Overview

overview

10

Static

static

1

URLScan

urlscan

10

https://coinsports.f...

windows10-1703-x64

4

Analysis

  • max time kernel
    149s
  • max time network
    144s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    03-06-2024 13:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://coinsports.fun/teams/20

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 5 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 20 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://coinsports.fun/teams/20"
    1⤵
      PID:588
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1116
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:648
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1848
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1828
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:3068
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:4244
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:708
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:1296
    • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
      C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
      1⤵
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:5196
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:5212
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:5968

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
      Filesize

      4KB

      MD5

      1bfe591a4fe3d91b03cdf26eaacd8f89

      SHA1

      719c37c320f518ac168c86723724891950911cea

      SHA256

      9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

      SHA512

      02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V28C7N3J\edgecompatviewlist[1].xml
      Filesize

      74KB

      MD5

      d4fc49dc14f63895d997fa4940f24378

      SHA1

      3efb1437a7c5e46034147cbbc8db017c69d02c31

      SHA256

      853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

      SHA512

      cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\CommonMerged[1]
      Filesize

      591KB

      MD5

      0a87936cf5a69c4acbf907836d8a39d3

      SHA1

      7e8aa29618d9f32ac4de08158b07553dd95e04ba

      SHA256

      da5df576197529c480646a41bf2749b8266fd09345438380168ce46b5c9edf76

      SHA512

      6b44d4eaa3fc4be2c17ef5288d93eb68ecdf996478c2635cc38380de3131f654211aa3bcde3d76250c81bbcb7daabe62f1cbf0f83a5ce11d3418995199af3b05

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\loader[2]
      Filesize

      41KB

      MD5

      a38cb2d5a0c4f4233b535d38e2dd8967

      SHA1

      0875bbe8c942b21f5cd9363ea696fbe0d77fb25d

      SHA256

      87f6cb22072570b4dba3d808d6f8c9ce75ff7c49092259890865eb0459307990

      SHA512

      69547918b8f43488091791c745ca8542ad3ca8f4a557514624b569c664af7a3dd87c2f814044a79c75e1667f49ac9bc63e7a050a0694180fe3cf270543a67848

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\controls[3]
      Filesize

      21KB

      MD5

      a4a318511d80be37665e73ec973b81e1

      SHA1

      920d4c59429eaed48793adf1b2a022f02845dfae

      SHA256

      487bd289a6ab1696dd8a4131e450cc750705ccca1a8c2ccd72877ccd1bb64ba2

      SHA512

      7ff0ec31a5286633b7c76dda03437c61f1f8ef792e46a600443c6c8ed2a717540ded82f3b4bd10d34a4f13a912e12afb07d221d4150e7ff4e761945e0ec95afa

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\plugin.f12[1]
      Filesize

      161KB

      MD5

      6ffc76825ac5a364de7857cd9801a394

      SHA1

      7d2c4d675b7cc290d8fa5cd6203b445ddeb6f601

      SHA256

      247994a58c941356b9516722e0961eb54af73b28cc4bc8b66d0704014f3d466f

      SHA512

      fa6e8a64c2b4c1ceeb983944c9220fdb76aa6cc97e630677ce39cfc15ddf4b14db8e47c99b8694477b2f73b3c7698c57071c08262936091507783ad8af541847

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\isDebugBuild[2]
      Filesize

      126B

      MD5

      db73f776d86f34f1b1a868fcd913ba0b

      SHA1

      e523e3ae23da5e659ad0cc60f65ef42765c5fce9

      SHA256

      f9d7461b859197d4bb01a9f6bda6b8644fe19da7098a2abbe4cabeb6068b05d3

      SHA512

      0d3f12acb10d570dfa0c026fdbeb8fc4fcafbd41d38667ea4dd911fb7be3e5b2f3c52e27057ed7fde7c5a41935ab19a9b29f32fd005a108bd95234370516e820

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\F12\memoryAnalyzer\settings.json
      Filesize

      3B

      MD5

      ecaa88f7fa0bf610a5a26cf545dcd3aa

      SHA1

      57218c316b6921e2cd61027a2387edc31a2d9471

      SHA256

      f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5

      SHA512

      37c783b80b1d458b89e712c2dfe2777050eff0aefc9f6d8beedee77807d9aeb2e27d14815cf4f0229b1d36c186bb5f2b5ef55e632b108cc41e9fb964c39b42a5

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GFIKWQ4B\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\K8171U3A\9PRZ29N6.htm
      Filesize

      615B

      MD5

      922c3711c10a3713b7399125a5db3bda

      SHA1

      f1633b2bce8d86f7baef68e6226609a71e644e78

      SHA256

      b9acc75cbed507b46da47126d90f0c2091026d1d53cbd021c3ea40a62f5fbd20

      SHA512

      0a28bf050c47587e408221da6ac33329018208ddaaadc2826e15130e6f7517f760afaf7ccbb5d0532d7e8492239be61dfac7f661bf6c298cd39bd394777d53bf

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\loader[1].htm
      Filesize

      1KB

      MD5

      3584d59beb128131225939a1fde44219

      SHA1

      ba6eb988dd086182998812734b85bf02756f1a53

      SHA256

      a97ecaf0f7969fd8a0f75c338fb755e6279ddcffa2d744623e3e30e2ea58badf

      SHA512

      0c7257f10ca1454d14a8c88dd87656d1859e010eccf518fa178f5d33cbf03d4a67a19bc13957b8d67774bc52bd687153c2750cc12897506273f126aeab122a34

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\20[1].htm
      Filesize

      1KB

      MD5

      2009843d61b2035febd06337ecbc0f1d

      SHA1

      ae5f7480dd17ac0a8695b37ead27f82c84e0b03f

      SHA256

      c7d7e0d2aa1b567675422b8bffa1561bb9bcb7833e4dffefe357226de87e94b3

      SHA512

      e006a4fe567a2e3bb84010e2c8b562c54446cab94c22c888195f1e2fc440b4a522138387185cb5b1d028c3320245262c86c365736bcd0f3cec10e32135e2f387

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
      Filesize

      717B

      MD5

      822467b728b7a66b081c91795373789a

      SHA1

      d8f2f02e1eef62485a9feffd59ce837511749865

      SHA256

      af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

      SHA512

      bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\1B1495DD322A24490E2BF2FAABAE1C61
      Filesize

      299B

      MD5

      5ae8478af8dd6eec7ad4edf162dd3df1

      SHA1

      55670b9fd39da59a9d7d0bb0aecb52324cbacc5a

      SHA256

      fe42ac92eae3b2850370b73c3691ccf394c23ab6133de39f1697a6ebac4bedca

      SHA512

      a5ed33ecec5eecf5437c14eba7c65c84b6f8b08a42df7f18c8123ee37f6743b0cf8116f4359efa82338b244b28938a6e0c8895fcd7f7563bf5777b7d8ee86296

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
      Filesize

      192B

      MD5

      c5d5ad817d725c28e9fbba8799222b2f

      SHA1

      a30aa945541114daf0857b49597e35a491d60daa

      SHA256

      8a00fc3a35caf33aaa86264275cd331ed3c6cab7a078a9425a1c765833ec2538

      SHA512

      d4b70aedaa669d34183c575f96bf3836949b85bd82c6915ef209ec196ff12f16eb167a0c6b6836bc4f57fa6187ac4cd62d55974e028aa1abfe070265b9ceb126

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61
      Filesize

      192B

      MD5

      ae847406b3cb7bc14537c1e184d9c5d7

      SHA1

      73209f1cd674848051568860d6e50e0b1f98b1d9

      SHA256

      f25a826d99503a30355a62ced94e5b577821aa55c23ef8261c519bc219c3320c

      SHA512

      8aeca7c8fd4d735f2ec0377b7b9eaada8d1ff679a06b7f884ee7d13816968fb5073483062977e937fa9841536710715dc6a90a3cfd8a51d46b5d1dc5737b27e3

      Download Submit
    • memory/708-109-0x0000025EAF540000-0x0000025EAF640000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/708-188-0x0000025EBFA60000-0x0000025EBFA80000-memory.dmp
      Filesize

      128KB

      Download
    • memory/1116-0-0x000002B7C4F20000-0x000002B7C4F30000-memory.dmp
      Filesize

      64KB

      Download
    • memory/1116-16-0x000002B7C5020000-0x000002B7C5030000-memory.dmp
      Filesize

      64KB

      Download
    • memory/1116-35-0x000002B7C25B0000-0x000002B7C25B2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1116-85-0x000002B7CB6F0000-0x000002B7CB6F1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1116-84-0x000002B7CB6E0000-0x000002B7CB6E1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1296-135-0x000001B3F3380000-0x000001B3F3480000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/1296-185-0x000001B3F4B00000-0x000001B3F4C00000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/1296-267-0x000001B3F7A40000-0x000001B3F7B40000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/1296-138-0x000001B3F3910000-0x000001B3F3A10000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/1296-321-0x000001B3F8E00000-0x000001B3F8F00000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/1296-305-0x000001B3F8A50000-0x000001B3F8B50000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/1296-293-0x000001B3F8000000-0x000001B3F8100000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/1296-129-0x000001B3F3200000-0x000001B3F3300000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/1296-127-0x000001B3F3200000-0x000001B3F3300000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/1296-128-0x000001B3F3200000-0x000001B3F3300000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/1828-45-0x0000028AFE200000-0x0000028AFE300000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/3068-90-0x0000028FD9D00000-0x0000028FD9E00000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/3068-61-0x0000028FD9D00000-0x0000028FD9E00000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/3068-68-0x0000028FEA0C0000-0x0000028FEA0C2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3068-66-0x0000028FEA000000-0x0000028FEA002000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3068-64-0x0000028FD9AE0000-0x0000028FD9AE2000-memory.dmp
      Filesize

      8KB

      Download