Overview

overview

10

Static

static

URLScan

urlscan

10

http://pdfdocument-1...

windows10-1703-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    11-10-2022 07:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://pdfdocument-1160a.web.app/#/

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://pdfdocument-1160a.web.app/#/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2424
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2424 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1712
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2200
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:5052
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5052.0.452322384\1234612034" -parentBuildID 20200403170909 -prefsHandle 1528 -prefMapHandle 1508 -prefsLen 1 -prefMapSize 220115 -appdir "C:\Program Files\Mozilla Firefox\browser" - 5052 "\\.\pipe\gecko-crash-server-pipe.5052" 1612 gpu
        3⤵
          PID:4684
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5052.3.1915153691\777504158" -childID 1 -isForBrowser -prefsHandle 2240 -prefMapHandle 2236 -prefsLen 156 -prefMapSize 220115 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 5052 "\\.\pipe\gecko-crash-server-pipe.5052" 2264 tab
          3⤵
            PID:4268
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5052.13.1136470974\1855977285" -childID 2 -isForBrowser -prefsHandle 3292 -prefMapHandle 3248 -prefsLen 6938 -prefMapSize 220115 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 5052 "\\.\pipe\gecko-crash-server-pipe.5052" 3308 tab
            3⤵
              PID:4828

        Network

        MITRE ATT&CK Matrix ATT&CK v6

        Initial Access

        Execution

        Persistence

        Privilege Escalation

        Defense Evasion

        Modify Registry

        1
        T1112

        Credential Access

        Discovery

        Query Registry

        1
        T1012

        System Information Discovery

        1
        T1082

        Lateral Movement

        Collection

        Exfiltration

        Command and Control

        Impact

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          471B

          MD5

          fceed7a5f76725fb398c6a91ff552899

          SHA1

          237aec000ae7c7c35a639664b1ad6c0d842a0749

          SHA256

          2888c66a6908f10474313b2fef31aeeff40cffe1bcbd19b84b29334ff6a71383

          SHA512

          adfba4e72523d38395c13122d6498d9b48d93b2967858f0208549e3830c9b47ee3e98249b98fe585aeeeffe491a6985a98c80a3be581abccf4239bad4d1cdef3

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          404B

          MD5

          fc8f9a4658ed2a521c4b93a1f48da98b

          SHA1

          bbca4496698ee614b8f43dc7323b612a221eb632

          SHA256

          314322062cdc70177b86e482e544af75a219ab3e5acf16626b3035b2d6c00297

          SHA512

          46d83791867e91038f4dbb7626bf608e581ed00ab69ef7b26e377fd75aee49705b982b40b98c6466fa174e077a46a2bc91d2bd9b3e79a6bea1e774d087792559

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\0KGYNYAV.cookie
          Filesize

          615B

          MD5

          5589de4bb46a30d591d8d0666a66b6c8

          SHA1

          104a5b3a812c7d14ee069d62b3731c2875e9b117

          SHA256

          3e1e38782bb1f867beac6a3400d44aadca1a914a7968b8d8402f9cd1db71ee20

          SHA512

          235656d39163944e79adb176a017423bdac311405d5d269ddd5946b378a14a741401a94f28b567656e02d2390a6777814655833c814b7bb1861ce5e7f23eac94

          Download Submit
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\KTGSJLTC.cookie
          Filesize

          615B

          MD5

          335659cf8f58426ffd7c6cf5e4fe472f

          SHA1

          111b90e24ef0b20b8dbcf90816b1bf591d06b1c4

          SHA256

          d4473b6a4e8a9677f60d7f42645aa0a9311e4241fc0889fec0b4920af3f78d1b

          SHA512

          b0677ed73be377e6e5c34f490f71fd9e064c4a18e310326aa2112c92e0d18a80f203ac9c4fd347b820e7676d4c7fc839809b303f1c03686dc63f75e4585a8920

          Download Submit