Overview

overview

7

Static

static

1

URLScan

urlscan

https://pornhub.com

windows7-x64

1

https://pornhub.com

windows10-1703-x64

4

https://pornhub.com

windows10-2004-x64

1

https://pornhub.com

windows11-21h2-x64

1

https://pornhub.com

android-10-x64

7

https://pornhub.com

android-11-x64

7

https://pornhub.com

android-13-x64

7

https://pornhub.com

android-9-x86

7

https://pornhub.com

macos-10.15-amd64

4

https://pornhub.com

debian-12-armhf

https://pornhub.com

debian-12-mipsel

https://pornhub.com

debian-9-armhf

https://pornhub.com

debian-9-mips

https://pornhub.com

debian-9-mipsel

https://pornhub.com

ubuntu-18.04-amd64

3

https://pornhub.com

ubuntu-20.04-amd64

4

https://pornhub.com

ubuntu-22.04-amd64

1

https://pornhub.com

ubuntu-24.04-amd64

1

Resubmissions

29-05-2024 19:50

240529-ykjhpsff8v 7

29-05-2024 19:47

240529-yhndwaff2v 7

Analysis

  • max time kernel
    149s
  • max time network
    142s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    29-05-2024 19:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://pornhub.com

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 28 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://pornhub.com"
    1⤵
      PID:3508
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1212
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:4572
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4648
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4268
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:4292
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:4176

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XCFODRP5\edgecompatviewlist[1].xml
      Filesize

      74KB

      MD5

      d4fc49dc14f63895d997fa4940f24378

      SHA1

      3efb1437a7c5e46034147cbbc8db017c69d02c31

      SHA256

      853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

      SHA512

      cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RC7GQ9VP\ph-icons[1].css
      Filesize

      14KB

      MD5

      bc0fc65efc199e168060e0393fc55630

      SHA1

      8d4b6c3bdee1baafa42dbe044eaffdee4b3ff327

      SHA256

      e70c0585fa33bb32d968fc3d4fdd0539f92dcc5ca24ae383b0079a3d04d82efe

      SHA512

      b7799b9b5dba90ad8ba845a6a1f89de7e61e9f22fb9f95f48e50c080a006a0ffc2ebe1edd3ba99333317c2a1d199329398ae9d0f604b5c37f40f9295d07ebc10

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\V4L0NGN9\front-index-pc[1].css
      Filesize

      83KB

      MD5

      0874dc6028db84164b84d4ab4c5fdf69

      SHA1

      ed1843d8ac7e292c3755a4fc547f5513685ddb1d

      SHA256

      1a0e92713f8a908eecb47cb2fcdb7a2844445f0ea4b09a2f7354559a5fe746dc

      SHA512

      099cb91764e3f395fba99306ab6d9328c01615531d67f45d8a1a1ccb85aec6f2cbbcc995560ccc85de4529e65c37376208e47b2c006ca518700a3ce0c0d83dbc

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\RQHEPFZF\www.pornhub[1].xml
      Filesize

      13B

      MD5

      c1ddea3ef6bbef3e7060a1a9ad89e4c5

      SHA1

      35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

      SHA256

      b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

      SHA512

      6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\560TDRZE\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\8C5EMANJ\favicon[1].ico
      Filesize

      1KB

      MD5

      bf5b6c805abb9d242e0eefe8f85e9253

      SHA1

      7430ff53470894ca5d22d074c1569efc3b72b95d

      SHA256

      edff483f89d1eeef57d191848be78a7f52313af079c116bf714a0f5d5b57e9c5

      SHA512

      b653e0840beab0200a3b97c5edeaf3145d2c1b8425d844f464e9aa2d61c1f51253b1e760e095e5086244415a864ed31673dd85290ac04841095d68a74ab2e19c

      Download Submit

    • memory/1212-16-0x0000021F43420000-0x0000021F43430000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1212-0-0x0000021F43320000-0x0000021F43330000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1212-35-0x0000021F423B0000-0x0000021F423B2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4268-43-0x00000203DEE00000-0x00000203DEF00000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4268-45-0x00000203DEE00000-0x00000203DEF00000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4268-44-0x00000203DEE00000-0x00000203DEF00000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4292-308-0x0000024F52CF0000-0x0000024F52CF2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4292-316-0x0000024F53A70000-0x0000024F53B70000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4292-298-0x0000024F52CC0000-0x0000024F52CC2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4292-296-0x0000024F52CA0000-0x0000024F52CA2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4292-289-0x0000024F528B0000-0x0000024F529B0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4292-310-0x0000024F538B0000-0x0000024F538B2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4292-306-0x0000024F52CE0000-0x0000024F52CE2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4292-294-0x0000024F4F2E0000-0x0000024F4F2E2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4292-312-0x0000024F4EA80000-0x0000024F4EAA0000-memory.dmp

      Filesize

      128KB

      Download

    • memory/4292-292-0x0000024F4ED20000-0x0000024F4ED22000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4292-315-0x0000024F4F1A0000-0x0000024F4F2A0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4292-288-0x0000024F528B0000-0x0000024F529B0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4292-325-0x0000024F4EDC0000-0x0000024F4EDE0000-memory.dmp

      Filesize

      128KB

      Download

    • memory/4292-330-0x0000024F529B0000-0x0000024F52AB0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4292-332-0x0000024F53C30000-0x0000024F53D30000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4292-397-0x0000024F4EE40000-0x0000024F4EE60000-memory.dmp

      Filesize

      128KB

      Download

    • memory/4292-420-0x0000024F4C470000-0x0000024F4C472000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4292-557-0x0000024F3BA90000-0x0000024F3BAA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4292-556-0x0000024F3BA90000-0x0000024F3BAA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4292-63-0x0000024F4C220000-0x0000024F4C222000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4292-65-0x0000024F4C240000-0x0000024F4C242000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4292-67-0x0000024F4C400000-0x0000024F4C402000-memory.dmp

      Filesize

      8KB

      Download