Analysis

  • max time kernel
    149s
  • max time network
    142s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    06-06-2024 18:51

General

  • Target

    http://Pornhub.com

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "http://Pornhub.com"
    1⤵
      PID:596
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2712
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:2812
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2212
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3092
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4240
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:1876
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:4524
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:1448

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L5P12AEX\edgecompatviewlist[1].xml

      Filesize

      74KB

      MD5

      d4fc49dc14f63895d997fa4940f24378

      SHA1

      3efb1437a7c5e46034147cbbc8db017c69d02c31

      SHA256

      853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

      SHA512

      cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\75FVKOYU\ph-icons[1].css

      Filesize

      14KB

      MD5

      bf4480dc562ee61b0d262ebb06cdd0fa

      SHA1

      568f01924112e93cbe8bf8120caed1583b227b31

      SHA256

      081e91f268daf5eb40ce9e7ce995cf7943b4f13543abfaf54c35791cafe14797

      SHA512

      f73a31ec761ab3f7712136fcfd5c4e42f5882584dec162ce32b15383cea0cdd084513f3a08231210bed907fe3c61b42215fb4d3efa0d4475ec08ee6d96000593

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZCDBBZYD\front-index-pc[1].css

      Filesize

      83KB

      MD5

      99c3e38f93169e8a4c044c8c13076892

      SHA1

      3c53abb1bb8f270021c5330ac908e24200e22099

      SHA256

      9da967616725173da96dd39689f7c06a06347104d41011047765ac87aed0acd7

      SHA512

      c719eab10a0cc4565d136ab74117d202ce61a386c2a71d4a9c3be5d005972475c62b3c6a9866695a0c6107fb2b19ca82441eb07604ce24ee714129586238227f

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\13IAKYP6\www.pornhub[1].xml

      Filesize

      17B

      MD5

      3ff4d575d1d04c3b54f67a6310f2fc95

      SHA1

      1308937c1a46e6c331d5456bcd4b2182dc444040

      SHA256

      021a5868b6c9e8beba07848ba30586c693f87ac02ee2ccaa0f26b7163c0c6b44

      SHA512

      2b26501c4bf86ed66e941735c49ac445d683ad49ed94c5d87cc96228081ae2c8f4a8f44a2a5276b9f4b0962decfce6b9eeee38e42262ce8d865d5df0df7ec3d6

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\13IAKYP6\www.pornhub[1].xml

      Filesize

      13B

      MD5

      c1ddea3ef6bbef3e7060a1a9ad89e4c5

      SHA1

      35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

      SHA256

      b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

      SHA512

      6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\59D76868C250B3240414CE3EFBB12518_20EE82064EA4952B4E13904F8FA7AA50

      Filesize

      471B

      MD5

      50a5e2f740def3b4006fe5cd8874bdc2

      SHA1

      79b056415bbbaf6aaf56355ce99de9c97eea00d4

      SHA256

      644935ae3ecf30c01644ad0017f3fa333b906b6cdb49246ead3f733391a84db8

      SHA512

      cab9b151006ae1657bc8dc0910f166b4d58128eee77f4738743b9d7d7651bf5b20ef9f75423f2886db923928c6fad9c26aa7d4ef296033015de88d415524489c

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\59D76868C250B3240414CE3EFBB12518_20EE82064EA4952B4E13904F8FA7AA50

      Filesize

      400B

      MD5

      f154111b6c986a15590a0fe128a2e718

      SHA1

      eed8ad5a03c26f7b4c663ea75b4db788a4804f27

      SHA256

      7f1d03f8348037fb7d0796f21f77ac4fb55a7369f0f51f005266bb1e950513c5

      SHA512

      f1c2a0d9856d968bb75dad039e86884dc57169ef000a40257cd6671b6609dbcda9888886e40d5b889ec19b9a63af6dd0c4f0f6e41e3093145a7da3f0b1026e19

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\59D76868C250B3240414CE3EFBB12518_3468CB665924E25AA02FBCBC797F1BBE

      Filesize

      400B

      MD5

      8cd6e68d342f5232f88525d57e37b9ef

      SHA1

      777a0908a46008fee607bc7ed13d2f0d85106026

      SHA256

      6b8ab1faaefbcc12827133a1c4295676822adc26d43e038fefe722a1e69bb228

      SHA512

      290befb41be888b53c173898855e6cc7833cd0344c94cb9d0223b10128d06790a1b7905533437477a6197ad3916ed348296d32f5e00d3be4412daf8344e75f47

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\78GCD38B\favicon[1].ico

      Filesize

      1KB

      MD5

      bf5b6c805abb9d242e0eefe8f85e9253

      SHA1

      7430ff53470894ca5d22d074c1569efc3b72b95d

      SHA256

      edff483f89d1eeef57d191848be78a7f52313af079c116bf714a0f5d5b57e9c5

      SHA512

      b653e0840beab0200a3b97c5edeaf3145d2c1b8425d844f464e9aa2d61c1f51253b1e760e095e5086244415a864ed31673dd85290ac04841095d68a74ab2e19c

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\UTR6PEGR\suggestions[1].en-US

      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    • memory/2712-16-0x00000251B5720000-0x00000251B5730000-memory.dmp

      Filesize

      64KB

    • memory/2712-35-0x00000251B4740000-0x00000251B4742000-memory.dmp

      Filesize

      8KB

    • memory/2712-1-0x00000251B5630000-0x00000251B5640000-memory.dmp

      Filesize

      64KB

    • memory/3092-45-0x00000243FD100000-0x00000243FD200000-memory.dmp

      Filesize

      1024KB

    • memory/4240-474-0x00000192BD2D0000-0x00000192BD2D2000-memory.dmp

      Filesize

      8KB

    • memory/4240-583-0x00000192A5790000-0x00000192A57A0000-memory.dmp

      Filesize

      64KB

    • memory/4240-356-0x00000192B7E20000-0x00000192B7E40000-memory.dmp

      Filesize

      128KB

    • memory/4240-239-0x00000192B8180000-0x00000192B81A0000-memory.dmp

      Filesize

      128KB

    • memory/4240-459-0x00000192BD900000-0x00000192BDA00000-memory.dmp

      Filesize

      1024KB

    • memory/4240-458-0x00000192BD700000-0x00000192BD800000-memory.dmp

      Filesize

      1024KB

    • memory/4240-472-0x00000192BD2C0000-0x00000192BD2C2000-memory.dmp

      Filesize

      8KB

    • memory/4240-476-0x00000192BD2F0000-0x00000192BD2F2000-memory.dmp

      Filesize

      8KB

    • memory/4240-70-0x0000018AA3FE0000-0x0000018AA40E0000-memory.dmp

      Filesize

      1024KB

    • memory/4240-470-0x00000192BD200000-0x00000192BD202000-memory.dmp

      Filesize

      8KB

    • memory/4240-468-0x00000192BD1C0000-0x00000192BD1C2000-memory.dmp

      Filesize

      8KB

    • memory/4240-572-0x00000192A5790000-0x00000192A57A0000-memory.dmp

      Filesize

      64KB

    • memory/4240-571-0x00000192A5790000-0x00000192A57A0000-memory.dmp

      Filesize

      64KB

    • memory/4240-585-0x00000192A5790000-0x00000192A57A0000-memory.dmp

      Filesize

      64KB

    • memory/4240-584-0x00000192A5790000-0x00000192A57A0000-memory.dmp

      Filesize

      64KB

    • memory/4240-375-0x00000192B7E80000-0x00000192B7EA0000-memory.dmp

      Filesize

      128KB

    • memory/4240-582-0x00000192A5790000-0x00000192A57A0000-memory.dmp

      Filesize

      64KB

    • memory/4240-581-0x00000192A5790000-0x00000192A57A0000-memory.dmp

      Filesize

      64KB

    • memory/4240-580-0x00000192A5790000-0x00000192A57A0000-memory.dmp

      Filesize

      64KB

    • memory/4240-579-0x00000192A5790000-0x00000192A57A0000-memory.dmp

      Filesize

      64KB

    • memory/4240-578-0x00000192A5790000-0x00000192A57A0000-memory.dmp

      Filesize

      64KB

    • memory/4240-570-0x00000192A5790000-0x00000192A57A0000-memory.dmp

      Filesize

      64KB

    • memory/4240-569-0x00000192A5790000-0x00000192A57A0000-memory.dmp

      Filesize

      64KB

    • memory/4240-568-0x00000192A5790000-0x00000192A57A0000-memory.dmp

      Filesize

      64KB

    • memory/4240-567-0x00000192A5790000-0x00000192A57A0000-memory.dmp

      Filesize

      64KB

    • memory/4240-566-0x00000192A5790000-0x00000192A57A0000-memory.dmp

      Filesize

      64KB

    • memory/4240-565-0x00000192A5790000-0x00000192A57A0000-memory.dmp

      Filesize

      64KB

    • memory/4240-64-0x00000192A5C90000-0x00000192A5C92000-memory.dmp

      Filesize

      8KB

    • memory/4240-66-0x00000192A5CB0000-0x00000192A5CB2000-memory.dmp

      Filesize

      8KB

    • memory/4240-68-0x00000192A5CD0000-0x00000192A5CD2000-memory.dmp

      Filesize

      8KB