Overview

overview

4

Static

static

1

URLScan

urlscan

1

https://rebrand.ly/h...

windows10-1703-x64

4

Analysis

  • max time kernel
    31s
  • max time network
    32s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    22-05-2024 23:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://rebrand.ly/h2pnfh3

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://rebrand.ly/h2pnfh3"
    1⤵
      PID:212
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4824
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:1808
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3440
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3796
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4492

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7W95R2BR\main[1].js
      Filesize

      7KB

      MD5

      a66894e7b61c0e79f45c0688cba9cc2d

      SHA1

      3e74723b30b4b416e543c3f4466f57ea93706e9a

      SHA256

      6aa8fefd09fb2ae084f3960be31fb5479ae630e91ae427b90938749cd50ea14b

      SHA512

      3526b557e59e05f757c558e30bd4dc52eee3ec624fdd11028cc5044ba066b730a0973335af602fb6bc8a8d649d8138ac9aab0c9150aa0bcbf53006f66b881c80

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\W9E2X6UZ\www.mediafire[1].xml
      Filesize

      13B

      MD5

      c1ddea3ef6bbef3e7060a1a9ad89e4c5

      SHA1

      35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

      SHA256

      b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

      SHA512

      6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\W9E2X6UZ\www.mediafire[1].xml
      Filesize

      1KB

      MD5

      a5a760455ed9265eaf29a8907f9fac4e

      SHA1

      680686b73ca5af4f18fb91f4908f106f3d653bdd

      SHA256

      3f13529c0ec75b3470cb04a2c82cc78da6ee6c73b16ff80ef1db5f30ed0d2158

      SHA512

      0f95efcb86a86dc7969f661174ec01ca95fdfdb8238c6a38bf01ca68bcefca24c070be887737b931a7c805cf86b23863a4e431b8dacfeb25ed6348877fe4ef02

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\W9E2X6UZ\www.mediafire[1].xml
      Filesize

      246B

      MD5

      7355a9b1b6fc51b4263e630aa720fe29

      SHA1

      ed2b4bce9edc8c9368c0793bba0e3d40301c69c9

      SHA256

      4a51daaa89fbf71187bd40c321c254016d4d1114bdeb3fc3e592bddf2b84d383

      SHA512

      be9b66319b39cc1c67fd678317c307ae1c426a9cf9c0de93ec5ac465d10664a4c7488c4458694bb70f509fb7d3cb2aea5752cca902a5ebe11307f8c83880fd19

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\CFNGC9XN\favicon[1].ico
      Filesize

      10KB

      MD5

      a301c91c118c9e041739ad0c85dfe8c5

      SHA1

      039962373b35960ef2bb5fbbe3856c0859306bf7

      SHA256

      cdc78cc8b2994712a041a2a4cb02f488afbab00981771bdd3a8036c2dddf540f

      SHA512

      3a5a2801e0556c96574d8ab5782fc5eab0be2af7003162da819ac99e0737c8876c0db7b42bb7c149c4f4d9cfe61d2878ff1945017708f5f7254071f342a6880a

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF69FC502186A8358B.TMP
      Filesize

      20KB

      MD5

      3a3862264fa10720ebe71bdb8ef87113

      SHA1

      ab42ce8a379ed0f4d0c219d1d95aff691bf744b5

      SHA256

      1c3bea74c2967aef9d09fefa6ce68bf069792554d238ebe92df6b5fd0c3b8029

      SHA512

      eee37ce9fcba5a4c79debcaaff18004762248870a0b24d9005ccc32ddc04d1e44b1097582ef2e5c30fb1811734f1a8ab9c0bdfb3ea232ca0b8bb739e711f938c

      Download Submit
    • memory/3796-43-0x00000274F06A0000-0x00000274F07A0000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/3796-44-0x00000274F06A0000-0x00000274F07A0000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/3796-45-0x00000274F06A0000-0x00000274F07A0000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/4492-79-0x000001DE22290000-0x000001DE22292000-memory.dmp
      Filesize

      8KB

      Download
    • memory/4492-292-0x000001DE26700000-0x000001DE26800000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/4492-206-0x000001DE25170000-0x000001DE25270000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/4492-216-0x000001DE23930000-0x000001DE23950000-memory.dmp
      Filesize

      128KB

      Download
    • memory/4492-74-0x000001DE22240000-0x000001DE22242000-memory.dmp
      Filesize

      8KB

      Download
    • memory/4492-77-0x000001DE22270000-0x000001DE22272000-memory.dmp
      Filesize

      8KB

      Download
    • memory/4492-265-0x000001DE258E0000-0x000001DE259E0000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/4492-270-0x000001DE26000000-0x000001DE26100000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/4492-275-0x000001DE26100000-0x000001DE26200000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/4492-199-0x000001DE22810000-0x000001DE22812000-memory.dmp
      Filesize

      8KB

      Download
    • memory/4492-405-0x000001DE22250000-0x000001DE22260000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4492-415-0x000001DE22250000-0x000001DE22260000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4492-357-0x000001DE28A60000-0x000001DE28B60000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/4492-71-0x000001DE12000000-0x000001DE12100000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/4492-325-0x000001DE25AC0000-0x000001DE25AE0000-memory.dmp
      Filesize

      128KB

      Download
    • memory/4824-311-0x0000019463270000-0x0000019463271000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4824-310-0x0000019463250000-0x0000019463251000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4824-17-0x000001945C530000-0x000001945C540000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4824-35-0x000001945B690000-0x000001945B692000-memory.dmp
      Filesize

      8KB

      Download
    • memory/4824-0-0x000001945C420000-0x000001945C430000-memory.dmp
      Filesize

      64KB

      Download