Overview

overview

10

Static

static

5

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    299s
  • max time network
    299s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    13/06/2024, 22:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    55911bbb62bed8343db2a90ccadfcc75c433b39f83a045efbc9c886fa462ac90.exe

  • Size

    894KB

  • MD5

    b56b3aea7cd01080d85584dd6f4c2db8

  • SHA1

    044500adedb59231dfda799e00fce54e791ff2e2

  • SHA256

    55911bbb62bed8343db2a90ccadfcc75c433b39f83a045efbc9c886fa462ac90

  • SHA512

    45287cb6cc1defa8a5e2c3c1fe640511d32c2dd00203c1c3822a8bbea31a45c41c5c20e91baa2170913044c2adc433d1d2cb6865d189a6f26d4eced51d6d7d17

  • SSDEEP

    12288:vqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga4Tm:vqDEvCTbMWu7rQYlBQcBiT6rprG8aAm

Score
10/10
googlephishing

Malware Config

Signatures

  • Detected google phishing page
    phishinggoogle
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in Windows directory 10 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 26 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\55911bbb62bed8343db2a90ccadfcc75c433b39f83a045efbc9c886fa462ac90.exe
    "C:\Users\Admin\AppData\Local\Temp\55911bbb62bed8343db2a90ccadfcc75c433b39f83a045efbc9c886fa462ac90.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1716
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4368
  • C:\Windows\system32\browser_broker.exe
    C:\Windows\system32\browser_broker.exe -Embedding
    1⤵
    • Modifies Internet Explorer settings
    PID:3628
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3640
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4540
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:4764
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:5056
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:5068
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:2096
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:4112
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:1408
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:648
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:2184
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    PID:1668

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E49JWOHD\edgecompatviewlist[1].xml
    Filesize

    74KB

    MD5

    d4fc49dc14f63895d997fa4940f24378

    SHA1

    3efb1437a7c5e46034147cbbc8db017c69d02c31

    SHA256

    853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

    SHA512

    cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\6KTCIBYQ\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ZBRLKSH4\4Kv5U5b1o3f[1].png
    Filesize

    610B

    MD5

    a81a5e7f71ae4153e6f888f1c92e5e11

    SHA1

    39c3945c30abff65b372a7d8c691178ae9d9eee0

    SHA256

    2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e

    SHA512

    1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\842OHQHD.cookie
    Filesize

    132B

    MD5

    2e367129f5ee0fcdbbd7ce2be98b3da8

    SHA1

    9777b4449bb152f0207fdccd11f9905e517d42fa

    SHA256

    e3c5bc4050888d3d943dcfbd3c24fb11ccc67f0951a41ca3e050f34c8141ff20

    SHA512

    0f75e1cca9ecd88944d4b61177f5475dca9aabaeb54041d759c4347176e52aa5cfb415fa1742e88bbe410d5c1882df3064ae7278bbb583517b6f341ea45e0c9e

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\B1XVIMY0.cookie
    Filesize

    269B

    MD5

    4204e9eb0c828ae4083b4a4450f851da

    SHA1

    7022b46d0ac05011975fe258f9a85794bc44b2e6

    SHA256

    b5464d0aa1dc400d07ab156a8de2586f2fa3358cb313aa215827bf3f06f2d5cd

    SHA512

    708dc9a5a06ea63cd9c3633ef24f5cd1d46b579a5c3ab38df4fe434aa6e9f62e6877622524bffd9a3cc6fb068b920d5aad1421be5393a9e93906575f379e04f6

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\GWP0P48Y.cookie
    Filesize

    132B

    MD5

    26fe0c6e8a7faa8df19ec7fcf4d2a3d2

    SHA1

    269b25504f26b66b714051f1221b1135bbd0fb5c

    SHA256

    64a80ecd1e6b89580c565e346240606b65fb9ee668fc62aee32833ee654aee65

    SHA512

    1e1ffd644042ad7b072520c9bffc80b730503351fc6063216adac45e9a26f6251ab7d2a9780a03a5bcacde48077197fd7f4169039b45c544ce5208942db0bd22

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    a08991b3b3149042115bebb75a76ccc0

    SHA1

    4f1a11c57b43422713fcb9c7af450a3a547ad11d

    SHA256

    827224a17beecdd911e49e0f09ab9665246f781744d1241545d6aefe2e67c788

    SHA512

    dc3f8319b0a7ab3e3a37447cdd60b3772bbb5e73cd44e9e58c2ad979dcd68f48f675c8a0a2626e9d3af5d4c664a9dcc52b786b69946236d8f89d12371d987fac

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    ac89a852c2aaa3d389b2d2dd312ad367

    SHA1

    8f421dd6493c61dbda6b839e2debb7b50a20c930

    SHA256

    0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

    SHA512

    c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_120148DF360AB0CA4DEE7F56782F4D54
    Filesize

    471B

    MD5

    3823f902540305efc41105899c1e0dc1

    SHA1

    10a927d26e91caab97aba1447adee2208140b021

    SHA256

    4380602945f843080a9bba25095077fbbdc030e226998858e360ce204b80836a

    SHA512

    140a566fccbe042b7461757b41571509dd70619138aec6c3591a29dbddb8c6584f27b6e84d21410ec343d78d3795dcc50b6509374bc7bf6064759acb177250e0

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    53d156364fdbe777f7087c2658cfb361

    SHA1

    f79428f96b27b4928f33cbc8e044e6f135b0c671

    SHA256

    5fa742ca0116f29782820968fc7ed4669623233bc519f7dd22db6a5f37e497a9

    SHA512

    76e2ae8f22c08f400b34655fb8778c33aa6e3fa7d2c7176d364d764b13b03dafd83de677a9b5712a5ede66d04c5e268437a3cc0122769ee569a596025689560b

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    8a86658ced96fceb841b40674236073b

    SHA1

    06d7c54b634a8166960629acc880631ad0544173

    SHA256

    cbe234731d8f957a1f2c4267cd3f7304a861e3f4c1c6af2423add5a0ebb28404

    SHA512

    9e442a06acb86574dcfc91450d5a18a313a25a99e6df487354459235043c430e846464115b277cbc5a9e4e3a94e3c991a818cb65db19598cc161fec3e5dfad1d

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    e27b755f5c310754df180bbc01a8a6db

    SHA1

    9f0d97bbaa2f601e4b4b47480e08dc72f751b2ab

    SHA256

    c0167399b127bd5d89a4453375ad40c42eddec1da581b2fb66a1da8f28054532

    SHA512

    d049b58bd15320705fea169233b544bf3ff953abaae617c3584fb37d06ed44d3a847b0f08809ee231a75a364d0ed63c7b35b819fd3bf671a4b4e15cfc3f41b09

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_120148DF360AB0CA4DEE7F56782F4D54
    Filesize

    406B

    MD5

    af66b2cda7170ded261288964345d1fc

    SHA1

    c2d7a896e8bdb88de6a3f26928d621466850180d

    SHA256

    925daa27d140605ca27fd4211a1d62202424d7f31736e0ef3c2c4016855c57bf

    SHA512

    101cdfc26c7c6c7dbaf6ad82061a1f1c59d6980464202112625d09cd5f29b2ccf5b09fe2b337ee2eacfd7622ad40cffd8b938b3c606690018ce52dfb5c192e5b

    Download Submit

  • memory/4368-35-0x000001A784D60000-0x000001A784D62000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4368-16-0x000001A780B00000-0x000001A780B10000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4368-0-0x000001A780A00000-0x000001A780A10000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4368-394-0x000001A787CB0000-0x000001A787CB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4368-395-0x000001A787CC0000-0x000001A787CC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4540-45-0x0000018C8D740000-0x0000018C8D840000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/4764-105-0x0000028AD6C50000-0x0000028AD6D50000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/5056-331-0x000002F85DF00000-0x000002F85DF20000-memory.dmp

    Filesize

    128KB

    Download

  • memory/5056-414-0x000002F860540000-0x000002F860542000-memory.dmp

    Filesize

    8KB

    Download

  • memory/5056-368-0x000002F85E170000-0x000002F85E172000-memory.dmp

    Filesize

    8KB

    Download

  • memory/5056-215-0x000002F84D140000-0x000002F84D240000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/5056-170-0x000002F85E580000-0x000002F85E5A0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/5056-89-0x000002F84D140000-0x000002F84D240000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/5056-404-0x000002F85F0D0000-0x000002F85F0D2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/5056-406-0x000002F85F0F0000-0x000002F85F0F2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/5056-408-0x000002F85F0A0000-0x000002F85F0A2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/5056-410-0x000002F8600D0000-0x000002F8600D2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/5056-412-0x000002F8600F0000-0x000002F8600F2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/5056-338-0x000002F85F900000-0x000002F85FA00000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/5056-416-0x000002F860560000-0x000002F860562000-memory.dmp

    Filesize

    8KB

    Download

  • memory/5056-422-0x000002F8605C0000-0x000002F8605C2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/5056-420-0x000002F8605A0000-0x000002F8605A2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/5056-418-0x000002F860580000-0x000002F860582000-memory.dmp

    Filesize

    8KB

    Download

  • memory/5056-425-0x000002F85D340000-0x000002F85D350000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5056-424-0x000002F860680000-0x000002F860682000-memory.dmp

    Filesize

    8KB

    Download

  • memory/5056-426-0x000002F8606A0000-0x000002F8606A2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/5056-88-0x000002F84D140000-0x000002F84D240000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/5068-100-0x0000026D15450000-0x0000026D15452000-memory.dmp

    Filesize

    8KB

    Download

  • memory/5068-98-0x0000026D14FE0000-0x0000026D14FE2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/5068-102-0x0000026D049E0000-0x0000026D049E2000-memory.dmp

    Filesize

    8KB

    Download