Overview

overview

8

Static

static

8

URLScan

urlscan

http://ps-land.com/#...

windows10_x64

1

Analysis

  • max time kernel
    73s
  • max time network
    72s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    09-11-2021 09:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://ps-land.com/#sales@cs

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 45 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://ps-land.com/#sales@cs
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2488
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2488 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1020
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1416
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3708
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3708.0.1639488334\296686981" -parentBuildID 20200403170909 -prefsHandle 1508 -prefMapHandle 848 -prefsLen 1 -prefMapSize 219631 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3708 "\\.\pipe\gecko-crash-server-pipe.3708" 1616 gpu
        3⤵
          PID:2336
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3708.3.1899774558\2008086151" -childID 1 -isForBrowser -prefsHandle 2272 -prefMapHandle 2268 -prefsLen 122 -prefMapSize 219631 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3708 "\\.\pipe\gecko-crash-server-pipe.3708" 2280 tab
          3⤵
            PID:1108
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3708.13.1693255135\1818089260" -childID 2 -isForBrowser -prefsHandle 3404 -prefMapHandle 3400 -prefsLen 6979 -prefMapSize 219631 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3708 "\\.\pipe\gecko-crash-server-pipe.3708" 3388 tab
            3⤵
              PID:3128
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3708.20.2142809780\724010520" -childID 3 -isForBrowser -prefsHandle 4164 -prefMapHandle 4160 -prefsLen 7750 -prefMapSize 219631 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3708 "\\.\pipe\gecko-crash-server-pipe.3708" 4228 tab
              3⤵
                PID:1792

          Network

          MITRE ATT&CK Matrix ATT&CK v6

          Initial Access

          Execution

          Persistence

          Privilege Escalation

          Defense Evasion

          Modify Registry

          1
          T1112

          Credential Access

          Discovery

          Query Registry

          1
          T1012

          System Information Discovery

          1
          T1082

          Lateral Movement

          Collection

          Exfiltration

          Command and Control

          Impact

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
            MD5

            d633bf57f34a752065c6fdd8dbdc3c5a

            SHA1

            bfb545f43eaa28e69eef2c32c660cdf00455c996

            SHA256

            a2ea371aa04230abe844fec44d8aadd66682f66dadd5b96a96a5072c2f4446c4

            SHA512

            93306b566a3215a66d441d280f8131269618894b393c552f3695616891b1e34d5b67a4d09167779fa4df41811a3e84b8ccf17d25f1b666c4ecea55f7a8a9a1ed

            Download Submit
          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
            MD5

            1b1edcd28dde800df2ab875c51e20d12

            SHA1

            c556fbc6a0b473e71a45f13dafcbfb54d998c131

            SHA256

            e7a809aa38b62e43ec35f1b4b8c0bff6ce80f006d870281a5517b5a2ddf954a1

            SHA512

            9b3aa76abef0f6936a6ee5bf62f4eb71c28baa44e29e616c3327727dc411bf718848912f69e97ea1036385afa91f4f5805f372b311a36a3aab90fae6e5dcc106

            Download Submit
          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\YOG43OUX.cookie
            MD5

            f98f4077b62ed47ea6b1d942123a0aa0

            SHA1

            c12c7e9431fdd0c632a9350ff98ba3904aa33d04

            SHA256

            4d555fad79308df2cb83e54f8b05b134ecc11066c610e4ad7019f8536b4eaf56

            SHA512

            dfc84e1827ee0a31e3003f321096ab1d567079d3b649ad6c9390416c72f4a2be437298a4e76a0b28e0699f3c16156e4784dec4e5227230124ce4c33545b1d483

            Download Submit
          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\ZF2LXK7Q.cookie
            MD5

            971629a523ca1d8bfd5ec287356a64c6

            SHA1

            1e5c134152b2f052d1fb14f13fb74ed6d745dcb4

            SHA256

            2a7783df8b49c38125c024295afd89b3d72708ecfe5a13b5460afa1da9e6f7f1

            SHA512

            cea2fd40d9d12196edc971274a20f1162799499695ff2b85a626939ca148db2c89ac944382fa2d3a162a8bf9e15649ddbecc46076512b9290307f74c3e54d832

            Download Submit
          • memory/1020-141-0x0000000000000000-mapping.dmp
            Download
          • memory/2488-143-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-150-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-124-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-125-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-126-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-128-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-129-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-130-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-132-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-133-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-134-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-136-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-137-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-138-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-139-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-122-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-142-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-116-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-145-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-146-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-148-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-123-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-151-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-152-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-156-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-157-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-158-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-164-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-165-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-166-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-167-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-168-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-169-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-170-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-174-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-175-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-178-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-121-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-120-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-118-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/2488-117-0x00007FF849BF0000-0x00007FF849C5B000-memory.dmp
            Filesize

            428KB

            Download