Overview

overview

4

Static

static

1

downloads.html

windows11-21h2-x64

1

downloads.html

windows10-1703-x64

4

downloads.html

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    29/05/2024, 15:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    downloads.html

  • Size

    43KB

  • MD5

    0fc287167df45b4f18cd6a85425c7c83

  • SHA1

    2a5d52b1bc961cff3074c2cc82ae8d49eecc458e

  • SHA256

    0a5b63d33b6c9026cbd2088035022746b1861b36fd43cace12484fb65fa599d8

  • SHA512

    ccd55b401582a5e2c474e377aa1088c12ea786724144f4f130397f9339fb415e1053f69eea291b1dae768a918631e6ba88121c357315e5a94428299ccfc22108

  • SSDEEP

    768:AdSOjNggsPakJEOSry0vbAUpcWAXm+USiIdXKz4Ohq1:S2gstcvbXpcJXySiQG4Oc1

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "C:\Users\Admin\AppData\Local\Temp\downloads.html"
    1⤵
      PID:1684
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2452
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:3688
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4332
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3364
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:4364
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:1816
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:3040

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q7BUKSPQ\edgecompatviewlist[1].xml
            Filesize

            74KB

            MD5

            d4fc49dc14f63895d997fa4940f24378

            SHA1

            3efb1437a7c5e46034147cbbc8db017c69d02c31

            SHA256

            853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

            SHA512

            cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8XX379XT\apstag[1].js
            Filesize

            304KB

            MD5

            7e37c61c24c4f874b286570f1eebc0ea

            SHA1

            a7d36bc535c250db1c76d4f8c1bce73f38a5d8c1

            SHA256

            38ddbe47a6c50552223935c9c5553c3cb17292cfc08b33d4d2c40c45baf2174c

            SHA512

            3dfd6d90e5c3fc3855ede0680881ff4120d752b5cdcedd9d5b18a49a2ff33b7d642064c34be3c1413ef68ddf10a2465e715fffc183833c2befbf0af24bf9bd73

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8XX379XT\f[1].txt
            Filesize

            92KB

            MD5

            fdde8f9ec970a4f46f8d627cc5d19110

            SHA1

            28416f996b377c30a410df7990b493e76d2da69a

            SHA256

            19fbef4127f650433ed529cd50c7af9241e9aa19cf899a5bbf8ea866757ce2e6

            SHA512

            be8bbc4c529fc66635563160faae70c33844e9c4f91f944e619d85ab3f951de72795da0ffe1b253a12a0d8f57dba79eb04a6b170b5f2c69036dc40de886f81c5

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A1DPKH2E\advally-5.31.0[1].js
            Filesize

            113KB

            MD5

            03f1f600e5a37f9b7ec429ee3aaaabac

            SHA1

            7cee37ae66b911b4cd056c200f36807af5d8cd60

            SHA256

            f7ced082166bf55fe621de4ab918f19281c5da0a09b24976260bb6c91e1150f1

            SHA512

            3f84de0e605d8071fb1d346436ce1f396ffe9ec846df88ed6f6b52b90e8a3164ecef0d88c325d4b8959ae17f2408a03881c1478b718902ef2772f512648fe67b

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A1DPKH2E\jquery.min[1].js
            Filesize

            87KB

            MD5

            8fb8fee4fcc3cc86ff6c724154c49c42

            SHA1

            b82d238d4e31fdf618bae8ac11a6c812c03dd0d4

            SHA256

            ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

            SHA512

            f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A1DPKH2E\js[1].js
            Filesize

            288KB

            MD5

            fe2bf5df707758ef3b4b68b2700c62ac

            SHA1

            a000552ec3bd736c1c0e32ed379bdfdcbde0eb3c

            SHA256

            f71e64ec57c66cd8a114f35ce19e88f8f1f5069008035fb71c3d6a24dfe76525

            SHA512

            0c12abfa98403d7a90355221d3ba21fe9a41f9951061e2dcf3316439018662bb6e0ba6f12a9e506ed2ab037cdaf570c5cb9bef1893a856af6d3561a7f016fcdd

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G5T69BQK\f[1].txt
            Filesize

            452KB

            MD5

            792b015dcdb96e6ed4c8221f7974e3e2

            SHA1

            a2d458dd3003cb6f90f6bfa792eb4cfca17d2be8

            SHA256

            ae1d946d7305119960251e362f5bf0ca500511b0f438cf0183e9af1c5ed86684

            SHA512

            46e66abac8df07b35c246b672c3bb5e8333d145893fe697c3c769f7642229ffd0b739d8a5e446b3b904ea975fd08faa912a3a1439dd0dcd7de891053932dbb5a

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G5T69BQK\prebid-8.45.0[1].js
            Filesize

            399KB

            MD5

            464e2015c7a6702d33e4ba2e2f8fed7d

            SHA1

            b6c5d130b986d885c6a019393fb1655a4dbb65c2

            SHA256

            55db3a711f2c2addcf22aae386dbbe804dc92f4f80495971e040d6d6cb2a1592

            SHA512

            c2ad483ecd45b2432c434a9e5d5db5da0e759a6b98babde677ec82b08e43453b3b5ef31673893e64c1f76abb7ea3df76ecded5219b8c29bfce0fd7d5303fa302

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\J09HUYAN\rules[1].css
            Filesize

            298B

            MD5

            daf73d517bfadfb52197ba2eaaf2fff1

            SHA1

            0b2f7f9447f79cc40b618ee186df9c1e2b03c0c1

            SHA256

            c870559125a8d8a0a6398d8e91f458de442eb28583bd2c3bd1cb08dd475c31dc

            SHA512

            159e8d1e0a473a94585b0978e9ee2bf044a812ae44ef60bfe82cfad4b831c79f0fe7e701eacc68137b6d32b6d14db97747f1eb58f30ccef562e7f4b5ca20fd58

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\J09HUYAN\rules[1].js
            Filesize

            24KB

            MD5

            a4faee189ec9937f4c67f3eeba5ef177

            SHA1

            0907f3e15e5ce406693479370a3020805c9c29c4

            SHA256

            72861d2db5584507f9aa8863b27256fc303ab0818ebdcd56a9d8ab3ed6df958c

            SHA512

            bf27ae6b85c44ba9b6630db25d3fcb48eb37032d0739eaeeeb0f28453b09150dfec5ec768b74793d0d72e8364a18449f2bc873e192f7984e15eb6df6d5dcbf84

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\HU7FG3CM\www.unknowncheats[1].xml
            Filesize

            1KB

            MD5

            d564ce418193188f4d11e2370282ace1

            SHA1

            24ff4c5cb8e3f8ee7ea4ea35c294cab60a38eb0b

            SHA256

            b38925e6ccf61f911c12b0c7671ec104229c91cb3252accca32130a70f78caa9

            SHA512

            498790ee067f99e0eaf07e5d1843215f85aeca0f6e9f755b5511cc08e54ef8679265ef6fa2b055c23c806b89cb3e67791d12993a673fd938d68edcfbaac58887

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\HU7FG3CM\www.unknowncheats[1].xml
            Filesize

            1KB

            MD5

            1ca16e51861bfcac30b860c96a36f36b

            SHA1

            c6057ec81028a911a0b05db1d3519fb16326b089

            SHA256

            6dc1744dcceaef7052898ef2f7af797907d8cb2d9f17eea74bae46d50603ca7e

            SHA512

            43d622987d426686000950e38619d8ebfd993b6c21ce168a1c9a0c3bee5e39005c65e40ef9eb52a9e71faa8038596b43ce5d50ed283623cbf8be30b349839c64

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\HU7FG3CM\www.unknowncheats[1].xml
            Filesize

            1KB

            MD5

            345845feb9bc4d6de2d65e14e4f153c3

            SHA1

            cc7930fa9d879bccd4d7ef49b07c847ccfd80fbc

            SHA256

            d935a6a816027a1194675d9e14d5ea9e7a7c92b45717f2a7f5beb0012033f3f6

            SHA512

            634f4663303ca4b2ca4a7a82acfbe6efec8c922974d91b6e5b7883913b525efe587ac3bb1ed5c63026d92f14dc6f607a695a6a51d683b2ee484d365437eda7dd

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
            Filesize

            4KB

            MD5

            1bfe591a4fe3d91b03cdf26eaacd8f89

            SHA1

            719c37c320f518ac168c86723724891950911cea

            SHA256

            9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

            SHA512

            02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\7J6OEYM5\favicon[1].ico
            Filesize

            1KB

            MD5

            422f88a9295e3097ad9fe2fa62c893a3

            SHA1

            8dc7a222c0aced6aca94c55c31a1b2d806129fd7

            SHA256

            0293549bfc12fc9a27459e84ae65a269953e81f10c4a7246c397b3f7dcda4b95

            SHA512

            6c43be2811407882c8fd315e4fcce1912584dda06bae4fc50b6ea0536f60baca6cc0389e57c4ec45548d7fd83883eb5c1df23783633c39a57ede8b9444491baf

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\SV8FMWX2\suggestions[1].en-US
            Filesize

            17KB

            MD5

            5a34cb996293fde2cb7a4ac89587393a

            SHA1

            3c96c993500690d1a77873cd62bc639b3a10653f

            SHA256

            c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

            SHA512

            e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

            Download Submit

          • memory/2452-16-0x0000019732F20000-0x0000019732F30000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2452-0-0x0000019732E20000-0x0000019732E30000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2452-35-0x00000197302C0000-0x00000197302C2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/3040-697-0x000002B7535A0000-0x000002B7535A2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/3040-703-0x000002B755B90000-0x000002B755B92000-memory.dmp

            Filesize

            8KB

            Download

          • memory/3040-651-0x000002B751BD0000-0x000002B751BF0000-memory.dmp

            Filesize

            128KB

            Download

          • memory/3040-337-0x000002B741000000-0x000002B741100000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/3040-666-0x000002B7535B0000-0x000002B7535D0000-memory.dmp

            Filesize

            128KB

            Download

          • memory/3040-709-0x000002B755BC0000-0x000002B755BC2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/3364-47-0x00000288F5680000-0x00000288F5780000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/4364-294-0x000001CECDBE0000-0x000001CECDBE2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4364-292-0x000001CECDBC0000-0x000001CECDBC2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4364-298-0x000001CECDC30000-0x000001CECDC32000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4364-302-0x000001CECDF10000-0x000001CECDF12000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4364-304-0x000001CECDF30000-0x000001CECDF32000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4364-300-0x000001CECDF00000-0x000001CECDF02000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4364-217-0x000001CECEC90000-0x000001CECED90000-memory.dmp

            Filesize

            1024KB

            Download

          • memory/4364-144-0x000001CECE970000-0x000001CECE990000-memory.dmp

            Filesize

            128KB

            Download

          • memory/4364-57-0x000001CECD190000-0x000001CECD192000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4364-59-0x000001CECD1D0000-0x000001CECD1D2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4364-55-0x000001CECD170000-0x000001CECD172000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4364-296-0x000001CECDC20000-0x000001CECDC22000-memory.dmp

            Filesize

            8KB

            Download