Overview

overview

4

Static

static

1

URLScan

urlscan

1

https://gofile.io/d/...

windows10-1703-x64

4

Analysis

  • max time kernel
    1799s
  • max time network
    1763s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    24-05-2024 23:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://gofile.io/d/qq0m4I

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://gofile.io/d/qq0m4I"
    1⤵
      PID:2820
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4536
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:1620
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2956
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3024
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:400
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:1740
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3596
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:1936

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
      Filesize

      4KB

      MD5

      1bfe591a4fe3d91b03cdf26eaacd8f89

      SHA1

      719c37c320f518ac168c86723724891950911cea

      SHA256

      9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

      SHA512

      02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V28C7N3J\edgecompatviewlist[1].xml
      Filesize

      74KB

      MD5

      d4fc49dc14f63895d997fa4940f24378

      SHA1

      3efb1437a7c5e46034147cbbc8db017c69d02c31

      SHA256

      853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

      SHA512

      cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9PQRMV61\bootstrap-icons[1].css
      Filesize

      93KB

      MD5

      06cb502613f99040e534fec65fa725c7

      SHA1

      03006f32792e033497e9ca68373b6c3386305933

      SHA256

      e1172d3a0a208cf01dc066f0abeaf17f00264a966159a69f71947d6edcd4935f

      SHA512

      734faf4aff6d9c64b87f3c1320114f71d099d10c0ff9a4de3ef65e009918a5b8faecabd0e7e56b2630e1de58a5e3c2c82c9c6120241feba750f2dfc12723a8fe

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9PQRMV61\bootstrap-nightfall[1].css
      Filesize

      50KB

      MD5

      84952f98cccb079b3f36f29c0f2f7d8d

      SHA1

      92a207064b6cb9cb6104bd8b3dd1e1e3e789b26c

      SHA256

      d9a98b67c7edffef7138d578788a1c25310cd3561b94d8bce6999f40b0073186

      SHA512

      a052abb5bfeb8ece88ce62b46ecc920db7db71467f1433d96fdc13072ec4dc4a67f13853f4d14e8f5794d9fbc58cbe1bf94e9f3a2afb7dfbdcecc2af2046bc37

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9PQRMV61\bootstrap.min[1].css
      Filesize

      190KB

      MD5

      16b20908101acc6624cb9446fcac64a1

      SHA1

      b7cd57a4fd6a1fae6126150f427ef217397293e4

      SHA256

      2933c96348a4eae7cbbf8f280ca0981586a9b5c097ef952b996cad7d28f2fad0

      SHA512

      b22c1efe85cc8528c60b02e7fac72b68f396ac9c4795480c04c65774f7b64e7937234c771120a82f3ed66793531fa499af2c0c63e3c1d5c8f2a89e63025b823a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9PQRMV61\plyr[1].css
      Filesize

      33KB

      MD5

      e039a23ea465d2de0388937695a7e724

      SHA1

      68e95d5b4060761fc2b0b58a593ebe7d661c52f9

      SHA256

      bc3b9c09bf69ce51b930e86a23c6f249f9cc6dc98a84fd278d4131c9ddd78f43

      SHA512

      5fedf2fbff555599108ae7bdaa86cb9d22537e46ecda50cbd7a25199338fba4bef35bfa813eba76b1b367fb8b93e2c1ee9952a55deff9f49daa189f22b5e0336

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GV3QPMUS\allcss[1].css
      Filesize

      1KB

      MD5

      3a6bf9ca7770a5ad5d8f3e95617fd15a

      SHA1

      dbe7076f2bf5f2baf9926d38a7f68c34d32959e2

      SHA256

      6cdae1b50efe90bd846a6f76213cfbe0f0e212a95dd60c31612b8baa2dbac931

      SHA512

      633c5eceaa2777cc414be3826eec3f67dfe8a1e2c0b11190d0166d111d3be9424e265216c59dfb6b7d334fa56e40cf2e9cfb5e4b089fc797901f20b04b797308

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GV3QPMUS\warmup[2].gif
      Filesize

      43B

      MD5

      325472601571f31e1bf00674c368d335

      SHA1

      2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

      SHA256

      b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

      SHA512

      717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HQ1Q1KH7\bootstrap-icons[1].woff2
      Filesize

      118KB

      MD5

      7f477633ddd12f84284654f2a2e89b8a

      SHA1

      17dad0776899ad1beadabd061c34e2a22b2cde74

      SHA256

      966620f9e3bec428663687f9e8d67a6b8e35d79adebf6fb204e9b139eada7599

      SHA512

      b46baa2a3ea38512f8b539774c751004cc866d085a9739f4c25f2ade9d97c10d6f4b20cf87dcbb6a003e0df0ca2df200f9036a4c76a013f24c57d365981f6e00

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HQ1Q1KH7\qq0m4I[1].htm
      Filesize

      9KB

      MD5

      fc2aacf2bc914e9cb3169f162fe8ee2a

      SHA1

      5e7366c78910a92c175839b0e91dbc5dae69dc5a

      SHA256

      e796e64a25c207e05bd68e15101bfee2fad8905a545fb3e8341ef8e79894b231

      SHA512

      c20854aea9dd1cc91901e2a77378f50533077433c1ac03ca5a0a001f6b65cb7042167068e0fa827ae2c1b91aee53609f4db697ecb2465967b19dfaa1ee97007f

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L52HB6S1\alljs[1].js
      Filesize

      220KB

      MD5

      9c9e4aed5d209248cb31d9074e456cdf

      SHA1

      86459cb224640ddc5bac1cc92d265fe45478d947

      SHA256

      703538567197007316b32004ccab186b3c4453384ff313df69a809e981d64dd0

      SHA512

      5fc81b385de3b10b3145a685bd3468e5dce90cfee9b1e3058aa1e5fa690afe80a076122561602c5ef2cd821d08f1bb60a568bb7b7c5f78f1d4296f59c4e79940

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L52HB6S1\bootstrap.bundle.min[1].js
      Filesize

      78KB

      MD5

      9afc1e0eba9521f29775ad2f6ace3f1f

      SHA1

      77bcf0c882fa4be8fbead35052c39a944f9035e3

      SHA256

      a85b2fe307777c8eb47f06a1eec399fcbddfe83d252fd202d3e1358051fcf27d

      SHA512

      d532b8863098e7e13d1f7af9fb4e5b1066ca1b22b9d3a59a0cf7cf7b5b3f8a1c118ebe8eb4be37cc92f338543eff372238d11dfaca7b2f0adf3829f2ba43d2b2

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L52HB6S1\chart.umd.min[1].js
      Filesize

      194KB

      MD5

      0956511163142649b6cf52a819ca8641

      SHA1

      177174c1e7b5650cf3cf0c184077420f6b67abc7

      SHA256

      8706c07750059d4f474353cc469150fd09a539df6f8830ccf418c47709f25b36

      SHA512

      1828b09b30346cd195b29d68b734c9e0b5904f68e318910d2c6c8b95eae5cdc90d237d26a22d84413d007d123b7cb618603291fbb867ba1df9af7cb5b89cee83

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L52HB6S1\customParseFormat[1].js
      Filesize

      3KB

      MD5

      17f04d7e2386c3ceeca2758bd27321fe

      SHA1

      8ecc81c22b1fb7af251ae237f84b76ce5892662a

      SHA256

      cb72289f70690b272267a0741402cdc3f4099ae40c834a13cb60a59f99fdc091

      SHA512

      9e4a524f47fafe0bc4a5e61e96dcbdaae13deef24dbbe96dbe04ad714b13fcaced790ae6f6b5e6c5033ccece4042f712be153143be5d333d780cb765eee633f8

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L52HB6S1\dayjs.min[1].js
      Filesize

      6KB

      MD5

      fc50c4b32f73acd0ca4a31e0b94418b6

      SHA1

      4cd4b7159ca9e1de084a7d1ede12ad51a5d4651f

      SHA256

      11f24ea8272c8454bfd93c6102b511bb75a7f1bfd70c0e1f6cf58a4b067ed41f

      SHA512

      85c57a0d7df904a8224e2598ac980f6eedc5c52e82b028ca826aec3d1a543e45d66ef3e22b1bd2552761597d325dc3dcb4e236149e163fa375cc7fb5ec1fec00

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L52HB6S1\marked.min[1].js
      Filesize

      43KB

      MD5

      a50d303b83ec6ced6c105da710623629

      SHA1

      04f3659d853b57d6e608909960d4f1f4c0f01c04

      SHA256

      d10fcd57fbc3eb87320fe1469bcb522ded6c480f48ed51c511ef6da20f165760

      SHA512

      84f825fdf56aa5b9b3dbd5af65d74609c3c34bcad4778193d837d1188437fbbac660540df01629dc1977f4e831f7731160854dfae617e088310cfe39a3d79c4d

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L52HB6S1\plyr[1].js
      Filesize

      108KB

      MD5

      49ae56a37a5b8dca563256fb605f6260

      SHA1

      24a8c5bf85c8d1bc7a9586d998308c462e28cb71

      SHA256

      6729042fecd6e011c0ba45f807dc93fa750169d7ac57c14daa01069f14430f73

      SHA512

      508eaa76781046d439eb85c706c9c7307827efc23a5b7ebe085c173b9a38a32ed343d8916d14df105203922dee0fbe123d74ec185e4ca12fe7cec6d679a2a9b2

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L52HB6S1\qrcode.min[1].js
      Filesize

      19KB

      MD5

      b33682b5a531b8617d4ee248926fba84

      SHA1

      be527be38f28d55217b02f818ca67987f433cada

      SHA256

      85bd0e28180f06b7f944d35dd07ef1ce75d6d9b63c2d70cb8e65f8b566c43db4

      SHA512

      5eda51cdcceea9ec42c8f3a6e462decc5847e74aac8dce4c0c190c0434c2abead936b7c836c5f1c8c76aaa25050169381a01effba7cf7d7f8f8be304b439adc8

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L52HB6S1\sha256.min[1].js
      Filesize

      8KB

      MD5

      e5a5b331cf54c474203628eb9398470e

      SHA1

      6d2e5b6a22edb7d95e0ac7523d74f5f7013cb344

      SHA256

      7157511697db744d384a5a2a8646af23f3c90560abf93bb240fdd690b29a898a

      SHA512

      b33279152a3d8449975deedbe40515b67fd69cbf1ae55a1f9c57980b68b6cf4dee4b62e101c87b7b034b6e5e5f96c1264d38a630dd1e9c1660ff7b10f98392cd

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\C55BHVKB\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\DIHW250H\favicon16[1].png
      Filesize

      503B

      MD5

      ad98355e85075a8ebc15a01f875e1aab

      SHA1

      de8398fdfeb3bbd48a58a8b12453e1fee61e5f2d

      SHA256

      6a437098dcbb8a0354ae28a5f7825685f471c13cecb83186cc950844df7c76c4

      SHA512

      1b5d5402256ec3ccc20f1b1b635a9ea16131c2aec49c94105c8b7d3e32c9bfd45e937bde8af35ced6b22f39526de2672ba145ec43f49aba4d7a66da79e13819a

      Download Submit

    • memory/400-121-0x000001EBF24E0000-0x000001EBF24E2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/400-62-0x000001EBDF9D0000-0x000001EBDF9D2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/400-365-0x000001EBF2930000-0x000001EBF2A30000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/400-60-0x000001EBDF500000-0x000001EBDF600000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/400-67-0x000001EBEFEC0000-0x000001EBEFEC2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/400-65-0x000001EBEFE00000-0x000001EBEFE02000-memory.dmp

      Filesize

      8KB

      Download

    • memory/400-115-0x000001EBF24A0000-0x000001EBF24A2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/400-119-0x000001EBF24C0000-0x000001EBF24C2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/3024-43-0x0000017F0A7D0000-0x0000017F0A8D0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/3024-45-0x0000017F0A7D0000-0x0000017F0A8D0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/3596-203-0x0000018DA9300000-0x0000018DA9400000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/3596-253-0x0000018DB9B30000-0x0000018DB9B50000-memory.dmp

      Filesize

      128KB

      Download

    • memory/3596-247-0x0000018DB9840000-0x0000018DB9860000-memory.dmp

      Filesize

      128KB

      Download

    • memory/4536-1-0x000002243F830000-0x000002243F840000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4536-136-0x0000022445DE0000-0x0000022445DE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4536-137-0x0000022445DF0000-0x0000022445DF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4536-35-0x000002243C9E0000-0x000002243C9E2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4536-16-0x000002243F920000-0x000002243F930000-memory.dmp

      Filesize

      64KB

      Download