Overview

overview

4

Static

static

1

URLScan

urlscan

1

http://retro-tards.c...

windows10-1703-x64

4

Resubmissions

28-05-2024 22:57

240528-2xe8lafg91 1

28-05-2024 22:56

240528-2wm7tagh79 4

Analysis

  • max time kernel
    45s
  • max time network
    34s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    28-05-2024 22:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://retro-tards.com

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "http://retro-tards.com"
    1⤵
      PID:4296
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4336
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:3036
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3044
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2504
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4744
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:2308

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E49JWOHD\edgecompatviewlist[1].xml
      Filesize

      74KB

      MD5

      d4fc49dc14f63895d997fa4940f24378

      SHA1

      3efb1437a7c5e46034147cbbc8db017c69d02c31

      SHA256

      853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

      SHA512

      cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8MDM1SCK\c69c23593c9bd5705c7780a200f2a6db[1].woff2
      Filesize

      40KB

      MD5

      8a83d3ea2e60560ba77baec1cce6881a

      SHA1

      c1d1ae592ab0019c8092dabe56875a29d5745b80

      SHA256

      fb1992542fe041232eb0470ec651c97dac516d86bf11d659b542924307142dc9

      SHA512

      5c85f3c34dbc70fcc76ae45536ad1acc313e69d7a4df0e793f5037da64b230d24a53b730644e5e2cf43780bcd37c70286e32d67001a1eafe442d7450a6e44f54

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8MDM1SCK\f4a4890561b3fddfd1fd9a1b27b6d4a4[1].woff2
      Filesize

      39KB

      MD5

      ffe7cc3945dcff0497df9901158ca5c9

      SHA1

      92b86140e39dc5b0ebaaf91ac3147f7ed7379851

      SHA256

      c856336c2c3439ef8a736b40a7b11a7e575979a739c96edf7baed2d1a5b131d8

      SHA512

      46c4ab2acac2269dccb459a04dbb5c959331ecaec9d75f79249909e9c6c1c2cb3ef1ff550cc5ab48c56e445fa84d4358789efddc94786cb8349d90bd79ce24d2

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\910I0G2H\8dbae49e1280328b442be6dfff163124[1].woff2
      Filesize

      41KB

      MD5

      35a11f6a81a4fc01ba1480668513d5ef

      SHA1

      4a7d1f90180d7e2649fe5fa43d03c374285ecbb0

      SHA256

      6394ed8f516a766a09242489bed086da0abec3b608a02104e662abdb026c9d67

      SHA512

      649351d13701bc4505a3c2511ad6845a52054e7531df4aeffeb010885f0167438cb837ff144b09c45a8c76dd96a61ce3b382e09e04785c8f5e525fe0b244d849

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KH244X9F\33696a29f45c1b554a4c12443b998d21[1].woff2
      Filesize

      40KB

      MD5

      4971edf7a4a0359f252d44d4647aa2c2

      SHA1

      b7a585910ed4af3810783f842aa0e39274b76396

      SHA256

      66c862243067d2ed17d8881a57f8593e0dd35a7488babb3b3335111a5d1e3591

      SHA512

      f7c69269d0636b08807b86f716a6d245cc4ad69a91c192208463f7adb9c6950fedb43a9ea0c77f1440c6787106b9e395bfd08ee0f5da983bb29dfc60fafeac59

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PWMZ9L1L\625cf32ea46ae48b58ebd3ff993de469[1].woff2
      Filesize

      41KB

      MD5

      8f4bec1ddf700ed07257978d5663a76d

      SHA1

      f620b74e20e57acad0a9cbc65b72c96567854587

      SHA256

      24f4213242badc483a9657e2a7bae4639f346b140f5c2e2a8e32c731fcb47381

      SHA512

      2e65284fd982d104621a8fc091c93b70d985e52cd2c607ce4e00a5f6d624a17aed63000e7f59dbb612224be06b9cd1ea07a004675e1ade7d1c6aa4cf26a48614

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PWMZ9L1L\e5e43f51d6d7939d8911c861efa5f9b7[1].woff2
      Filesize

      42KB

      MD5

      9826acef05bd6cd0d11f682a193401df

      SHA1

      cfdac096a1f2476bc967259a53bf1b71c4b4306b

      SHA256

      717519629f1213b6c58ec652be28e726006fd45df705f7f6c631f92efdf78633

      SHA512

      451b9d635c0386b4171c46364fdd0ab12be98903bc2721855c3665bfc89068786c0e38bc705b23ca762a06ec91b25bd6d319a9fe234646bbb31ffef7376ff90e

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\VNW7V8RN\f7f4b8a24ebcdebc5db7494e7c73034c[1].png
      Filesize

      753B

      MD5

      c8821b36e182a095b4f0cb9fd95f5cb3

      SHA1

      e4b7dfd02f4cdd073aa48a3c5bbd7ff215186cd6

      SHA256

      c696bee78f4d49052099d54fe46f2fa045f370242463cacdabecb3dd42f7144f

      SHA512

      0539cf925db2d7119514818c45a653c4cd3dfa9c0c0adab7d71b858b3d743a91056e87de700ae45e94b1190b93e37f50841993f74d32e016ca919843ef44156a

      Download Submit

    • memory/2504-44-0x0000016283810000-0x0000016283910000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4336-16-0x0000016D91920000-0x0000016D91930000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4336-35-0x0000016D8EBD0000-0x0000016D8EBD2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4336-124-0x0000016D97EE0000-0x0000016D97EE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4336-123-0x0000016D97ED0000-0x0000016D97ED1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4336-0-0x0000016D91820000-0x0000016D91830000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4744-77-0x000002B1F6320000-0x000002B1F6322000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4744-62-0x000002B1F6090000-0x000002B1F6092000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4744-65-0x000002B1F60C0000-0x000002B1F60C2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4744-67-0x000002B1F60E0000-0x000002B1F60E2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4744-69-0x000002B1F6200000-0x000002B1F6202000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4744-71-0x000002B1F62C0000-0x000002B1F62C2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4744-73-0x000002B1F62E0000-0x000002B1F62E2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4744-75-0x000002B1F6300000-0x000002B1F6302000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4744-60-0x000002B1E3700000-0x000002B1E3800000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4744-59-0x000002B1E5400000-0x000002B1E5500000-memory.dmp

      Filesize

      1024KB

      Download