Resubmissions

18-06-2024 16:54

240618-verqcasarh 8

18-06-2024 16:46

240618-t99c7swcpn 8

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    18-06-2024 16:54

General

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 26 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://assets.dropbox.com/email/en/receiving-experience/[email protected]"
    1⤵
      PID:1640
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3412
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:1812
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4908
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:508
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4744
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:2728
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2404
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4080
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:4276

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

      Filesize

      4KB

      MD5

      1bfe591a4fe3d91b03cdf26eaacd8f89

      SHA1

      719c37c320f518ac168c86723724891950911cea

      SHA256

      9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

      SHA512

      02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V28C7N3J\edgecompatviewlist[1].xml

      Filesize

      74KB

      MD5

      d4fc49dc14f63895d997fa4940f24378

      SHA1

      3efb1437a7c5e46034147cbbc8db017c69d02c31

      SHA256

      853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

      SHA512

      cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\I9F7WYXN\warmup[2].gif

      Filesize

      43B

      MD5

      325472601571f31e1bf00674c368d335

      SHA1

      2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

      SHA256

      b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

      SHA512

      717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\4J53R2N2\yvUvB8qvQCN6KN5FPuoFbl2pfV8.br[1].js

      Filesize

      4KB

      MD5

      73d1ed8f5202386810b1d677cc9ca4a9

      SHA1

      5e3aa4d7922383439c6209d4b766bb3431b94ba4

      SHA256

      356a46f974bfee0299884a61d599042d897d56e4d61d8850e535b33f72d859ee

      SHA512

      1f6a4c2bddb92ff8adf0f08cb844abdf5c39fadf7f0c0c9252b243e3e1219c9bdd7705679801b19606040ad01086980ec090e6184f922ff833d36cb6164f8915

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\947UGOM7\sbBg2_-q9vonanzDDbX_RXZwJ9Q.br[1].js

      Filesize

      4KB

      MD5

      13f4cca76b58ca91768937fb8878bbd2

      SHA1

      90a85957e86f2a54d8086e897a7f82e6ed43cb89

      SHA256

      0d766719fe5cf222867ee011a2d26bbb964e871d40c16f3524125ebb076ddb91

      SHA512

      6fee9e34a42a2c7e7402b85229f7426828065e3adc16b61dc94a9b4d1342c6c67ad116874d1050b46a3f504695f76eec20416104df66bd107666bcc6b861faba

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\0Q5WFQJA\suggestions[1].en-US

      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ECRD2SXD\favicon[1].ico

      Filesize

      387B

      MD5

      51e2de798b41db26b6a0ec187959d394

      SHA1

      b55b0e80a4a533be00e26d30756cb9b860ad76b1

      SHA256

      78f31552544922d7131fb218dd480a324e6ea9e9fa5e3134f446850b3238b103

      SHA512

      8702cced8c0493b2546ab27b14836ca52c32a6fb6b0786cb22f7ac0d49374f026d233a11fa56b94e3dde31e5d6e9d0599c764b52811adcd5cf322869439278c0

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\FMIISBAH\favicon[1].ico

      Filesize

      758B

      MD5

      84cc977d0eb148166481b01d8418e375

      SHA1

      00e2461bcd67d7ba511db230415000aefbd30d2d

      SHA256

      bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c

      SHA512

      f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

      Filesize

      471B

      MD5

      b6d92cfcbc099f7156ef20e95a7da287

      SHA1

      f9c069f655bbe98434a102f4b55cc4c15e6f130a

      SHA256

      fdcbbaece93aa7c03134c24e24ff67d3670b5ba1274e3136bd1acd6a72e4355d

      SHA512

      08de310e3f6539c26f428c227a854752999df5547cb4bc70fcda0a96090bfbcb2f468b9ab90e42635252bad14c436ceb589c7148e488741a6150be5a53e1666a

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A

      Filesize

      313B

      MD5

      84d197c2d664bb30b4f45fa433b269e3

      SHA1

      b0c15d6a35021a0ac6b90851b1fb01d3b138fdf8

      SHA256

      507fa7efaf788f5e1940e17c59d2d0df264b10d1b334a8b2ed0246a176503bab

      SHA512

      d33fd5011b1d294916b5c3dfb05f754c4b2ffe7af9304eb6509d0a7334a6fd69dcb5946b6884a77b92be3fe8bd0170ad469cbc2643f5f9109ffb6acc0d1aa53e

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

      Filesize

      400B

      MD5

      efc28d66e7d55a59344655ca152ae6bc

      SHA1

      74c60183ed02d4a5c0cffdafd1551d6816014126

      SHA256

      16c01afcf62a59e8b201c9ce298a472ad66bca93e20fa80da7e09b4617ef57fe

      SHA512

      322e0a0e4070c5bd3f82ac2b967024f2f0745cf6a5db20667d618743f70ca6290de15ca50a89928235d23f2fc1d0861507148844fd7f66cd30bc17d735154a84

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A

      Filesize

      404B

      MD5

      a432bdb1fcd87f8a85c7cecc30c100c4

      SHA1

      5b6018ee468fe1cf9640fc0c69dc0e7692a56f3f

      SHA256

      e1a7a3727202552fc8bd5b86d5e9a8066ca0a979815d8eb877fb35b27f3cfb5e

      SHA512

      b6217fab1be405152c707315839a9e21a4cadf4315d69eb744668b7f553a257069c86f42223e4db699cdc7e1c00ab94bd833bad82d0b37532e3d2ae82075294f

    • memory/508-45-0x0000023935200000-0x0000023935300000-memory.dmp

      Filesize

      1024KB

    • memory/2404-212-0x000001D4EEF20000-0x000001D4EEF40000-memory.dmp

      Filesize

      128KB

    • memory/2404-120-0x000001D4CD000000-0x000001D4CD100000-memory.dmp

      Filesize

      1024KB

    • memory/2404-165-0x000001D4DD5F0000-0x000001D4DD610000-memory.dmp

      Filesize

      128KB

    • memory/2404-170-0x000001D4DDE40000-0x000001D4DDE60000-memory.dmp

      Filesize

      128KB

    • memory/2404-208-0x000001D4DE7A0000-0x000001D4DE8A0000-memory.dmp

      Filesize

      1024KB

    • memory/2404-383-0x000001D4DE660000-0x000001D4DE760000-memory.dmp

      Filesize

      1024KB

    • memory/2404-224-0x000001D4EEF00000-0x000001D4EEF20000-memory.dmp

      Filesize

      128KB

    • memory/2404-227-0x000001D4EF300000-0x000001D4EF400000-memory.dmp

      Filesize

      1024KB

    • memory/2404-239-0x000001D4EFA80000-0x000001D4EFAA0000-memory.dmp

      Filesize

      128KB

    • memory/2404-244-0x000001D4EFB40000-0x000001D4EFB60000-memory.dmp

      Filesize

      128KB

    • memory/3412-76-0x000001D9C4910000-0x000001D9C4911000-memory.dmp

      Filesize

      4KB

    • memory/3412-77-0x000001D9C4920000-0x000001D9C4921000-memory.dmp

      Filesize

      4KB

    • memory/3412-17-0x000001D9BE330000-0x000001D9BE340000-memory.dmp

      Filesize

      64KB

    • memory/3412-35-0x000001D9BB6E0000-0x000001D9BB6E2000-memory.dmp

      Filesize

      8KB

    • memory/3412-0-0x000001D9BE220000-0x000001D9BE230000-memory.dmp

      Filesize

      64KB

    • memory/4080-420-0x00000290FDAD0000-0x00000290FDAD2000-memory.dmp

      Filesize

      8KB

    • memory/4080-417-0x00000290ED4D0000-0x00000290ED4D2000-memory.dmp

      Filesize

      8KB

    • memory/4744-59-0x000001EE15FD0000-0x000001EE15FD2000-memory.dmp

      Filesize

      8KB

    • memory/4744-62-0x000001EE264E0000-0x000001EE264E2000-memory.dmp

      Filesize

      8KB

    • memory/4744-64-0x000001EE266A0000-0x000001EE266A2000-memory.dmp

      Filesize

      8KB

    • memory/4744-66-0x000001EE266C0000-0x000001EE266C2000-memory.dmp

      Filesize

      8KB

    • memory/4744-58-0x000001EE16200000-0x000001EE16300000-memory.dmp

      Filesize

      1024KB

    • memory/4744-533-0x000001EE26CD0000-0x000001EE26DD0000-memory.dmp

      Filesize

      1024KB