Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://haxtoolqwert...

windows10-1703-x64

6

Analysis

  • max time kernel
    139s
  • max time network
    132s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    04/06/2024, 16:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://haxtoolqwerty.000webhostapp.com/A77kewRK3yl8T5XKW7exHi86yKEic1qD.html

Score
6/10
phishing

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Detected phishing page
    phishing
  • Drops file in Windows directory 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 14 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://haxtoolqwerty.000webhostapp.com/A77kewRK3yl8T5XKW7exHi86yKEic1qD.html"
    1⤵
      PID:4568
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1484
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:1220
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:988
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1316
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:4776
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x3ec
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4316
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:1472
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4592
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
        PID:2364
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Modifies registry class
        PID:5112

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q7BUKSPQ\edgecompatviewlist[1].xml
              Filesize

              74KB

              MD5

              d4fc49dc14f63895d997fa4940f24378

              SHA1

              3efb1437a7c5e46034147cbbc8db017c69d02c31

              SHA256

              853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

              SHA512

              cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
              Filesize

              4KB

              MD5

              1bfe591a4fe3d91b03cdf26eaacd8f89

              SHA1

              719c37c320f518ac168c86723724891950911cea

              SHA256

              9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

              SHA512

              02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\KUA8XU2O\favicon[1].ico
              Filesize

              758B

              MD5

              84cc977d0eb148166481b01d8418e375

              SHA1

              00e2461bcd67d7ba511db230415000aefbd30d2d

              SHA256

              bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c

              SHA512

              f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF147CD5306C9945A0.TMP
              Filesize

              24KB

              MD5

              4b8719bb35a7d38d2c038f0fe8dfa30c

              SHA1

              78233e7d0bab9aef3a23d6beadd06d14d6cdcf8e

              SHA256

              4f7dcd22a3f7239af42d13596a824e320a283d37e19c9a8e9a54847d8f967c89

              SHA512

              f67bd4c9ccc3c27dbd90f3a531837eaec7e129368bdc6a49371389f9ff3aea5042478decb3a7540d6a47f8709d90b9976ac7c3a5b6e2fbadff04e400d5e5f38b

              Download Submit

            • memory/1316-45-0x00000158111C0000-0x00000158112C0000-memory.dmp

              Filesize

              1024KB

              Download

            • memory/1484-243-0x000001E01CB90000-0x000001E01CB91000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1484-239-0x000001E01CBD0000-0x000001E01CBD1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1484-236-0x000001E021D20000-0x000001E021D22000-memory.dmp

              Filesize

              8KB

              Download

            • memory/1484-215-0x000001E026300000-0x000001E02640C000-memory.dmp

              Filesize

              1.0MB

              Download

            • memory/1484-249-0x000001E026300000-0x000001E02640C000-memory.dmp

              Filesize

              1.0MB

              Download

            • memory/1484-35-0x000001E01CBA0000-0x000001E01CBA2000-memory.dmp

              Filesize

              8KB

              Download

            • memory/1484-0-0x000001E01DA20000-0x000001E01DA30000-memory.dmp

              Filesize

              64KB

              Download

            • memory/1484-16-0x000001E01DB20000-0x000001E01DB30000-memory.dmp

              Filesize

              64KB

              Download

            • memory/1484-186-0x000001E025FD0000-0x000001E025FD1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1484-187-0x000001E025FE0000-0x000001E025FE1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4592-142-0x000001C0B2630000-0x000001C0B2650000-memory.dmp

              Filesize

              128KB

              Download

            • memory/4592-151-0x000001C0B3740000-0x000001C0B3760000-memory.dmp

              Filesize

              128KB

              Download

            • memory/4592-172-0x000001C0C44C0000-0x000001C0C45C0000-memory.dmp

              Filesize

              1024KB

              Download

            • memory/4592-150-0x000001C0B3B00000-0x000001C0B3C00000-memory.dmp

              Filesize

              1024KB

              Download

            • memory/4592-146-0x000001C0B3100000-0x000001C0B3200000-memory.dmp

              Filesize

              1024KB

              Download

            • memory/4592-143-0x000001C0A2400000-0x000001C0A2500000-memory.dmp

              Filesize

              1024KB

              Download

            • memory/4776-61-0x000002675B0D0000-0x000002675B0D2000-memory.dmp

              Filesize

              8KB

              Download

            • memory/4776-65-0x000002676B860000-0x000002676B862000-memory.dmp

              Filesize

              8KB

              Download

            • memory/4776-67-0x000002676B880000-0x000002676B882000-memory.dmp

              Filesize

              8KB

              Download

            • memory/4776-69-0x000002676B8A0000-0x000002676B8A2000-memory.dmp

              Filesize

              8KB

              Download

            • memory/4776-71-0x000002676B8C0000-0x000002676B8C2000-memory.dmp

              Filesize

              8KB

              Download

            • memory/4776-63-0x000002675B0F0000-0x000002675B0F2000-memory.dmp

              Filesize

              8KB

              Download