Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://google.com

windows10-1703-x64

4

https://google.com

windows10-2004-x64

6

https://google.com

windows11-21h2-x64

6

https://google.com

macos-10.15-amd64

4

https://google.com

macos-10.15-amd64

4

https://google.com

ubuntu-24.04-amd64

1

Resubmissions

20-06-2024 15:51

240620-tasleazcqn 4

20-06-2024 14:55

240620-saw36atbkh 6

Analysis

  • max time kernel
    1799s
  • max time network
    1600s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    20-06-2024 14:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://google.com

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 30 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://google.com"
    1⤵
      PID:908
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1168
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:3720
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4444
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:5016
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:3324
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:1828
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:2312
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:2904
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:1052
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:1684
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1852

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
      Filesize

      4KB

      MD5

      1bfe591a4fe3d91b03cdf26eaacd8f89

      SHA1

      719c37c320f518ac168c86723724891950911cea

      SHA256

      9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

      SHA512

      02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VSH5XF98\edgecompatviewlist[1].xml
      Filesize

      74KB

      MD5

      d4fc49dc14f63895d997fa4940f24378

      SHA1

      3efb1437a7c5e46034147cbbc8db017c69d02c31

      SHA256

      853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

      SHA512

      cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\CZX2P3SR\www.bing[1].xml
      Filesize

      1KB

      MD5

      52dea50bee8a28a8d48b8ce333a97d8e

      SHA1

      fc0340ce777d9963ba54fb16435f3863307b435b

      SHA256

      a2042df3d7d4c796d8305b96e59b2eff1f5a2b5ac2cc60857a5e9d182b1747c5

      SHA512

      7629f0b4db50363065d5d210625cee8e4ed9575ea8083f8a59cf65e29008c5718ef2d070c2d0090eb88302253d48933e3e31e3b9ea1e41545d0df88324d4f0de

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\2H341UP6\favicon[1].ico
      Filesize

      5KB

      MD5

      f3418a443e7d841097c714d69ec4bcb8

      SHA1

      49263695f6b0cdd72f45cf1b775e660fdc36c606

      SHA256

      6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

      SHA512

      82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\2H341UP6\favicon[2].ico
      Filesize

      758B

      MD5

      84cc977d0eb148166481b01d8418e375

      SHA1

      00e2461bcd67d7ba511db230415000aefbd30d2d

      SHA256

      bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c

      SHA512

      f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\B802MY8S\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
      Filesize

      1KB

      MD5

      b45d7f0b14e84ac44e5f2e4f1d32f544

      SHA1

      c5ad3ca154b9e4d68f3e7c422291d70b91b6cd34

      SHA256

      2df811d8852c7bb1439cc3da532078fd8ec7ab29abe09e2e6317d600ec0c17ad

      SHA512

      62c83f3c1c015f74f2e7084ba520dc6222d6ae4a1d156c3969515575b997cf40dbc70024b4b9ec921e9f8cabb931f3de5e8a091c4dc365731591583fca963230

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_65F72881313B5F8FFC737C28E760643D
      Filesize

      471B

      MD5

      f0fe15c2822e1ab84090a1cc94b1e4ff

      SHA1

      ce64f08014ac85c78cc6a486a63d6feb9c9fe4c7

      SHA256

      8fd6ec9710ad4949a961e914302fbc3fba832e582e6a712dd03438846826ee59

      SHA512

      750de27e5966252758b070c417cd082fc6f15750b69f872a893edaf2cc15da7b587cb3a444d5f37153e3610f388260101092ed812282112fb5c09da2ffa74887

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
      Filesize

      724B

      MD5

      ac89a852c2aaa3d389b2d2dd312ad367

      SHA1

      8f421dd6493c61dbda6b839e2debb7b50a20c930

      SHA256

      0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

      SHA512

      c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_84540F9BF71D6B4D20B65546862F96D5
      Filesize

      472B

      MD5

      3a66c41212f8dac9b8f4169934a69c3f

      SHA1

      8f2f4489ee9f55c66b3040c7e7795e4453d0cfbe

      SHA256

      d68733c4b41e0bea3a2a59b820856472a5ed410d8887dc268ede04b6c694b801

      SHA512

      648237fd8be0c8ffcb269afb06447519df15a29636a56995d3c4213b4eb3c2f2c1353107cc2a857a33fb04a564d16cd8e450c45aa38a9f08c54bd391f37ec775

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_C1A79D1FE71F363FF5592ADC5810C56A
      Filesize

      472B

      MD5

      926b73fd15fe6bbe5c32ff53d0239bca

      SHA1

      05836353da1fc4ddf8dcbd66e3612704f867d314

      SHA256

      ceec30466be56e86b7d7e9dad38bd495c80426e4611b8cc2798a0f675c0ffe19

      SHA512

      4199738df2a456b6e419f61c431fc1413c542e39d11e7f960863fe88b6382a0052b48f0cf995e46b06b09a7a301ed7567986a2753b2411b085f4631d3e84320f

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
      Filesize

      410B

      MD5

      07d6ee57f56b286c4f4e533f4ea0d6ed

      SHA1

      6b51d2999f34623cea61f368dc8c63d6e680dfb4

      SHA256

      12c13b174133575a2cd8d720b913feefebcc9f0ec2315fd8f26daf7a6c503dd7

      SHA512

      08732aa6517486c637b7541dd0bd0e374d19e3eaeb483bf24333e277101469e10677a940bdd9e05d281008b8b933bcffe242b21ca9f01160ccf98a39b6c23870

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_65F72881313B5F8FFC737C28E760643D
      Filesize

      406B

      MD5

      c5b5bfc0cbd6f467c059fdda2563ecc0

      SHA1

      d7a56cc22181f24fca747a3152c9cf6a821764de

      SHA256

      3624542c754b0b5b0eee566deb9d4ceb0c7d691b8b2895f5f542f8e42b81b184

      SHA512

      70bd4415d135fc89b5b0a28760e4f777bf9eadc74b0665dc2654bf1a59ef74f7a2e3330b1bb53b0f5e04b6e8ebf61d2de65d3495cd2945fd11ae27191aca4b23

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
      Filesize

      392B

      MD5

      c7dd2a24d5a85f8c5e2f982697f54c0a

      SHA1

      4f8d79829bfc5bc1e0f2fce8b2c6752c5c7c6914

      SHA256

      2126df1668d98930d90e4f82035ddec35b49d86e3fa0899663d533f6ce444b65

      SHA512

      36d45b4e91be56d9ddb799f053c223231b9ae9852cbbc765eb00a13dc4abbfd50993f3fe9e569dda1e418ef0071f770297493439e1e2e2d72bd69b2ceb7e329e

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_84540F9BF71D6B4D20B65546862F96D5
      Filesize

      406B

      MD5

      1da39ce0e7fc8a2d04915edaeba7ee5d

      SHA1

      b950e2fd076d5399374906a08032be6edf42a6ae

      SHA256

      43ba2d076bd567445c41aedd70d3613e1b4ed9b6ccbbe3cd388c23425464278c

      SHA512

      b3fbda3be2a531ca44c9ded258955f1bd56618ab96abf8945bfbfebe4d2e3c0f6758e7314c4ba375f051aad80baaf1596f415d4053fa9ba2a4d3fb64a55e5814

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_C1A79D1FE71F363FF5592ADC5810C56A
      Filesize

      402B

      MD5

      32c11c011b6dc0dc73dc322b715d6eee

      SHA1

      98536d7edd7417118f13d536374838e10577afa8

      SHA256

      d6e84d014dcadf2f85db5bf90884de724aa5b1e4107e5f0c6cc6d4353f7a2036

      SHA512

      bc3b36968cbfbad827e9373a2b6dddd776e4db4c3a0ca309d33a10a660cc8d57d09ca8a2279c6577ee00adf2b6bff6b72ae42b320fb98329c10a0c7e98b30cb7

      Download Submit

    • memory/1168-16-0x000001DBDFC20000-0x000001DBDFC30000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1168-35-0x000001DBDCF70000-0x000001DBDCF72000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1168-0-0x000001DBDFB20000-0x000001DBDFB30000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1168-154-0x000001DBE6960000-0x000001DBE6961000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1168-155-0x000001DBE6970000-0x000001DBE6971000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3324-76-0x0000024CAA1B0000-0x0000024CAA1B2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/3324-140-0x0000024CBB6B0000-0x0000024CBB6B2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/3324-95-0x0000024CBB200000-0x0000024CBB202000-memory.dmp

      Filesize

      8KB

      Download

    • memory/3324-97-0x0000024CBB210000-0x0000024CBB212000-memory.dmp

      Filesize

      8KB

      Download

    • memory/3324-223-0x0000024CA9AE0000-0x0000024CA9AE2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/3324-225-0x0000024CA9B10000-0x0000024CA9B12000-memory.dmp

      Filesize

      8KB

      Download

    • memory/3324-99-0x0000024CBB2F0000-0x0000024CBB2F2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/3324-101-0x0000024CBB510000-0x0000024CBB512000-memory.dmp

      Filesize

      8KB

      Download

    • memory/3324-103-0x0000024CBB550000-0x0000024CBB552000-memory.dmp

      Filesize

      8KB

      Download

    • memory/3324-93-0x0000024CBAFE0000-0x0000024CBAFE2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/3324-88-0x0000024CBB7C0000-0x0000024CBB7E0000-memory.dmp

      Filesize

      128KB

      Download

    • memory/3324-74-0x0000024CAA190000-0x0000024CAA192000-memory.dmp

      Filesize

      8KB

      Download

    • memory/3324-78-0x0000024CAA1D0000-0x0000024CAA1D2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/3324-73-0x0000024CBA800000-0x0000024CBA900000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/3324-72-0x00000244A82E0000-0x00000244A83E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/5016-42-0x0000029D23A80000-0x0000029D23B80000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/5016-43-0x0000029D23A80000-0x0000029D23B80000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/5016-44-0x0000029D23A80000-0x0000029D23B80000-memory.dmp

      Filesize

      1024KB

      Download