Analysis

  • max time kernel
    46s
  • max time network
    33s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    17/08/2024, 13:38

General

  • Target

    http://google.com

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "http://google.com"
    1⤵
      PID:4672
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4484
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:1364
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4092
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4932
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:2188
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:1316
    • C:\Windows\System32\DataExchangeHost.exe
      C:\Windows\System32\DataExchangeHost.exe -Embedding
      1⤵
        PID:4304
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Modifies registry class
        PID:2992
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Modifies registry class
        PID:3772

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E49JWOHD\edgecompatviewlist[1].xml

              Filesize

              74KB

              MD5

              d4fc49dc14f63895d997fa4940f24378

              SHA1

              3efb1437a7c5e46034147cbbc8db017c69d02c31

              SHA256

              853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

              SHA512

              cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MR2TYDGV\styles__ltr[1].css

              Filesize

              55KB

              MD5

              4adccf70587477c74e2fcd636e4ec895

              SHA1

              af63034901c98e2d93faa7737f9c8f52e302d88b

              SHA256

              0e04cd9eec042868e190cbdabf2f8f0c7172dcc54ab87eb616eca14258307b4d

              SHA512

              d3f071c0a0aa7f2d3b8e584c67d4a1adf1a9a99595cffc204bf43b99f5b19c4b98cec8b31e65a46c01509fc7af8787bd7839299a683d028e388fdc4ded678cb3

            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MYPAB1N6\recaptcha__en[1].js

              Filesize

              531KB

              MD5

              1d96c92a257d170cba9e96057042088e

              SHA1

              70c323e5d1fc37d0839b3643c0b3825b1fc554f1

              SHA256

              e96a5e1e04ee3d7ffd8118f853ec2c0bcbf73b571cfa1c710238557baf5dd896

              SHA512

              a0fe722f29a7794398b315d9b6bec9e19fc478d54f53a2c14dd0d02e6071d6024d55e62bc7cf8543f2267fb96c352917ef4a2fdc5286f7997c8a5dc97519ee99

            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\CDFCDWR2\www.google[1].xml

              Filesize

              99B

              MD5

              8e61f49b0c9131d454bb093095ccc23f

              SHA1

              c0699b6b5ba21c61bdac8bb9ce516627c096aeab

              SHA256

              c928956cb538e34b8903e0cddf0a619441d8c6ac3aae2a7545e5fa896d29f203

              SHA512

              c5047429814b0e806035eba2dc6ea484a2213e6cb61ec17ffd4f4a93828aa012367b0d1b03782f5ee67892028d878f2429e311a1e414ed7ced465d0559356683

            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\PBGY1W0M\favicon[1].ico

              Filesize

              5KB

              MD5

              f3418a443e7d841097c714d69ec4bcb8

              SHA1

              49263695f6b0cdd72f45cf1b775e660fdc36c606

              SHA256

              6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

              SHA512

              82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

            • memory/2188-105-0x00000200E7650000-0x00000200E7750000-memory.dmp

              Filesize

              1024KB

            • memory/2188-338-0x00000200D60F0000-0x00000200D6100000-memory.dmp

              Filesize

              64KB

            • memory/2188-62-0x00000200E6AD0000-0x00000200E6AD2000-memory.dmp

              Filesize

              8KB

            • memory/2188-60-0x00000200E6A10000-0x00000200E6A12000-memory.dmp

              Filesize

              8KB

            • memory/2188-58-0x00000200E69F0000-0x00000200E69F2000-memory.dmp

              Filesize

              8KB

            • memory/2188-56-0x00000200E69D0000-0x00000200E69D2000-memory.dmp

              Filesize

              8KB

            • memory/2188-54-0x00000200E69B0000-0x00000200E69B2000-memory.dmp

              Filesize

              8KB

            • memory/2188-64-0x00000200E6AF0000-0x00000200E6AF2000-memory.dmp

              Filesize

              8KB

            • memory/2188-337-0x00000200D60F0000-0x00000200D6100000-memory.dmp

              Filesize

              64KB

            • memory/2188-51-0x00000200D6340000-0x00000200D6440000-memory.dmp

              Filesize

              1024KB

            • memory/2188-97-0x00000200E7650000-0x00000200E7750000-memory.dmp

              Filesize

              1024KB

            • memory/2188-344-0x00000200D60F0000-0x00000200D6100000-memory.dmp

              Filesize

              64KB

            • memory/2188-339-0x00000200D60F0000-0x00000200D6100000-memory.dmp

              Filesize

              64KB

            • memory/2188-342-0x00000200D60F0000-0x00000200D6100000-memory.dmp

              Filesize

              64KB

            • memory/2188-128-0x00000200E8000000-0x00000200E8002000-memory.dmp

              Filesize

              8KB

            • memory/2188-209-0x00000200E82B0000-0x00000200E82B2000-memory.dmp

              Filesize

              8KB

            • memory/2188-335-0x00000200D60F0000-0x00000200D6100000-memory.dmp

              Filesize

              64KB

            • memory/2188-341-0x00000200D60F0000-0x00000200D6100000-memory.dmp

              Filesize

              64KB

            • memory/2188-340-0x00000200D60F0000-0x00000200D6100000-memory.dmp

              Filesize

              64KB

            • memory/2188-343-0x00000200D60F0000-0x00000200D6100000-memory.dmp

              Filesize

              64KB

            • memory/2188-345-0x00000200D60F0000-0x00000200D6100000-memory.dmp

              Filesize

              64KB

            • memory/4484-67-0x000001674A410000-0x000001674A411000-memory.dmp

              Filesize

              4KB

            • memory/4484-16-0x0000016743C20000-0x0000016743C30000-memory.dmp

              Filesize

              64KB

            • memory/4484-66-0x000001674A400000-0x000001674A401000-memory.dmp

              Filesize

              4KB

            • memory/4484-35-0x0000016742D70000-0x0000016742D72000-memory.dmp

              Filesize

              8KB

            • memory/4484-0-0x0000016743B20000-0x0000016743B30000-memory.dmp

              Filesize

              64KB

            • memory/4932-43-0x000001C828E00000-0x000001C828F00000-memory.dmp

              Filesize

              1024KB

            • memory/4932-45-0x000001C828E00000-0x000001C828F00000-memory.dmp

              Filesize

              1024KB