Overview

overview

7

Static

static

1

URLScan

urlscan

1

https://details.bio/...

windows7-x64

1

https://details.bio/...

windows7-x64

1

https://details.bio/...

windows10-1703-x64

4

https://details.bio/...

windows10-2004-x64

1

https://details.bio/...

windows11-21h2-x64

1

https://details.bio/...

android-11-x64

7

https://details.bio/...

android-10-x64

7

https://details.bio/...

android-11-x64

7

https://details.bio/...

android-13-x64

7

https://details.bio/...

android-9-x86

7

https://details.bio/...

macos-10.15-amd64

4

https://details.bio/...

macos-10.15-amd64

4

https://details.bio/...

debian-12-mipsel

https://details.bio/...

debian-12-armhf

https://details.bio/...

debian-12-mipsel

https://details.bio/...

debian-9-armhf

https://details.bio/...

debian-9-mips

https://details.bio/...

debian-9-mipsel

https://details.bio/...

ubuntu-18.04-amd64

3

https://details.bio/...

ubuntu-20.04-amd64

4

Analysis

  • max time kernel
    119s
  • max time network
    116s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    17-05-2024 12:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://details.bio/hai1723-cheat

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://details.bio/hai1723-cheat"
    1⤵
      PID:4816
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4228
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:1528
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2936
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1524
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4800
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:2676
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:292
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:212

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
      Filesize

      4KB

      MD5

      1bfe591a4fe3d91b03cdf26eaacd8f89

      SHA1

      719c37c320f518ac168c86723724891950911cea

      SHA256

      9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

      SHA512

      02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OHP8MVFQ\edgecompatviewlist[1].xml
      Filesize

      74KB

      MD5

      d4fc49dc14f63895d997fa4940f24378

      SHA1

      3efb1437a7c5e46034147cbbc8db017c69d02c31

      SHA256

      853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

      SHA512

      cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A0ZAXI31\css[1].css
      Filesize

      199B

      MD5

      9ba72558b4ae28dd67fa166059332a6d

      SHA1

      1b041969197b23e5fe7d08424d50846a0adbfa3b

      SHA256

      a301dd7fb500614b7fd0b48204ef6a3739acf411e41c6a52704c98ca77c8efb2

      SHA512

      58d904307aa41e97e633c4e888fbe822d1543f848685fd990c0ca5c4f98e4e5c6a63bb3e813f02e8712cd36341d13dbd8127f78060edf4672361baef24143ccf

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\TDKH6ZRO\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6VCK0VZ2\zYXgKVElMYYaJe8bpLHnCwDKhdHeFQ[1].woff2
      Filesize

      18KB

      MD5

      0ceb759015a6df090ad355231fdb39f1

      SHA1

      b947749baab5bfa0bee35d31e5a5050d4beefe9b

      SHA256

      db71f8a28ad8501544fb4e7668e3c6d0b731760b6f20de3525ebaeba597f1922

      SHA512

      48a93841b147af84f9419154fb43e23adf7c0afb9328a4427450d82c07220a4f55b08991361bd8cd12a1372de8333ed21a8911bfe372e90973d3a8c166b1e4d6

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
      Filesize

      717B

      MD5

      822467b728b7a66b081c91795373789a

      SHA1

      d8f2f02e1eef62485a9feffd59ce837511749865

      SHA256

      af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

      SHA512

      bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
      Filesize

      1KB

      MD5

      a93121ae32cd488369d25acff1c165d3

      SHA1

      215bc2d389f9738d938d045a24381f42fc72ce31

      SHA256

      7d381e836d548532725e2c04e7c98077ca91a29ff936b175c1d692bdbf64c78d

      SHA512

      b31a7d150fb2a185fe3e4d537e04f8835e19907d2d258aaf6b77a5aa03469804ad7d9cf66784bfd2b68dc00880345b68b93df12d744bd1df6c42a4fb20a698f7

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_527BC5AE70FADE67FCC98047A960E62C
      Filesize

      472B

      MD5

      af339b708b278b1858ad9fc606b49eda

      SHA1

      2cbb827a349780d18b4cfc079d139048278469ec

      SHA256

      5f1fb99e2cf34de9f2e5b5bc11249c0972fe0b854c03a3092661c2aae82cf3c2

      SHA512

      1ba4cc649639b08ed4d7f466289ce89da788aa5ea3c17c462f694f5ddea7d743b4ce2ec61c30406a2371d8d63441252fa22ae775be66f59aa619cb282018ef11

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\8EBE8ED11BC5D7C4AC0EAF6BEBE42DAE
      Filesize

      503B

      MD5

      8a1ff2043513dea18fbd8212bcbf9420

      SHA1

      b888e41ef880d7b2168758a00ccf11c0cd8b27bd

      SHA256

      d68b2c9d1f4ab04620916c1181f02b54e877858f23032287b3caa7b332c5730d

      SHA512

      a3c36c95e4bac21a9ff41a1ef2b601161e0716d2abb594b8abb77e42694dfd18bd0543b3777d688d56bdca981e99d208ee68a8e38183cde607763e133a8a54ac

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
      Filesize

      724B

      MD5

      ac89a852c2aaa3d389b2d2dd312ad367

      SHA1

      8f421dd6493c61dbda6b839e2debb7b50a20c930

      SHA256

      0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

      SHA512

      c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_672E22BF4DD6902F7F85F941E23571DA
      Filesize

      471B

      MD5

      c050d03e2e66e82f108f4a8ff6533e1e

      SHA1

      6c732ff21766e9e325b9fae3ce699bd6cddfb006

      SHA256

      6d90f335fd11b0f50325a7f05bbaf456787426f019af4d7b6da68d870de4f03d

      SHA512

      ea2beaaa0bc08fce32a4f0b530afc8a9c63d7357d5111b9407ce271624cc686bf0ef45ec4baeab916b6087a5be5b4bb97c518f89ca6f71c71bd7ad840ee19246

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
      Filesize

      192B

      MD5

      d75dd5bcba3c78a4f9c4ef903f10888d

      SHA1

      ffacf428c87860d4c58a818dcdb1b3512ca15bec

      SHA256

      372a76da646a721c6d094aa196b03cf5890a4ff948e12f395a2e833b35d7d1ee

      SHA512

      8cc3e2cfeba4966ef21a5f15dd6078c52575d1633808da6df1089fdf549b00879cf5d9c4bfebab3e3066b37684c7897d44ea08eb7915048f8d41f76a3f813b23

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
      Filesize

      410B

      MD5

      24aae36b71148b0d31da10164c8d86d0

      SHA1

      f50d12d9363ba842f1eff0d482527a7e6ce77b69

      SHA256

      ae05f995afff2bfedb3ee42bf98ba7b0b2173a44badbe2739306e09f446a4806

      SHA512

      7e23fb90039368d43a7a01f5dd32c94c421ad2018e90eced97097607a43c48726b9ff6b65dbe3e1bbd513e81d1e68cf0568dbad9f7693597521b9f8dafb56e57

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_527BC5AE70FADE67FCC98047A960E62C
      Filesize

      402B

      MD5

      5e2d0c5d01a102cb6bc2d7d9ba05657c

      SHA1

      579354fd76429120a9dee78c0daa3f2e70bc7d40

      SHA256

      e2761a969ae0ae83c3a840db2d81e74bd91e7a689f9fa75af552c238fb53c573

      SHA512

      51f38f82281eb5f6e6c80e518e8025e7655cea06e635cbcba126935402858dc14e71178aecb9fda15dae075f713f0626a7c44e2db883318e906247fb0764750b

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\8EBE8ED11BC5D7C4AC0EAF6BEBE42DAE
      Filesize

      560B

      MD5

      c002eefcd21cc37531090bb06570401b

      SHA1

      a1842a0d8e92a620dc886b52f3065103ab202a82

      SHA256

      5b7b75a7ed05dc6cd1a5f6af5641b5b3e89dc78dff95a4a9e47d1b698a4e371b

      SHA512

      6f6a6acde95a4ecd3bcfbe6aa0cd3ee0f91362bfb5fb5bfc29f0084ba3aa69a9a38ba9ecc77621821bd5326eb857bbceb09587e32f6b37d9383b4bafb546fb9a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
      Filesize

      392B

      MD5

      dc41b3ddfc719dfbd7e4c3e89f0bca71

      SHA1

      da10f9acf9eba213888b0d20d3e01dd53040934a

      SHA256

      311a3b47591d597b8e007df2622d1d4b08d3e733a16ebac3dd32b2dc2d9c5448

      SHA512

      e5189b92009a4b65834434631a5df5f2b397e3a1562b282444abb87f8f4d78b202d24d3b3f0e98e726b5c414d2b7048e0347bb9794e64a116d3d09e280fb3c99

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_672E22BF4DD6902F7F85F941E23571DA
      Filesize

      410B

      MD5

      676af258ff8f8299c8e7915c342433bd

      SHA1

      c9f6bbac1a3cc87d5279a1c6f6bb8b8381a49b15

      SHA256

      f2d9e66876c58e086ec450bf11b53768a8b9aa9cf6f6007e49f35e0aaf54a506

      SHA512

      5e306d2c5a686e36878d6e8102e8151f28dd3ec1ecc7099b6f7efb62c1371dda8dac2dfaf030169573b9d8e20bf1019e21f494c503709030433d06d1aff4a115

      Download Submit

    • memory/292-147-0x0000027F45E40000-0x0000027F45F40000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1524-45-0x00000284897D0000-0x00000284898D0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4228-0-0x0000023492020000-0x0000023492030000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4228-174-0x000002349A6D0000-0x000002349A6D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4228-16-0x0000023492120000-0x0000023492130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4228-175-0x000002349A6E0000-0x000002349A6E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4228-35-0x0000023491260000-0x0000023491262000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4800-86-0x00000268B1CE0000-0x00000268B1CE2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4800-60-0x00000268A1140000-0x00000268A1240000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4800-67-0x00000268B12B0000-0x00000268B12B2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4800-65-0x00000268B1290000-0x00000268B1292000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4800-62-0x00000268B1260000-0x00000268B1262000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4800-88-0x00000268B1D00000-0x00000268B1D02000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4800-84-0x00000268B14F0000-0x00000268B14F2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4800-82-0x00000268B14D0000-0x00000268B14D2000-memory.dmp

      Filesize

      8KB

      Download