Overview

overview

4

Static

static

1

URLScan

urlscan

1

http://gmail.com

windows10-1703-x64

4

http://gmail.com

windows10-2004-x64

1

http://gmail.com

windows11-21h2-x64

1

Analysis

  • max time kernel
    59s
  • max time network
    62s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    12/07/2024, 23:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://gmail.com

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 9 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "http://gmail.com"
    1⤵
      PID:4684
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:652
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:1496
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4380
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4736
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:524
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:3800
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:1936
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      PID:2312
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4972
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:3592
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:8
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4780

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E49JWOHD\edgecompatviewlist[1].xml
      Filesize

      74KB

      MD5

      d4fc49dc14f63895d997fa4940f24378

      SHA1

      3efb1437a7c5e46034147cbbc8db017c69d02c31

      SHA256

      853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

      SHA512

      cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\NTDX664Y\www.bing[1].xml
      Filesize

      1KB

      MD5

      f98f61a08d7b8f620a013a86b4b8df01

      SHA1

      bd760114b71b2149d18dd3642c170701f4ad14df

      SHA256

      4c35634132b08ec334ebf2f97629a9eec7f9a9acdb73f8112403062ac25d6fb3

      SHA512

      21b3dab31f925f5c3be44cfa63c11dfb39928e23a433be120aa5e8c86ab96d00dcdb5c0e8335e0e152830a23e7808243620a4b6911c7534c4adf4b1bf112f89a

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\372OOBXI.cookie
      Filesize

      130B

      MD5

      44be24b12715c52cbf468197d3872efd

      SHA1

      84ab637800e1cc0e277ef9435576921383898ebf

      SHA256

      e7d0047e44da95501fdae03e409681ade40351fb5666f37ec1143ce8fb216272

      SHA512

      41b3538d60b18b8f08c06a001e2e5d06c64361fef24e667894d529ce75dbfb5275eaa01333ba1e3dce3df02f38f0f82bffe2452ee06a1b2e958b50add9e637df

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JTQ7RNXP.cookie
      Filesize

      279B

      MD5

      0a316e22e6e4c75ff92c5855b014bb95

      SHA1

      e28c74cfcf13707d786763d8f5ddf906b712f1bc

      SHA256

      4423db81739ba1d7a66f16ddd652bef9bc170d0a1db7f167fa888e0754372097

      SHA512

      7b7321f228a287d5e63a6c18d6e7d933bc52daf0b3446d868b88820890fe242c6d2164c57262091e1cd3e343c14fdcee922f4dc2fd3911e92e19b26ad679b793

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JY5MFBGI.cookie
      Filesize

      130B

      MD5

      bedb9556247a6cd2897c6612574838af

      SHA1

      4fa9345ac1831e1b0cdc07ac8c96169a61bcbb75

      SHA256

      51fdba6c78bc6f1c076c8d50c5bcc66ddc7f9bbe2b8f339e8461191106d597b7

      SHA512

      e2a8b58cb5bf65aba4fb5e1402634af18e955eb2dfd036fa251d5535fb71cb1d3a64fd89154d4f89720645729ab3b4790149fa8553375be2d13623148c7453a0

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\O3PHT9ZN.cookie
      Filesize

      130B

      MD5

      dde965d41a280123c4377c8a8c316d6a

      SHA1

      b2eb23649cb63cb707fcc9712993c4bcacdad4b8

      SHA256

      fa3cbac9ecf7a0da8fe78e8b1dfbb8f747653528968b563b91b3e0b18608bb8e

      SHA512

      358dd9bd2f4d11254113325917ac10854b435fe4fd17ff362b6c226cf749383d2ab0fceaa0331d7742472f3d477f2cf54f902fedf9beaf1c44fc96b712b54e77

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\QSJ7XL87.cookie
      Filesize

      245B

      MD5

      be2a7a86c759d4b743eff7b8f089a776

      SHA1

      f0f2a9233a3e7c666d4d5cddac8e405a0f341f08

      SHA256

      d3372730e4d052045588cadb07028bfd41d2a78648c1e04900d33cded894cfe6

      SHA512

      1ec27c51c3855877ce6e67b5d5ea88d20393f4b070c8f3cefa48c5072bdafe01fdab78f64aa31359f890ee07f0bdaec296c6e520ced58c8a0e22a5dcb3cfe93b

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\ZLUT0HEH.cookie
      Filesize

      177B

      MD5

      13950932d61c14df5763078da29112bc

      SHA1

      90f7ff111f59c5c8009714a14a2c2c57d0180c6d

      SHA256

      6b60e8378097e368437b3955792ea0bdd63994fc96dce500c211735368e7189f

      SHA512

      19b38c262faa5c137e021ac327e56b4a60fe6dfb9779632158d78b3c733abd42f357a89d9a1b493e011c580d6ee67f3b52c5c3d2c89d61bc859df5782117e3cc

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
      Filesize

      854B

      MD5

      8d1040b12a663ca4ec7277cfc1ce44f0

      SHA1

      b27fd6bbde79ebdaee158211a71493e21838756b

      SHA256

      3086094d4198a5bbd12938b0d2d5f696c4dfc77e1eae820added346a59aa8727

      SHA512

      610c72970856ef7a316152253f7025ac11635078f1aea7b84641715813792374d2447b1002f1967d62b24073ee291b3e4f3da777b71216a30488a5d7b6103ac1

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
      Filesize

      1KB

      MD5

      32273e69c2f5e226bdcb653646e1402a

      SHA1

      9a2cc4b9c022f7147d4565ad20a63ca50057211a

      SHA256

      01ef9d600783bbe9f2f4f81f17b24ed4a1e3229cd986d127e8496091641f5b05

      SHA512

      fb184c824c38059e14e7e3693f3beaacaaac31342419924721eb601f01ac3f39c004591f197072b77e22a4cfdd8dcca88bfff0e8e65430ad147069cf2b7ebc96

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_0C7AA38882DB8C7B4C60D9CBA65DF7BF
      Filesize

      472B

      MD5

      dcf929468ebbc11634c7f21ccf2a92e9

      SHA1

      2bf19441765a694b01a22a7fe4e7913d505b352c

      SHA256

      613aabf8264ea9e4ea1714cf9aa0fac0a1e4dd6c53833ec59d6045c7421f9131

      SHA512

      0fc9adb23ab68d79cb75a4712e77ba3f4550129057999102b358a5fd7491fb3d5a3d72be0cbd979de98a4c67e36c634afcdbf7f99353ee21f1ce054a8f695d6d

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6DA548C7E5915679F87E910D6581DEF1_B2F0232B69A49EBC0DB65E0F634F6E1B
      Filesize

      471B

      MD5

      92aa17051b0c50cded53bd9996ca32cf

      SHA1

      0515f8499d17587bde23115328b24ad54c3e8c3b

      SHA256

      e8c2fa85b9167be20800b7a3af2a8f8efaf376f2a75d50323886a826045f2c18

      SHA512

      18506c7934fe75b69447c92e25220a0e83750ffb555858f7457899d25a46256b41db74054abee64f7ca90b69740acf2c648142d06ef744dc0eac0b530df34aea

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_9CF789D2963A6275D48E0BC795622D15
      Filesize

      472B

      MD5

      8e1f40349513ff2af803aabd86f815fd

      SHA1

      32cc94a19a0e22a7106bbed6781d6916a731a59b

      SHA256

      7945bdd9e59b2c0b1436980bd461655467e1d6f010841313cc2bd6d1ae42e862

      SHA512

      9707fa6b87bdcb52d086d87bdaf52fabff632fd3e33d2a91db9250317fa3b8df5892adbcdaa4b256e62eca53eb668c017532825182f3ce3e311524bc1f77b237

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
      Filesize

      170B

      MD5

      d5450df5705ca31f27595f77ef3c579e

      SHA1

      e1336f2270c282c6b8f73cf315bfce2daee08ac5

      SHA256

      8bf79cd5a7b0aff221734a4cb1e2fefea3f783f29250abde9183459fcc630410

      SHA512

      c934c67efde4f4c96d113f09524fbcff1a5f42660431b4f62777a9bdccba20bab8fc5a4f64e7cdd51da08ae109b52a69404a9e769ace80c384570520b926e3c3

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
      Filesize

      410B

      MD5

      0f9cafeda3b093d94f09209aa659e85a

      SHA1

      73a3bd88f270876ae8dc909af3c68d10c02a30c1

      SHA256

      1d6525328c5fc6182bf14dd7a01f446739b450b5c5f188bd2a46e07657d23cb4

      SHA512

      cea4a0ae96a6b78fe3fa2b21bae1d8d5354ad11d13a45d37c08b15dd56bc8c6d09c1831e68b0829c90449aa07adbe43bbac24bc77984afb255716c638f212111

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_0C7AA38882DB8C7B4C60D9CBA65DF7BF
      Filesize

      398B

      MD5

      bad153c3ee37ef820732f7433e1a8bf5

      SHA1

      4a3e9bc85909342e93dea6d6dd8d18cfbdf0f959

      SHA256

      fead9a6b1f63980f1c6e2ec110843e7f1d5e5f5a2337a30b009b7b1b75509fee

      SHA512

      300c6749638f2a8f344a7392e1bfe30671f41d8d412a20f18c48381f3601f9cd0824a203ba6fa895838ce4af79bb4090c27ae6ba84d9eee7bc08baf43cee5704

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6DA548C7E5915679F87E910D6581DEF1_B2F0232B69A49EBC0DB65E0F634F6E1B
      Filesize

      402B

      MD5

      3021cd9a2d2e9251497fbf7daa4858d9

      SHA1

      69bc9bd3e7654996ef6d296850ac2c65efd09506

      SHA256

      420e7866325e245366c025371d70ec3caf590a20c058dd36dd2a187e6d1de378

      SHA512

      9d3c0d154c804cf198fa335593f4dc3dea3c62ff56a549cfcdea9514f2355ef0a59fb3063e367a0cee7626386639a7af27155fe11e67c23b3820ec925bf27ed1

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_9CF789D2963A6275D48E0BC795622D15
      Filesize

      402B

      MD5

      8ef2503b10f49085d3c40beecacf17ea

      SHA1

      a8115eee8e29903e6af81f7eedf42c0d0e5ff1f5

      SHA256

      5a5f4fa23c8f13a9a2d5e21069eb9d357912efc3c1060913a36480ee3e5ad7da

      SHA512

      80def6073005d450b3b624d775afd42e96de1aed1e48e43f9df114e05522f8e66d40240c4d92fca6e2e26cc3a0cf3f17132f640e776120c064808ce397e06cd3

      Download Submit

    • memory/524-71-0x000002EDCBE30000-0x000002EDCBE32000-memory.dmp

      Filesize

      8KB

      Download

    • memory/524-74-0x000002EDCBE60000-0x000002EDCBE62000-memory.dmp

      Filesize

      8KB

      Download

    • memory/524-76-0x000002EDCBE80000-0x000002EDCBE82000-memory.dmp

      Filesize

      8KB

      Download

    • memory/652-16-0x0000014601820000-0x0000014601830000-memory.dmp

      Filesize

      64KB

      Download

    • memory/652-386-0x0000014608B00000-0x00000146099C2000-memory.dmp

      Filesize

      14.8MB

      Download

    • memory/652-35-0x0000014605A80000-0x0000014605A82000-memory.dmp

      Filesize

      8KB

      Download

    • memory/652-0-0x0000014601720000-0x0000014601730000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2312-112-0x000001AFD52F0000-0x000001AFD52F2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2312-116-0x000001AFE5BD0000-0x000001AFE5BD2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2312-110-0x000001AFD52D0000-0x000001AFD52D2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2312-107-0x000001AFD5500000-0x000001AFD5600000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2312-105-0x000001AFD5500000-0x000001AFD5600000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/3592-382-0x000001AFB67B0000-0x000001AFB68B0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4736-43-0x000001D468200000-0x000001D468300000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4972-244-0x00000290696C0000-0x00000290696E0000-memory.dmp

      Filesize

      128KB

      Download

    • memory/4972-346-0x0000029069E40000-0x0000029069E60000-memory.dmp

      Filesize

      128KB

      Download

    • memory/4972-211-0x00000290696C0000-0x00000290696E0000-memory.dmp

      Filesize

      128KB

      Download

    • memory/4972-201-0x0000029069300000-0x0000029069320000-memory.dmp

      Filesize

      128KB

      Download

    • memory/4972-163-0x0000029058E00000-0x0000029058F00000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4972-385-0x0000029069E00000-0x0000029069E20000-memory.dmp

      Filesize

      128KB

      Download