Analysis

  • max time kernel
    330s
  • max time network
    321s
  • platform
    windows10-1703_x64
  • resource
    win10-20240611-en
  • resource tags

    arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
  • submitted
    17/08/2024, 19:43

General

  • Target

    http://google.com

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 7 IoCs
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "http://google.com"
    1⤵
      PID:1456
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3216
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:3928
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1420
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3984
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4876
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1232
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:3180
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      PID:4864
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1436
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:4912
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:1608

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZVQ9VIUB\edgecompatviewlist[1].xml

            Filesize

            74KB

            MD5

            d4fc49dc14f63895d997fa4940f24378

            SHA1

            3efb1437a7c5e46034147cbbc8db017c69d02c31

            SHA256

            853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

            SHA512

            cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\BQ1ZVWQ8\favicon[1].ico

            Filesize

            758B

            MD5

            84cc977d0eb148166481b01d8418e375

            SHA1

            00e2461bcd67d7ba511db230415000aefbd30d2d

            SHA256

            bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c

            SHA512

            f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\FBAMLEG7\suggestions[1].en-US

            Filesize

            17KB

            MD5

            5a34cb996293fde2cb7a4ac89587393a

            SHA1

            3c96c993500690d1a77873cd62bc639b3a10653f

            SHA256

            c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

            SHA512

            e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\S8GSPWFE\favicon[1].ico

            Filesize

            5KB

            MD5

            f3418a443e7d841097c714d69ec4bcb8

            SHA1

            49263695f6b0cdd72f45cf1b775e660fdc36c606

            SHA256

            6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

            SHA512

            82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

          • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\K9QBFVUJ.cookie

            Filesize

            124B

            MD5

            878562103e6fd358166798c29fcbb3a7

            SHA1

            b59183e1f01301da9a9080d398fd13e0193c127e

            SHA256

            0742fa81407eed3b14d8024872e98ba899c3d5f824dba46e74ac985d5718e7aa

            SHA512

            941dedfa6d3bec64364fd20d9336ffa9a56b01f9bed97d2056c9848511d48c13e31d12c1a39d4cb5008b24d825d1174b5a110d17ab1ade10fb789f40c6741467

          • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

            Filesize

            512KB

            MD5

            fc51eb0f6a16c0e2e746d1f7985484e2

            SHA1

            92fb9c11eeac532945ede4f066b58e53597dcfc7

            SHA256

            c132cb6cbb845b7c1e870e845201030ff011cd8cd0541ed36dbe8338c23b5b95

            SHA512

            c6e71bc350a91a0c91b7eaa13cc23bdef240804adf4b6a9a9d55e45669a77de6d40a643abeef5df2f8626431457b2cea0925a57f47ee1e177507a451f86490fe

          • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb

            Filesize

            2.0MB

            MD5

            89b8ff3e0836581ca2dc728362b899aa

            SHA1

            9fec2723397923d1d052aaf30697a9ae6ff627ec

            SHA256

            bffb99e44ad596a75c56c198eb6660749ba0e640f78ba1762b9064ecc20bb33b

            SHA512

            052d19f5effc03ccacef4c60bfce7278bac3820fda42212f3885ea0f45c7534b1a1db124438c3ba02629faa6a713c324cae4ce547c992cf375a17e0e6d55ff59

          • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm

            Filesize

            16KB

            MD5

            4280a6f6b3915ec8d74a6dea60037416

            SHA1

            06e7cf24078a9243206b49b277e4309498670efe

            SHA256

            4d9686ccf717646c35ff0ad30cb106e1bd84a03d1d3378785a5c9dca7a53c49b

            SHA512

            8ea72b826c37547e2112ea8b9b64fe5dc3aa2b56ea302f4709480e3ea28bdf19b9007360db7e122021d0a117a80e30255c8d43e2d4fa7fc047c8543f87928c64

          • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\q4aoi6t\imagestore.dat

            Filesize

            5KB

            MD5

            4e124d6524ce7c9008ae63bc90c20e92

            SHA1

            14f5e910f067944f4e804eec995ae0d8059bee9f

            SHA256

            51b1549efce9f990fc0d7c20b83a22e934a45338b12b91ee7b3e7eb53c780098

            SHA512

            70d0679618c2bc6c201b6116ef9d04b6abfb39dcf5cafbef363ada5674ad601275d375fe6a8fcde5ff47e791d805eede30b13ca387aed7023dc5dc6606c5c8d1

          • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{C0B74C72-B831-4E8E-BFDC-914223951EDA}.dat

            Filesize

            5KB

            MD5

            e1ebabe3217d4ded7d8a7294f48367c4

            SHA1

            15e91f32b396e544080739aa23d0436cf3890521

            SHA256

            9b5e13cb58f63ff143f93a92e502d9f41ce7f87533cf95dbf3dcb346f77b588c

            SHA512

            07cbd48d4a483e77f9a8930b4851ee9be6adadf900ab30f35d96881135aed737d28e298bcbb2e197d5dedf5761da0b19b0153c92f230abc2c846b233a782c501

          • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{2D082DE6-354A-4E07-8F3A-05EAF703D5C1}.dat

            Filesize

            5KB

            MD5

            25e9e73f5d94c2c81bb72c39ee66ff43

            SHA1

            9e772568c527811851b59bc4c9d9a94a85065b0c

            SHA256

            fe48818a6bdb7f2345342b7808b6682bd7e3b48928f2a5e653141c1e49b4b521

            SHA512

            7428145bd6d0ca60b79a165eb575f7f1944b20dc95d532c203d13701586e4e64ce462ef558f168681f6903bc29315d8a92356757c053c3d528a85808ff674627

          • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{339183E2-3E46-4C39-AB24-A0A6541FCFB2}.dat

            Filesize

            6KB

            MD5

            25e9e0524c4b96b9b63c55222edc12fb

            SHA1

            63f3470380a878bea19e3a1a048ea9103ba79f6e

            SHA256

            7a5bb060ea6b28e5161550ebbcf68a7e8222ba7ec88803fdaaf53a54c54909b4

            SHA512

            553bc22d49954c4509eafa96fdf5d287099dd1e622e8b7d10185ca3a5b791d0249b6d450735fec1337dc1eb3f50b21c89dc6204e1e8c25f6c21c956d37dc8832

          • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{57A42BF8-4AEF-48CF-BC39-EF82799116B9}.dat

            Filesize

            4KB

            MD5

            e52b04b2921d7246ccc88680530155a9

            SHA1

            1afd7ce3a99d6543d58572d10da29bc47ee02953

            SHA256

            ad32b5cd9e0c9f680e995e1139f68783c55311291a5f7c574ee97402465bf858

            SHA512

            487d52080aaf95c08879f37dc8ebc3634ebd9391ce7b90313b6593a4c7da946676b38edd46523d52aeca69252ce16fd5640f90f981a53b9e01869d2905924313

          • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{F20188B3-E23F-4BC4-8BA1-4D5C6EB3CE97}.dat

            Filesize

            4KB

            MD5

            b02be778a2d202dd5d077fa156e16104

            SHA1

            dc1e7fd24fd75fe6374278abe9248b9ca2fc099b

            SHA256

            64c6fa61747b589da5238800f6c5eb282ca04b0ed6ee86081573a1e611383c5a

            SHA512

            28bccdfd01f6664338f56b8f1494153f115a0e7af17f1c8442749c50fc32b7ea6c287516df18b6f19e067c76ff1b448f582727ab896daa1515c25fd98715de55

          • memory/3216-35-0x000001F3A2B30000-0x000001F3A2B32000-memory.dmp

            Filesize

            8KB

          • memory/3216-66-0x000001F3AA1E0000-0x000001F3AA1E1000-memory.dmp

            Filesize

            4KB

          • memory/3216-67-0x000001F3AA1F0000-0x000001F3AA1F1000-memory.dmp

            Filesize

            4KB

          • memory/3216-16-0x000001F3A3A20000-0x000001F3A3A30000-memory.dmp

            Filesize

            64KB

          • memory/3216-0-0x000001F3A3920000-0x000001F3A3930000-memory.dmp

            Filesize

            64KB

          • memory/4876-60-0x000001A9432E0000-0x000001A9432E2000-memory.dmp

            Filesize

            8KB

          • memory/4876-80-0x000001A9434E0000-0x000001A943571000-memory.dmp

            Filesize

            580KB

          • memory/4876-62-0x000001A943400000-0x000001A943402000-memory.dmp

            Filesize

            8KB

          • memory/4876-64-0x000001A943420000-0x000001A943422000-memory.dmp

            Filesize

            8KB

          • memory/4876-54-0x000001A9327D0000-0x000001A9327D2000-memory.dmp

            Filesize

            8KB

          • memory/4876-51-0x000001A932E00000-0x000001A932F00000-memory.dmp

            Filesize

            1024KB

          • memory/4876-58-0x000001A9432C0000-0x000001A9432C2000-memory.dmp

            Filesize

            8KB

          • memory/4876-56-0x000001A9327F0000-0x000001A9327F2000-memory.dmp

            Filesize

            8KB