Analysis

  • max time kernel
    211s
  • max time network
    225s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    16/08/2024, 16:57

General

  • Target

    https://google.com

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Modifies registry class 64 IoCs
  • Opens file in notepad (likely ransom note) 3 IoCs
  • Suspicious behavior: MapViewOfSection 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://google.com"
    1⤵
      PID:3988
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4948
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:3124
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:656
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2932
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:3500
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:3112
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:4544
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:3488
    • C:\Windows\System32\NOTEPAD.EXE
      "C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\rip.bat
      1⤵
      • Opens file in notepad (likely ransom note)
      PID:2748
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\rip.bat" "
      1⤵
        PID:5792
      • C:\Windows\system32\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\skibidi.txt
        1⤵
        • Opens file in notepad (likely ransom note)
        PID:5964
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\rip.bat" "
        1⤵
          PID:6008
        • C:\Windows\System32\NOTEPAD.EXE
          "C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\rip.bat
          1⤵
          • Opens file in notepad (likely ransom note)
          PID:4848
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\rip.bat" "
          1⤵
            PID:220

          Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                  Filesize

                  4KB

                  MD5

                  1bfe591a4fe3d91b03cdf26eaacd8f89

                  SHA1

                  719c37c320f518ac168c86723724891950911cea

                  SHA256

                  9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

                  SHA512

                  02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

                • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E49JWOHD\edgecompatviewlist[1].xml

                  Filesize

                  74KB

                  MD5

                  d4fc49dc14f63895d997fa4940f24378

                  SHA1

                  3efb1437a7c5e46034147cbbc8db017c69d02c31

                  SHA256

                  853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

                  SHA512

                  cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6D7EGCJB\styles__ltr[1].css

                  Filesize

                  55KB

                  MD5

                  4adccf70587477c74e2fcd636e4ec895

                  SHA1

                  af63034901c98e2d93faa7737f9c8f52e302d88b

                  SHA256

                  0e04cd9eec042868e190cbdabf2f8f0c7172dcc54ab87eb616eca14258307b4d

                  SHA512

                  d3f071c0a0aa7f2d3b8e584c67d4a1adf1a9a99595cffc204bf43b99f5b19c4b98cec8b31e65a46c01509fc7af8787bd7839299a683d028e388fdc4ded678cb3

                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IP9T6A0Z\recaptcha__en[1].js

                  Filesize

                  531KB

                  MD5

                  1d96c92a257d170cba9e96057042088e

                  SHA1

                  70c323e5d1fc37d0839b3643c0b3825b1fc554f1

                  SHA256

                  e96a5e1e04ee3d7ffd8118f853ec2c0bcbf73b571cfa1c710238557baf5dd896

                  SHA512

                  a0fe722f29a7794398b315d9b6bec9e19fc478d54f53a2c14dd0d02e6071d6024d55e62bc7cf8543f2267fb96c352917ef4a2fdc5286f7997c8a5dc97519ee99

                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UY397384\9-EOwXn41UiUHbG6vS6aFgQ_dyloxc5d6b44OXoGoHA[1].js

                  Filesize

                  17KB

                  MD5

                  530f475e18cc9e305ab75ecd80adf385

                  SHA1

                  7d84c24ad14f414c1c8b1e06068ead7916e86998

                  SHA256

                  f7e10ec179f8d548941db1babd2e9a16043f772968c5ce5de9be38397a06a070

                  SHA512

                  c1b4dc8c45ac99589cb270fb8ada07a0fb8583e140c253ab1cefe6e5ad18953f44ceffed2a75ddafd8676d2b4389c49ce2eca1385ecea8386a34bf5113424015

                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\3C2QOS8F\www.google[1].xml

                  Filesize

                  99B

                  MD5

                  a30f00e0b43e517a9cc394c879c3f2e9

                  SHA1

                  13e05631d69c3753327499d213ed1bc373c599cd

                  SHA256

                  4bb531c56bae68d64e91fb603c72bff1fd04a04182832a3fa9dfc444c1516f46

                  SHA512

                  0e549580e2f8213194103276eb53aecc21a98c36e496f926f7d7347fb5464dbc9b204ae2f519a24c52266fc5c761437dc66ed0b56eabae8ee281ecd4eeecbbd6

                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\1LO7OU9X\suggestions[1].en-US

                  Filesize

                  17KB

                  MD5

                  5a34cb996293fde2cb7a4ac89587393a

                  SHA1

                  3c96c993500690d1a77873cd62bc639b3a10653f

                  SHA256

                  c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                  SHA512

                  e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\V30I90SG\favicon[1].ico

                  Filesize

                  5KB

                  MD5

                  f3418a443e7d841097c714d69ec4bcb8

                  SHA1

                  49263695f6b0cdd72f45cf1b775e660fdc36c606

                  SHA256

                  6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

                  SHA512

                  82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

                • C:\Users\Admin\Desktop\rip.bat

                  Filesize

                  41B

                  MD5

                  7320f5a553c045b19ff40d1a6b0ae7ad

                  SHA1

                  875faf9d084180273682a2eaa2893527341742fb

                  SHA256

                  de80f0b4df3480e4b0791eca53a252289a94585eadeb328b831cd98cfc5758f4

                  SHA512

                  ec504ee1b9927d22183ed4556337a98db4e47bd87c2ac157ae59d775f323d8cd0dd78addb6f40013afbbab753dcfda93d69fb971d9dc1162f0af144f831bc55c

                • C:\Users\Admin\Desktop\rip.bat

                  Filesize

                  72B

                  MD5

                  31f16db38d4236c162d68b23251ee35b

                  SHA1

                  faeab6731fa5761974ecc5836a07fe9a2ef4d7aa

                  SHA256

                  61a9bceb4e5a0191b7e9aa576bf906906b782b5c4a5994071764de3f8865c722

                  SHA512

                  5f96b91d6234297e9ea7a3cb27c63548f8ac7fa37b4707469b60d33fce99005642389536da6ff93611a6f4d99ad535606490bf6d73f4034f2119cb47771c2dba

                • C:\Users\Admin\Desktop\skibidi.txt

                  Filesize

                  14B

                  MD5

                  91ee5929da0e1cf5af78ed3ba3a06909

                  SHA1

                  2243eed0608607f2bbc84392827c5c3d5583ca5f

                  SHA256

                  0bbe362532bb7f4b768534afffa670be110ed96b61000bfc7c2b2d908632411b

                  SHA512

                  c6adc1d33861f8b0efbe63deaa490c809dc614247914d3aa4b16376a6a98bae6a88cb4115d43530a2f9637a11f7733d5732b53528edf49f92e126f1fe5e39ca3

                • memory/2932-43-0x0000025A93840000-0x0000025A93940000-memory.dmp

                  Filesize

                  1024KB

                • memory/2932-45-0x0000025A93840000-0x0000025A93940000-memory.dmp

                  Filesize

                  1024KB

                • memory/3500-356-0x000002A3C3D30000-0x000002A3C3D40000-memory.dmp

                  Filesize

                  64KB

                • memory/3500-81-0x000002A3D4BD0000-0x000002A3D4BD2000-memory.dmp

                  Filesize

                  8KB

                • memory/3500-71-0x000002A3D4B30000-0x000002A3D4B32000-memory.dmp

                  Filesize

                  8KB

                • memory/3500-147-0x000002A3D6110000-0x000002A3D6112000-memory.dmp

                  Filesize

                  8KB

                • memory/3500-199-0x000002A3D6350000-0x000002A3D6352000-memory.dmp

                  Filesize

                  8KB

                • memory/3500-355-0x000002A3C3D30000-0x000002A3C3D40000-memory.dmp

                  Filesize

                  64KB

                • memory/3500-354-0x000002A3C3D30000-0x000002A3C3D40000-memory.dmp

                  Filesize

                  64KB

                • memory/3500-77-0x000002A3D4B90000-0x000002A3D4B92000-memory.dmp

                  Filesize

                  8KB

                • memory/3500-358-0x000002A3C3D30000-0x000002A3C3D40000-memory.dmp

                  Filesize

                  64KB

                • memory/3500-359-0x000002A3C3D30000-0x000002A3C3D40000-memory.dmp

                  Filesize

                  64KB

                • memory/3500-360-0x000002A3C3D30000-0x000002A3C3D40000-memory.dmp

                  Filesize

                  64KB

                • memory/3500-362-0x000002A3C3D30000-0x000002A3C3D40000-memory.dmp

                  Filesize

                  64KB

                • memory/3500-364-0x000002A3C3D30000-0x000002A3C3D40000-memory.dmp

                  Filesize

                  64KB

                • memory/3500-367-0x000002A3C3D30000-0x000002A3C3D40000-memory.dmp

                  Filesize

                  64KB

                • memory/3500-366-0x000002A3C3D30000-0x000002A3C3D40000-memory.dmp

                  Filesize

                  64KB

                • memory/3500-365-0x000002A3C3D30000-0x000002A3C3D40000-memory.dmp

                  Filesize

                  64KB

                • memory/3500-363-0x000002A3C3D30000-0x000002A3C3D40000-memory.dmp

                  Filesize

                  64KB

                • memory/3500-361-0x000002A3C3D30000-0x000002A3C3D40000-memory.dmp

                  Filesize

                  64KB

                • memory/3500-357-0x000002A3C3D30000-0x000002A3C3D40000-memory.dmp

                  Filesize

                  64KB

                • memory/3500-75-0x000002A3D4B70000-0x000002A3D4B72000-memory.dmp

                  Filesize

                  8KB

                • memory/3500-79-0x000002A3D4BB0000-0x000002A3D4BB2000-memory.dmp

                  Filesize

                  8KB

                • memory/3500-73-0x000002A3D4B50000-0x000002A3D4B52000-memory.dmp

                  Filesize

                  8KB

                • memory/4948-109-0x000002037CCB0000-0x000002037CCB1000-memory.dmp

                  Filesize

                  4KB

                • memory/4948-0-0x0000020376120000-0x0000020376130000-memory.dmp

                  Filesize

                  64KB

                • memory/4948-110-0x000002037CCC0000-0x000002037CCC1000-memory.dmp

                  Filesize

                  4KB

                • memory/4948-35-0x00000203735A0000-0x00000203735A2000-memory.dmp

                  Filesize

                  8KB

                • memory/4948-16-0x0000020376220000-0x0000020376230000-memory.dmp

                  Filesize

                  64KB