Resubmissions

14/06/2024, 17:38

240614-v7tqeatfpp 4

14/06/2024, 01:00

240614-bc434ssdqr 1

Analysis

  • max time kernel
    316s
  • max time network
    385s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    14/06/2024, 17:38

General

  • Target

    file.html

  • Size

    312KB

  • MD5

    a87e33d67fc56dee7d7a54d15ce63f50

  • SHA1

    04fb18fc09f76586b429b00167f404997ac452a9

  • SHA256

    fa2648c9016db3bcaa9863b134a8936071aa321de7750028c3f19d7a67f9b852

  • SHA512

    3ab6a948f721824f1b03591d658d20ae32ebb5fb0c34a404346c173a0fb21ea316f62f9ff6adf93f1c60f38da900e25a1b9b17e988353c1da76a7a8b2edac2ad

  • SSDEEP

    3072:NiygAkHnjPIQ6KSEX/OH2PaW+LN7DxRLlzglKPVb7k:LgAkHnjPIQBSEGWPCN7jBPVb7k

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "C:\Users\Admin\AppData\Local\Temp\file.html"
    1⤵
      PID:3608
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4568
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:2180
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:780
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4904
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:1500

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!121\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

            Filesize

            4KB

            MD5

            1bfe591a4fe3d91b03cdf26eaacd8f89

            SHA1

            719c37c320f518ac168c86723724891950911cea

            SHA256

            9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

            SHA512

            02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF63B4CE5E40E95A57.TMP

            Filesize

            16KB

            MD5

            17de8be82cc49765390f82b7261e881c

            SHA1

            b9926f11d75cd4f88adf91d4f61cea01c094d7c7

            SHA256

            04539de616b9167daf48a083a1aac618b35356866fb54c0c9defb1418048b12d

            SHA512

            b15d71acfc73af3b159a4d66f5d93ddcecb90425628eae176f0fc548e5f1a92be4ed6b6e923227448609584b651dc930367fad678e4fcfc8caf476d069c1a74c

          • memory/1500-52-0x000001CA68B00000-0x000001CA68C00000-memory.dmp

            Filesize

            1024KB

          • memory/1500-51-0x000001CA68B00000-0x000001CA68C00000-memory.dmp

            Filesize

            1024KB

          • memory/1500-59-0x000001CA790F0000-0x000001CA790F2000-memory.dmp

            Filesize

            8KB

          • memory/1500-57-0x000001CA790D0000-0x000001CA790D2000-memory.dmp

            Filesize

            8KB

          • memory/1500-55-0x000001CA790B0000-0x000001CA790B2000-memory.dmp

            Filesize

            8KB

          • memory/4568-0-0x000001E817E20000-0x000001E817E30000-memory.dmp

            Filesize

            64KB

          • memory/4568-35-0x000001E8152F0000-0x000001E8152F2000-memory.dmp

            Filesize

            8KB

          • memory/4568-16-0x000001E817F20000-0x000001E817F30000-memory.dmp

            Filesize

            64KB

          • memory/4568-134-0x000001E81C5C0000-0x000001E81C5C2000-memory.dmp

            Filesize

            8KB

          • memory/4568-137-0x000001E81C0B0000-0x000001E81C0B1000-memory.dmp

            Filesize

            4KB

          • memory/4568-141-0x000001E8152E0000-0x000001E8152E1000-memory.dmp

            Filesize

            4KB

          • memory/4904-42-0x0000020B65040000-0x0000020B65140000-memory.dmp

            Filesize

            1024KB

          • memory/4904-43-0x0000020B65040000-0x0000020B65140000-memory.dmp

            Filesize

            1024KB