Overview

overview

5

Static

static

URLScan

urlscan

1

https://bit.ly/3JpFX...

windows7_x64

1

https://bit.ly/3JpFX...

windows10-2004_x64

5

Analysis

  • max time kernel
    142s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    21-06-2022 07:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://bit.ly/3JpFXp4

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of FindShellTrayWindow 35 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://bit.ly/3JpFXp4
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1960
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1960 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1792
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:336
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6724f50,0x7fef6724f60,0x7fef6724f70
      2⤵
        PID:392
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1108,16879661440904946803,14127014228618251590,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1112 /prefetch:2
        2⤵
          PID:1612
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1108,16879661440904946803,14127014228618251590,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1244 /prefetch:8
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1740
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1108,16879661440904946803,14127014228618251590,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1744 /prefetch:8
          2⤵
            PID:1648
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1108,16879661440904946803,14127014228618251590,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:1
            2⤵
              PID:2056
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1108,16879661440904946803,14127014228618251590,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2068 /prefetch:1
              2⤵
                PID:2064
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1108,16879661440904946803,14127014228618251590,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
                2⤵
                  PID:2228
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1108,16879661440904946803,14127014228618251590,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3280 /prefetch:2
                  2⤵
                    PID:2308
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1108,16879661440904946803,14127014228618251590,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
                    2⤵
                      PID:2352
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1108,16879661440904946803,14127014228618251590,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3488 /prefetch:8
                      2⤵
                        PID:2412
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1108,16879661440904946803,14127014228618251590,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3600 /prefetch:8
                        2⤵
                          PID:2420
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1108,16879661440904946803,14127014228618251590,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
                          2⤵
                            PID:2576
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1108,16879661440904946803,14127014228618251590,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=536 /prefetch:8
                            2⤵
                              PID:2616
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1108,16879661440904946803,14127014228618251590,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:2684
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1108,16879661440904946803,14127014228618251590,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3584 /prefetch:8
                              2⤵
                                PID:2700
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1108,16879661440904946803,14127014228618251590,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3696 /prefetch:8
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:2692
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1108,16879661440904946803,14127014228618251590,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3104 /prefetch:8
                                2⤵
                                  PID:2804
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1108,16879661440904946803,14127014228618251590,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=108 /prefetch:8
                                  2⤵
                                    PID:2880
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1108,16879661440904946803,14127014228618251590,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
                                    2⤵
                                      PID:2972

                                  Network

                                  MITRE ATT&CK Matrix ATT&CK v6

                                  Initial Access

                                  Execution

                                  Persistence

                                  Privilege Escalation

                                  Defense Evasion

                                  Modify Registry

                                  1
                                  T1112

                                  Credential Access

                                  Discovery

                                  Query Registry

                                  1
                                  T1012

                                  System Information Discovery

                                  1
                                  T1082

                                  Lateral Movement

                                  Collection

                                  Exfiltration

                                  Command and Control

                                  Impact

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
                                    Filesize

                                    1KB

                                    MD5

                                    3b4b9909f269b872f785d1a73ae7fb81

                                    SHA1

                                    8440b51852c9291a504ca0c62581033344ca5e9c

                                    SHA256

                                    213dee86ef094043d70abca4779866aa62c4cbb9e672800060126e63767fba95

                                    SHA512

                                    d1c131fd1e4133f3d49b92cbfa818b848052ab443e4c4144bbe0c193fc8ba6e8e4291e55909a5fe64b8299f81145899219590b5c01484049f4d1d1593c2ed02b

                                    Download Submit
                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
                                    Filesize

                                    60KB

                                    MD5

                                    308336e7f515478969b24c13ded11ede

                                    SHA1

                                    8fb0cf42b77dbbef224a1e5fc38abc2486320775

                                    SHA256

                                    889b832323726a9f10ad03f85562048fdcfe20c9ff6f9d37412cf477b4e92ff9

                                    SHA512

                                    61ad97228cd6c3909ef3ac5e4940199971f293bdd0d5eb7916e60469573a44b6287c0fa1e0b6c1389df35eb6c9a7d2a61fdb318d4a886a3821ef5a9dab3ac24f

                                    Download Submit
                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_8DCA010BCF802765AAFCD3E2E71834AB
                                    Filesize

                                    472B

                                    MD5

                                    b1737dcb600d90a006b82fbcb5118ed6

                                    SHA1

                                    91d10ec9cb1cf10456cc0d99328e000d50a5092f

                                    SHA256

                                    d0448c4324be5909dfaf3e11629f7266eec458c4b2253716c411af54e41bbc2f

                                    SHA512

                                    1cb168220effaf6e5a52de831c26bd1aca6df18f4d7d8521a73b737466584085cdc7fcc328219ff66bc160209da9cceda643364829d7009c215d3a2335f10f18

                                    Download Submit
                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
                                    Filesize

                                    724B

                                    MD5

                                    5a11c6099b9e5808dfb08c5c9570c92f

                                    SHA1

                                    e5dc219641146d1839557973f348037fa589fd18

                                    SHA256

                                    91291a5edc4e10a225d3c23265d236ecc74473d9893be5bd07e202d95b3fb172

                                    SHA512

                                    c2435b6619464a14c65ab116ab83a6e0568bdf7abc5e5a5e19f3deaf56c70a46360965da8b60e1256e9c8656aef9751adb9e762731bb8dbab145f1c8224ac8f9

                                    Download Submit
                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_F0A97D71D13E6B76B92AB131242D3705
                                    Filesize

                                    472B

                                    MD5

                                    ca2d3837e48e543d3fe27337f8618075

                                    SHA1

                                    ea681c6c8cccb53d1a68c6832acfaa66d2a72358

                                    SHA256

                                    6c28b8b048657fe92c7bd17eb70ae6653b2db4fd5f0d6a9dd9a7f31b1ade61a8

                                    SHA512

                                    143db8e0df8c2c1a0630ad7946859c972d5b5268afe12483256799febae09b42ae624032b753f35c3b2a4cfdd5bb119372d8837e1b26f793c34ca6ed5c88afd8

                                    Download Submit
                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_9727017B118BD261ACD7FB12EE290EC4
                                    Filesize

                                    472B

                                    MD5

                                    eb4188b68cdb6fa038c7e1e853a82c3c

                                    SHA1

                                    ba29651ec72ba4d7dec6c8b3e8fc7e7f9ec5f158

                                    SHA256

                                    a9901e0974b41c1647b239fdab3692faaf9c82f104960199cb69e287290b3042

                                    SHA512

                                    bda2af05ff93049cece93a22750649f9d416d5b13260386669c9ce7ade448524b05862e98c6e918e2dc446eba03d54914dbf64809e072e371f5ae7636d17e66e

                                    Download Submit
                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
                                    Filesize

                                    410B

                                    MD5

                                    e60eb79cd2e9d9f566c51d17eab6edea

                                    SHA1

                                    5db1cc63559746382b273ef03569fbe75fe0c64e

                                    SHA256

                                    e1a196ec8f9cbdd4fba6306dbb60a59ce37d107a91173400b62b68434601efec

                                    SHA512

                                    ce57f648c007511b9fd7ea97500450f60a8445e9323caae776b53420efbf3e9b456233db95b86bf397f93716b50741357161daa4a86e3c85eda73a6916dd9fd9

                                    Download Submit
                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                    Filesize

                                    342B

                                    MD5

                                    98f5e52febcffc19b79859579fe5361f

                                    SHA1

                                    57aa3c08c2740810d51bb5183ac90d3ae2625e1d

                                    SHA256

                                    72fcc1c4fa3691f128b102128cac51f83c616e0d2d650d6a1f2dc09224a715ec

                                    SHA512

                                    98bbf9831baab5314f126111e69c4c4f93845869fe8e698c2c5c9d6aa124c75f985426f01e4cc0b14ea9672e5474998495c66aefac9a3f35520d172d79d748be

                                    Download Submit
                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_8DCA010BCF802765AAFCD3E2E71834AB
                                    Filesize

                                    406B

                                    MD5

                                    5e9cdde2fc298083080eb3c7faf1ce8b

                                    SHA1

                                    f10b8678a41b5d6552eb5a5443b996950e06bb4a

                                    SHA256

                                    e31632c0dc4632fe15a7d437b6db07ba1d31bc7efa671e72b8a0cf06c2e00179

                                    SHA512

                                    16b4ba778cff3e7c9caec9a03f38ebd533ff5ff92595ca433edf24fd8002cdf57d83e11eaad89f7bd06107ba04a0966e79761d37dcc854c0ff9601e0f93ed9fa

                                    Download Submit
                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
                                    Filesize

                                    392B

                                    MD5

                                    9055e9ea1a2ff636ab1b7f399a40e88a

                                    SHA1

                                    099a7dd547f9a6cacfd6e5cbfa99612d99a16b96

                                    SHA256

                                    48fb7afd8ed64c2843f1dce9dd11a3b988e359e097e17fa3debed2a538a40b0f

                                    SHA512

                                    e2f9655a2a5eef270e3991edc02cfd5b143b074292fefef8601e74875735ba8a6dda7ab1231ca4d39ad81dfa49df64372d22c248c632e0d87f461b0268624483

                                    Download Submit
                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_F0A97D71D13E6B76B92AB131242D3705
                                    Filesize

                                    406B

                                    MD5

                                    0b4444f6e8e4399f87f1b9759d87ce7d

                                    SHA1

                                    aad67db049cfeaa0c355ed568512641f82255fde

                                    SHA256

                                    df6fc42b5a5a918949e442d574e86311988d7ffeb0fb26c377962e065967e682

                                    SHA512

                                    c4cec4650f93bd6fc1ea29d5110ab1d534e660d7594fe29defb246f5f21014444a7a187705688a8c7edf5ad56ae2d662493133775917e0c9feac20e3194d9c01

                                    Download Submit
                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_9727017B118BD261ACD7FB12EE290EC4
                                    Filesize

                                    402B

                                    MD5

                                    1cc1c66a76ac667036fc47ccdfed000b

                                    SHA1

                                    8e3aec929e1b0ef49d3e57f6cd4aeff1ef42fd1e

                                    SHA256

                                    5fb65fc2208bdc9420b5ffb07abfbd7768f42aa1508c172c6f462da1c5030405

                                    SHA512

                                    aa022e27b26d6f6b442d9c21e12793275b389593ff6df95a9e1c37e274966c149ab3761dcef078ec72763428be2654f74b6e8fe69094f6b3d504f10f41cf7a51

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\k007hrg\imagestore.dat
                                    Filesize

                                    9KB

                                    MD5

                                    d0dfbd81df7c94eb90bba5ab0bdfe199

                                    SHA1

                                    9af4a84d63e1191fcd45144a3413f1395653f775

                                    SHA256

                                    1205221d5a8dd06ef12aa177fde020e2642923bc42c8c449538ad4d19db0d03a

                                    SHA512

                                    85c43a8837654661d3d5f563381b450e36556ce6a37bfe371c3621994df4c04436efba5d782f2855d1bae04f3417714d37fcfa20ad9b6ed2d03449e390f97864

                                    Download Submit
                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\OWCWGLBH.txt
                                    Filesize

                                    603B

                                    MD5

                                    e25b116b326bcf17a11329ecd5b155e3

                                    SHA1

                                    3614239c78458422c97aaf4eb8304e4f0a96f75f

                                    SHA256

                                    e9c291562b1dd2d3e59edc7a9c7747be9f80a11780a586c3fad55d1877f4bcf5

                                    SHA512

                                    387cef623395af9ce8191c3d53581f43975ed826dcd47e48442a765a5ac01f2cc805c63f9f29eb6f4eafe1759a0447c983d94a45e3b03f27a1d557de5ecfb914

                                    Download Submit
                                  • \??\pipe\crashpad_336_LGLMPYFYEJENOMXC
                                    MD5

                                    d41d8cd98f00b204e9800998ecf8427e

                                    SHA1

                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                    SHA256

                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                    SHA512

                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                    Download Submit