Overview

overview

6

Static

static

URLScan

urlscan

1

https://cdn.discorda...

windows10-2004-x64

6

Resubmissions

09/01/2023, 22:30

230109-2fbh3sbe4y 1

09/01/2023, 22:28

230109-2dqvzsga88 6

09/01/2023, 22:26

230109-2c1zkabe3y 1

Analysis

  • max time kernel
    68s
  • max time network
    69s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/01/2023, 22:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://cdn.discordapp.com/attachments/1003339720304111729/1062133847103381504/LabyMod2.5.exe

Score
6/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://cdn.discordapp.com/attachments/1003339720304111729/1062133847103381504/LabyMod2.5.exe
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4884
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4884 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1204
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4884 CREDAT:3224584 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      PID:4860
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4884 CREDAT:275462 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      PID:2872
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4884 CREDAT:3159064 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      PID:3932
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 4884 -s 2748
      2⤵
      • Program crash
      PID:384
  • C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -pss -s 420 -p 4884 -ip 4884
    1⤵
      PID:3772
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:1484
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\LabyMod2_5_exe.xdweesf.partial
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3112
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3112 CREDAT:17410 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:3624

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
        Filesize

        1KB

        MD5

        f3921b46901994a2514412af59f68131

        SHA1

        37e402a6cca9e27e77b1776c08c3cfccce2b31f2

        SHA256

        c51437a91bff199779a053c56f7e634fb0c2d5db7902ae8938186a2a7ac4e075

        SHA512

        69f0777adc17bc4ff2168efb454610cf608cf88fe5afdaea856b82dbfbe2cf87531744e86466cda20b193ba7b752670a0367e4879df754207dfc851deb6b3921

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9FF67FB3141440EED32363089565AE60_5524823BD00A413DFC52CF245D9BF052
        Filesize

        278B

        MD5

        6181f9bc766067c5e7e2354b99e57aca

        SHA1

        43124ca28526b9b4194b24a9f954426f2d7df428

        SHA256

        317013c7223090d343e7e91847a6316004192a3fc42f50939345dabd2f6ed26a

        SHA512

        e36e1e0873be78ce93e03504fb9e9720df9d7f566f71fcadfdd69cc4a057efbc8e6e8ea3ee7a6966c84de215042087e773602a77c521eca26f520fa083b7e57a

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
        Filesize

        408B

        MD5

        4e0998b22e67d4af25991caf88fd94cd

        SHA1

        7b1913edfa477114b9da3771430228632606e0c6

        SHA256

        300925eb4e13376607641ba25f09313bb510f122af5362d1abf2a9aa7fca11b1

        SHA512

        77ce97d0543e25486d1df9580376a812cf1c177c87620368a43838357e307f9d1a3d726d75d4e2ec843dd4382e1552dbea8bca9eeaf200d4dc9d5eca03dad9f4

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9FF67FB3141440EED32363089565AE60_5524823BD00A413DFC52CF245D9BF052
        Filesize

        400B

        MD5

        7df0a88972402125e222e413a44f0a3c

        SHA1

        9d1b8e4e7fc1738009f0b319e32015cf4e54f988

        SHA256

        dab44b52b1d53922d292b8c3fae208df0a84a007ec1ca985a82fae16f37abd64

        SHA512

        c074f5795cf4c0afa46451339707c985bb48d87c1c7feb708babbe3fee1bd8016c630bd2e322e6e1f6d12f053c634b3abad564917fb8f0bc1624d39da1ae2dca

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EC029631-906C-11ED-A0EE-62142853BA25}.dat
        Filesize

        5KB

        MD5

        de08079baa665bc7a34adf9089289016

        SHA1

        af48cda157bbac200e07282f444ce78a7e8ab411

        SHA256

        7997f3d9454b9f8c5a9eb2ffd30577d20df71578588e885ce624c4244b855019

        SHA512

        0492b4f47599e65ab28b4165a82a3b29056b6323c8452cfeefdc8e5ec814c39632e7275afcecb582a7c58b130f9e2a2832eb13f9912a15c320dfd77e952ac11c

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EC029633-906C-11ED-A0EE-62142853BA25}.dat
        Filesize

        4KB

        MD5

        2148d61af2827f5b4930cc7a2adc91c4

        SHA1

        2009d04e18a9af57d8df25cdcc1e5c94792d7f97

        SHA256

        919771fc7785ec8567d472bb4a74805517552494f9d7a821f46f3dfea09de44d

        SHA512

        3a729937014a66fab94cc57778941b320448a8adac43ffc331db6e9539e4321fea12bb77e3e6f79b06ce1f0c3f2b68b68ee027d02af5bc7346fe0288098a34a4

        Download Submit