Overview

overview

4

Static

static

1

URLScan

urlscan

1

https://download2287...

windows10-1703-x64

4

Analysis

  • max time kernel
    105s
  • max time network
    97s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    25-08-2024 10:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://download2287.mediafire.com/11mjltpf8v2gEOvrDW1IV2UkCe4aPbHVN7Ab8ffsDIbTFo7D-0X3-YwQUv3ucngT93rBgUJExs3E3UY7AgSqGvK09JnaEq8muKwCdyr_feqUdp_svVtimIkfsv704YBrHys7Inz3QhdidEKVEbiYtScm3gBShX4h8pEGM_5Y-oNR/qnhjd1gnvk6a21e/FusionHacks.rar

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://download2287.mediafire.com/11mjltpf8v2gEOvrDW1IV2UkCe4aPbHVN7Ab8ffsDIbTFo7D-0X3-YwQUv3ucngT93rBgUJExs3E3UY7AgSqGvK09JnaEq8muKwCdyr_feqUdp_svVtimIkfsv704YBrHys7Inz3QhdidEKVEbiYtScm3gBShX4h8pEGM_5Y-oNR/qnhjd1gnvk6a21e/FusionHacks.rar"
    1⤵
      PID:4920
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:312
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • NTFS ADS
      PID:4660
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4804
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1940
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:1728
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:5676
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Modifies registry class
        PID:5792
      • C:\Windows\system32\OpenWith.exe
        C:\Windows\system32\OpenWith.exe -Embedding
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:5976
      • C:\Program Files\7-Zip\7zG.exe
        "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap17050:84:7zEvent21022
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:1764

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
        Filesize

        4KB

        MD5

        1bfe591a4fe3d91b03cdf26eaacd8f89

        SHA1

        719c37c320f518ac168c86723724891950911cea

        SHA256

        9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

        SHA512

        02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

        Download Submit

      • C:\Users\Admin\AppData\Local\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml
        Filesize

        74KB

        MD5

        d4fc49dc14f63895d997fa4940f24378

        SHA1

        3efb1437a7c5e46034147cbbc8db017c69d02c31

        SHA256

        853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

        SHA512

        cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1RVUC0YY\gtm[1].js
        Filesize

        265KB

        MD5

        4847310f1d48cac8dbda4d6fdc705049

        SHA1

        1339bc72516d7fa12621df74e28abadf12706c27

        SHA256

        a6a05adbe488c3ca4996c5981a29700b3e08d4bc24262c19a09950312d510a78

        SHA512

        9c8675cb702149622b7952605fc2b0b45227f830c2da32d1c208db45ba476a1b012a58acdb33c11ba9f4c3c6a92112ba55e3f47e77134b765f87c1ff4a558799

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1RVUC0YY\main[1].js
        Filesize

        7KB

        MD5

        c382a6ec2794025193f55e5dd3d1ea03

        SHA1

        8d8f4f091e94e77843238e4170e0d701a327545f

        SHA256

        c24e1b12d751e96fe6d67a14a196324931430a5f57846981d2a3e581db9a2831

        SHA512

        1fac5a8f71faef565cba8fd21232b09499bea5a1bad5826b74954a43cce3b592d59865fcaf1ac767271286417c0b93960434807858df31816faf406747842eaa

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GO8XH180\amplitude-8.5.0-min.gz[1].js
        Filesize

        67KB

        MD5

        c43d9f000a09bd500ed8728606a09de3

        SHA1

        36ad6b0fa2c6bcd116fb642f25789fc2d08a68e6

        SHA256

        2450e5580136f94bda7ccf95e3167b57e15b05b513a430967943a50036fa47a4

        SHA512

        802af189282aff84b1262a54e59463bdb9b07ec6d1dbf20fa26712b3e19a2212f1a31f2a2d4dd620d7d1313ceff43dc4272f51a7a2407296bf6d57c11e38801b

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GO8XH180\js[1].js
        Filesize

        197KB

        MD5

        b901a3e9a7b79c332f3fada81b5a4c41

        SHA1

        62b79d839cda1d3c714188f63398c7b894e04982

        SHA256

        b87422bd52f1a04a912081c76175035ba387960f6dd63de12687a5ff104d9b2c

        SHA512

        066fc38f722fafa5e7453e719a55f45747c80e45ff3c1df631522257f60c07ff2be1844ba0bee9da385e7068f61ecfc4a6f8e3db1e37bfe985136e9945a53241

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GO8XH180\vcd15cbe7772f49c399c6a5babf22c1241717689176015[1].js
        Filesize

        19KB

        MD5

        ec18af6d41f6f278b6aed3bdabffa7bc

        SHA1

        62c9e2cab76b888829f3c5335e91c320b22329ae

        SHA256

        8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

        SHA512

        669b0e9a545057acbdd3b4c8d1d2811eaf4c776f679da1083e591ff38ae7684467abacef5af3d4aabd9fb7c335692dbca0def63ddac2cd28d8e14e95680c3511

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JHMWB6GL\m=el_main_css[1].css
        Filesize

        19KB

        MD5

        ece37b7141d806ee65edeed7e1a7fa4d

        SHA1

        4df420e785778e5e4ea1d3708e83f9177ecaf3f7

        SHA256

        aedbcc46e00deb73efd45fd02fe1d4b5264d2cfbd7dcbcbf1e1411de34237ca6

        SHA512

        c96590c5048ad20337f16a956c94a53f6257743d0ff6658a35a524a0936833382e5614f4f386658193bb7efed727b72290da4903879dcf6b8e012a2c859932c5

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YL63LG3K\analytics[1].js
        Filesize

        51KB

        MD5

        575b5480531da4d14e7453e2016fe0bc

        SHA1

        e5c5f3134fe29e60b591c87ea85951f0aea36ee1

        SHA256

        de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

        SHA512

        174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YL63LG3K\js[1].js
        Filesize

        333KB

        MD5

        b89baf6dd85de1196e36bd83d282799c

        SHA1

        3c677df496ec6ef6e17c61b4307892fd13c83c63

        SHA256

        45f2b793d1f82265ee69255b5ab5f75aac730a6f6a99b9f0c67535ec3837d9d9

        SHA512

        44a785eec28ac0d1901418f068e0edfb958de11e4c230d25832e1d1a8686c588fc6bc54c380482fe51ccf01520ebb1b203cec2ddbcb15967070f9cb7d26d0550

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YL63LG3K\m=el_main[1].js
        Filesize

        208KB

        MD5

        9de274554d9da503847f2b10b78c69ad

        SHA1

        cd0a276258d0896671b452a71a0d2210472949ef

        SHA256

        34ff7b9c2ed8918b0e389a5f7dc71da3cc103b172f96851282dcb2eed3e4c64f

        SHA512

        d6ae4ccf84b0a18ab05782ff7ce9696f40dcd173a32c8566bc1fd6cb255e1762e99fda1bbb6c96025d3b29294280932aed7372d3621459273fa909a496623b91

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\DHPC1AI1\www.mediafire[1].xml
        Filesize

        1KB

        MD5

        ae815040dec6a13572924816879a7852

        SHA1

        06394d5c8a69f0f0044bfa2415323bf89dd5fda9

        SHA256

        9be8dba9d000400ba8e5d2b22edebc7250127c32866ee009bd50266398ba0bdb

        SHA512

        90d1e3c028b478a537f7229e435e9107d5f8fe12e21250efd7a7d6190539dcc4f7170a26cbc53a801d90453730ef964e77441676b930302ffd0d63ebdac47a50

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\DHPC1AI1\www.mediafire[1].xml
        Filesize

        1KB

        MD5

        8898adf9bacc683cc2a1d0e445191ce2

        SHA1

        023e53a82fe9f945fae659ce29c87d5ba8182a5a

        SHA256

        84477600628934b95d91c17e7cd0f7b7264f1c826b292d90f9912201d69b35ea

        SHA512

        7556522a7788fab5fc06d13bbdf0c99677bfe9122dfeb16682333fb72741fcb5076eb60928e7cbe6db87296a1887308f6e82a9341f0957cd271ecff7831eacaa

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\DHPC1AI1\www.mediafire[1].xml
        Filesize

        246B

        MD5

        4179747c4065758892e719e05cc0cb3d

        SHA1

        fb2d5fbdfd28907346500a70ef1b9f75ec1b2643

        SHA256

        61c29626bc4b32d36c9ac72dff842692040b9e81222dfd40ae680360565e0c7c

        SHA512

        caa79530d155550351887e8111fd2803acbb4295c296c9456c99e70e174aff83482f51754283e8253bb564b140bc7157175ebcba71aa368efe00433c00cdd0aa

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\X5O1GKJY\favicon[1].ico
        Filesize

        10KB

        MD5

        a301c91c118c9e041739ad0c85dfe8c5

        SHA1

        039962373b35960ef2bb5fbbe3856c0859306bf7

        SHA256

        cdc78cc8b2994712a041a2a4cb02f488afbab00981771bdd3a8036c2dddf540f

        SHA512

        3a5a2801e0556c96574d8ab5782fc5eab0be2af7003162da819ac99e0737c8876c0db7b42bb7c149c4f4d9cfe61d2878ff1945017708f5f7254071f342a6880a

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\YZX8EJ9G\suggestions[1].en-US
        Filesize

        17KB

        MD5

        5a34cb996293fde2cb7a4ac89587393a

        SHA1

        3c96c993500690d1a77873cd62bc639b3a10653f

        SHA256

        c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

        SHA512

        e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GO8XH180\FusionHacks[1].rar
        Filesize

        890B

        MD5

        01cade7d6b0de8de47014d8605e19e3e

        SHA1

        5f4f25b7ef63215170076615827c2c95a5c35e62

        SHA256

        de5b5e9c274e54f8a364134cc1d6c170437e3fceb4267604d6026f941d64e8d5

        SHA512

        3fe228e7414b32cdd75d67fa14e4796b5fe82adb2c53bad5700dbf6619a1d1094c680a7e70fd78dd99f307c5ce9bf69b1ba5ad51b1b262b3ec41ad047581265e

        Download Submit

      • memory/312-16-0x0000026DCDB20000-0x0000026DCDB30000-memory.dmp

        Filesize

        64KB

        Download

      • memory/312-35-0x0000026DCACE0000-0x0000026DCACE2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/312-0-0x0000026DCDA20000-0x0000026DCDA30000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1728-121-0x000002CD9B520000-0x000002CD9B522000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1728-174-0x000002CD9C200000-0x000002CD9C300000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1728-191-0x000002CD9C700000-0x000002CD9C800000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1728-196-0x000002CD9C4D0000-0x000002CD9C5D0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1728-199-0x000002CD9A450000-0x000002CD9A470000-memory.dmp

        Filesize

        128KB

        Download

      • memory/1728-259-0x000002CD9DA00000-0x000002CD9DB00000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1728-306-0x000002CD9DDF0000-0x000002CD9DE10000-memory.dmp

        Filesize

        128KB

        Download

      • memory/1728-346-0x000002CD887C0000-0x000002CD887D0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1728-347-0x000002CD887C0000-0x000002CD887D0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1728-348-0x000002CD887C0000-0x000002CD887D0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1728-349-0x000002CD887C0000-0x000002CD887D0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1728-350-0x000002CD887C0000-0x000002CD887D0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1728-351-0x000002CD887C0000-0x000002CD887D0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1728-173-0x000002CD9C200000-0x000002CD9C300000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1728-175-0x000002CD9C200000-0x000002CD9C300000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1728-189-0x000002CD9C700000-0x000002CD9C800000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1728-123-0x000002CD9B540000-0x000002CD9B542000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1728-125-0x000002CD9B560000-0x000002CD9B562000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1728-127-0x000002CD9B580000-0x000002CD9B582000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1728-129-0x000002CD9B590000-0x000002CD9B592000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1728-131-0x000002CD9B5B0000-0x000002CD9B5B2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1728-119-0x000002CD9AA40000-0x000002CD9AA42000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1728-117-0x000002CD9AA00000-0x000002CD9AA02000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1728-115-0x000002CD9A9F0000-0x000002CD9A9F2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1728-113-0x000002CD9A910000-0x000002CD9A912000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1728-58-0x000002CD887B0000-0x000002CD887B2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1728-61-0x000002CD887E0000-0x000002CD887E2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1728-63-0x000002CD88900000-0x000002CD88902000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1940-44-0x000001F81F980000-0x000001F81FA80000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1940-45-0x000001F81F980000-0x000001F81FA80000-memory.dmp

        Filesize

        1024KB

        Download