Overview

overview

4

Static

static

1

URLScan

urlscan

https://realvapev4cr...

windows10-1703-x64

4

https://realvapev4cr...

windows10-2004-x64

1

Analysis

  • max time kernel
    21s
  • max time network
    22s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    22-05-2024 03:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://realvapev4cracktrustomgfrfrongrealcracknorat.com/

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://realvapev4cracktrustomgfrfrongrealcracknorat.com/"
    1⤵
      PID:3924
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4796
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:4484
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4264
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2364
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:3852
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:752
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:932

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
      Filesize

      4KB

      MD5

      1bfe591a4fe3d91b03cdf26eaacd8f89

      SHA1

      719c37c320f518ac168c86723724891950911cea

      SHA256

      9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

      SHA512

      02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\DJCPT3FB\favicon[1].ico
      Filesize

      758B

      MD5

      84cc977d0eb148166481b01d8418e375

      SHA1

      00e2461bcd67d7ba511db230415000aefbd30d2d

      SHA256

      bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c

      SHA512

      f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\22G3VSQF\otSDKStub[1].js
      Filesize

      22KB

      MD5

      4ab1f8890d25b8991347267757b97564

      SHA1

      77e0c938ab737969ce4145a0f66f5218d640a0f4

      SHA256

      b0729bf573f57578c2197be145663a338b0f265c14bee646a7d2dbde4b3854cb

      SHA512

      a57fbc16f30213c0ad1a0e9bf030da87398d7aeb3217b90946293aa8aec83295a40ca6c2363d65452db4bd0d02c1fe5237bd93e037d975ffce3636a1292df9ed

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\22G3VSQF\vendors.c47bf4f4981f23895ddb[1].js
      Filesize

      206KB

      MD5

      01cd3e668d1acb88b93ab929d450ae63

      SHA1

      f44e64fd07d828ef0b41a127faf5fc4d0ccb7515

      SHA256

      76d32a47254928b038acae6e59dbad89eff8d7126eae4391a3a869a3ab6a4eaf

      SHA512

      b8c1db0645e3aca3e5953724077fa2699216e1f8f780346fba8bbe27f1ec2d8c7bef62dba1a88d3cec8db445418bdc7c3307ac3bf84abfd400d1f1678681e368

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\LW3Q2487\otBannerSdk[1].js
      Filesize

      426KB

      MD5

      9407efa17b9fa09288ff833eeb111cc7

      SHA1

      4fba1d46d43eeaeff48b8493245e5cda953285c8

      SHA256

      9cfaaf4e24c9a20159123c632711d2cbb98854a66ab659a5c24373633f180d4a

      SHA512

      f864566e20f37099463b4bb39665a52293402d293f9bdbccdac3b6cda7db41f91ce79c34786129f84c822f2c35a7a0976060fcd97271dd27685e4f6255f70b0a

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\MRHA9RMC\microsoft.8aa91a5fe4f5d8517ae1[1].js
      Filesize

      142KB

      MD5

      1b4bd481201681e6e6609b4e84d91900

      SHA1

      712b959a52f424694b3fa5b852c3d7adf27bc19d

      SHA256

      ce3eeed6a430adf998eac68138d70e1d064cc81a54274c00b71a22f6c1e0b2b0

      SHA512

      e844c8e156b94fdedc70830471a4b8cd095926c0a0e5fa3c2685b34a7efbc8d2bfdd662513f46a2021b92d46289ad25ebe7b54d3885c438ea3d4fb7cfb17e5fe

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\XAOOPOTD\55a804ab-e5c6-4b97-9319-86263d365d28[1].json
      Filesize

      5KB

      MD5

      b410e2b303aa0919f134a04f14eaf7d3

      SHA1

      21a9c8c64b5f2d36175ef32021fbc2b9ba728058

      SHA256

      5c770634d692eac765d57f96a59fdc34e66483ea7addaf2a81bf9261e6da7738

      SHA512

      1b6693c75cff3f9ce17e930f7ea5286a451dee20259b97988b23fea338622df94377393b80bbb79b65c3f25b6f6995c930aca8959d5d2d0b4d6a9e3bca7e04a9

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\XAOOPOTD\common.5dd7cff85de67632bfd7[1].js
      Filesize

      743KB

      MD5

      cd8d2938dfcc295d8d63f9e40e79b3b4

      SHA1

      08a48c71162cb94c0a4737376c499de1b4666a90

      SHA256

      881c2664c20a836f6784a1db963fe6f69f5809912ffa0b2d54ecc1361526e922

      SHA512

      fc252ab5d8444efbc3072b1101c7ce89f91cca35cef475eaa3c28b33dc746aa36b6ac82d1a6d896a975a3e086d8e73882af29392d1235962883bf9e7f0feb590

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\0ID3PYGP.cookie
      Filesize

      549B

      MD5

      d80cd36da818c98c12b4b188981901e3

      SHA1

      f637347a6f6d91b9da7ef017463c8fc6517e8ef9

      SHA256

      2372041fa037dd3bb73849a71d0ccf48764207906797d1be11b484a0c064028c

      SHA512

      2b78e5108bd722f8e41ca4a982f879879ca660e5fe5df6f3a377b5ffcad08c308beae16753afb6eaaf84d915a78402f5bc9877db4062a65819c894f70824340e

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\PF1TNB4S.cookie
      Filesize

      515B

      MD5

      637fad2c4ff6dd3f0699b940a4ebf9ae

      SHA1

      e5fc61342139618a30673bbf23894c586ee403dd

      SHA256

      303ce383b4cefe7b454b9504927eabdb61870fa5fb68245c275d723cb1a25bc6

      SHA512

      cc4204a62e7df9f5f9e997ead9c0de11555d90b6ade8c696496c4ee290a69aaa4848d857ee7759b3f26709a5ed15ea6e84cfcdb21c57b2442fbcb5bd761d491a

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\QE9XTVJR.cookie
      Filesize

      451B

      MD5

      efa6db6e60f24d86187a8b623b7b2533

      SHA1

      6362ad5a2c69f40e8ef9c70ad71db92733c1a4ed

      SHA256

      a84ecede7adae5043be0ba5aef4904cb37911c3d95e74ccac6df8e6d92920d9a

      SHA512

      419ed31bea130c5c37238c6e0324bfa9e6c1ff51b29a4e2ac0e71559b56e6a3dd51478deb37a8610178b959302ff5b47b192479d4b8af60808268d3ddbfcd4fd

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\WW45OWO2\www.msn[1].xml
      Filesize

      485B

      MD5

      3b8ec19bb40a5bc3e0d18230c99067db

      SHA1

      24f6c35e65cf3820c166a6429ef17434aa33cb3d

      SHA256

      611ef3e5a8aa3faebd4729d7eb86bf8972571757ac4c1910148effe594f4ad0e

      SHA512

      fd0eb7ab8da3e204a9395541854e3c853783d22fdb4bc5686b21470f8c90726f21125efed027002871eba11ae8b3f155ff0fc3d1887314eace83f72f5325ead0

      Download Submit
    • memory/752-271-0x000001FBFE700000-0x000001FBFE720000-memory.dmp
      Filesize

      128KB

      Download
    • memory/752-99-0x000001FBFCB40000-0x000001FBFCB60000-memory.dmp
      Filesize

      128KB

      Download
    • memory/752-98-0x000001FBFCD60000-0x000001FBFCD80000-memory.dmp
      Filesize

      128KB

      Download
    • memory/752-103-0x000001FBFCF00000-0x000001FBFD000000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/752-123-0x000001FBFD800000-0x000001FBFD820000-memory.dmp
      Filesize

      128KB

      Download
    • memory/752-118-0x000001FBFD740000-0x000001FBFD760000-memory.dmp
      Filesize

      128KB

      Download
    • memory/752-277-0x000001FBFF0F0000-0x000001FBFF110000-memory.dmp
      Filesize

      128KB

      Download
    • memory/752-229-0x000001FBFEB00000-0x000001FBFEC00000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/932-185-0x00000124F59C0000-0x00000124F59E0000-memory.dmp
      Filesize

      128KB

      Download
    • memory/932-186-0x00000124F6000000-0x00000124F6100000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/2364-44-0x00000171E8E10000-0x00000171E8F10000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/3852-53-0x0000019D7BDD0000-0x0000019D7BDD2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3852-61-0x0000019D7C000000-0x0000019D7C002000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3852-57-0x0000019D7BE20000-0x0000019D7BE22000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3852-59-0x0000019D7BE40000-0x0000019D7BE42000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3852-49-0x0000019D7B000000-0x0000019D7B100000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/3852-63-0x0000019D7C020000-0x0000019D7C022000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3852-48-0x0000019D7B000000-0x0000019D7B100000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/3852-55-0x0000019D7BE00000-0x0000019D7BE02000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3852-68-0x0000019D7B000000-0x0000019D7B100000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/4796-35-0x000001FB98860000-0x000001FB98862000-memory.dmp
      Filesize

      8KB

      Download
    • memory/4796-160-0x000001FBA39D0000-0x000001FBA39D1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4796-16-0x000001FB9B520000-0x000001FB9B530000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4796-159-0x000001FBA37F0000-0x000001FBA37F1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4796-0-0x000001FB9B420000-0x000001FB9B430000-memory.dmp
      Filesize

      64KB

      Download