f

      SHA1

      45fa428a5267c7b6df2bc537260f53e6a9e50430

      SHA256

      86ced69256a6300ac79320a88bacb749f946c095fe484fc644610a1b26bd7a37

      SHA512

      571f28b0f0f7b8ab1c47529dbff248ecbe51136388cbf54105432b32b9612c17eb18311c1570d688f550e9d5dfc4a101fe140b2dd4f7e93b2cff85f6ae1ecdf7

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_6E4381F77BE6F6EB436B295D285593C5
      Filesize

      418B

      MD5

      7c290fd6337382e5f1978dfa9c35ce8e

      SHA1

      5f704941a5cc9ea94663363ff62b7205840a007c

      SHA256

      ab2ca2d861ea2f874ee14ec085ac2fa1a09b0ccb8a0a075ceabb57162a482bcf

      SHA512

      fdec89f736c9827010faaebbc3e7db3f3a9fa81f6b33f6d0462bd802b5e81b47a685140e6dad79159f0064dab4519b18b6a0cdfb81289dee82ef4e9f1f1bf880

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_C1E2A77661EBC4E08BAA8B13AD8BA2EF
      Filesize

      410B

      MD5

      f893c157c29f3a69618a89f712d24013

      SHA1

      def2a8ed0e3378bb42e2ae904e6249ad23df3829

      SHA256

      d27965df93724607bfc80bfbf2721d3f3de654467b68e1f145ccd3fe20bb5b78

      SHA512

      0e655aa08a2e1c87a8120ab4fe5be838df85cd9bbe7d0b7ea90652e72452fc23af8ca1fb692e15af207f80024e1d9aa65132347f91268458fb42f8233d83fca7

      Download Submit

    • memory/856-43-0x0000024771800000-0x0000024771900000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/856-42-0x0000024771800000-0x0000024771900000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1292-70-0x00000255E2BD0000-0x00000255E2BD2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1292-68-0x00000255E2BB0000-0x00000255E2BB2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1292-99-0x00000255E32E0000-0x00000255E3300000-memory.dmp

      Filesize

      128KB

      Download

    • memory/1292-108-0x00000255E2DC0000-0x00000255E2DE0000-memory.dmp

      Filesize

      128KB

      Download

    • memory/1292-66-0x00000255E2B90000-0x00000255E2B92000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1292-63-0x00000255D2900000-0x00000255D2A00000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2820-16-0x00000202D4420000-0x00000202D4430000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2820-0-0x00000202D4320000-0x00000202D4330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2820-35-0x00000202D1780000-0x00000202D1782000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4060-142-0x0000023630CC0000-0x0000023630DC0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4060-172-0x00000236411E0000-0x0000023641200000-memory.dmp

      Filesize

      128KB

      Download

    • memory/4060-173-0x0000023640EC0000-0x0000023640EE0000-memory.dmp

      Filesize

      128KB

      Download

    • memory/4484-179-0x000002404FDC0000-0x000002404FEC0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4484-192-0x00000240605E0000-0x00000240605E2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4484-190-0x00000240605C0000-0x00000240605C2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4484-194-0x0000024060600000-0x0000024060602000-memory.dmp

      Filesize

      8KB

      Download