Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://www.mediafir...

windows7-x64

1

https://www.mediafir...

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-02-2023 17:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.mediafire.com/file/vna6wio4h9fqdaf/Poly_Bridge_v1.0.5..rar/file

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 25 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://www.mediafire.com/file/vna6wio4h9fqdaf/Poly_Bridge_v1.0.5..rar/file
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4656
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4656 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1076
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4656 CREDAT:82954 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3964
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3488

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
    Filesize

    1KB

    MD5

    20b5aa34e9119ec51cb0601caf0e11da

    SHA1

    4734e8c52f486e9e9258a7ca5cb11a8a275b4367

    SHA256

    afacf7b892b52baab57ad6882a1a728316bc3acd5058cc3df09a24a4667d5bd9

    SHA512

    4297047787ebd075a2b6a2455b7b010a9cd93a7c7e6632e5192fd278b88eec4d623ca168dc63b8f0e98439358beba035e5df82046a30bd4dc191fdf4960c3b72

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
    Filesize

    1KB

    MD5

    0c2452fc452b9d1608bc11bf089072ef

    SHA1

    3816e07503f61e3830a9f5286534207d847bb611

    SHA256

    e624270a984110f29ef769871bfe79a8df94bbf9afc39f3790d608af0a4ee0ae

    SHA512

    469cce6d9691e802d9e0e1632c2693f64e3634b349b2cd0c0f9d85495457cbdd1b62b40f4bc7caf86d39605a40d901c4b3c2d77653a3d8a75f29aa834eebb27d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    ccb3ea965204795878736144d1a57796

    SHA1

    c74c7a85503f1a1ba0c1876cdeec774aabb3910b

    SHA256

    09912639ea660c3f744c3d70ee54d0a43b591074ee0bb150e5447fd20f8a4f93

    SHA512

    16916d8458a84465e7dd6e4af1b24adcbbd3ce830766313f6963fdf7e6ed0c66b76b04636e91b68110e23604833658cc040563d46eda2bca3309fd233cbb1ac5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9FF67FB3141440EED32363089565AE60_77FE5B1B98DE1F92B66BDFC03D21B4E7
    Filesize

    280B

    MD5

    95fd67edb4e80734436a5909e2557d7e

    SHA1

    791736907a0da428207f4b9a1a055154934de622

    SHA256

    fd0a8179902ca5dd8e0fbee1c8e4992fc87d9412a6d077750a068233cf0ea6e7

    SHA512

    52832df54d74e41dbe113cc04036a1b68e86b365ad6eaf5d6efa2ced9b199535dff6eed1afea2ed7c2fdb7cad309ad18f3624a736dc6fb87c963c5ce20020cea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
    Filesize

    446B

    MD5

    5474b3f460e100e1969c83aad4e9dc98

    SHA1

    9816f155e20cd1b4052fb3d40f1ef4fb423a3e9d

    SHA256

    028456243b911608f1b2c29eb62d5c2cabd40874c98d09abf08251c10ba2b0d0

    SHA512

    da39dd19dcaea3458b84c94d748aab29ea79d653ca27e8fb74d891d11f16facc83ec8214038788314d1f8996820e46cf039adb47cd9ca5c61d2a7ce6102c51b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
    Filesize

    408B

    MD5

    92659a200f298ab6235bb3179057597e

    SHA1

    96d6e9a9998f08d3a47702987d1f8db541ed44da

    SHA256

    198f35f43110f1d13b25015de570a5751791cb45a5c2699779c333c978c91049

    SHA512

    bcc1b7acf5286ad9b163e280fe462b9634ad8f259f4acac0b7ac43810bf8308ea9e144b662dfc200c633d3ffecce5ed87c71294378fcd5d41ce7d355f9b9dc41

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    434B

    MD5

    69fa41117a9402a8c7957af259644c23

    SHA1

    b361d5c44edc30cb583d38e57e32d18a9caa6185

    SHA256

    b3ff9cd84785e6da40baa969d887c789fb68d75f2f16aca0b6a0f5bb759e4a36

    SHA512

    92c2b2d94ffd99ed7a03e7a932550cb3623ceab60be9dbfd9557861182c2bd117f7338fa3a17d9be276ea275e457d9aed5387faa666679666cf81a08debc5104

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9FF67FB3141440EED32363089565AE60_77FE5B1B98DE1F92B66BDFC03D21B4E7
    Filesize

    426B

    MD5

    dd1f16501edfd199134ca8bb52d7c031

    SHA1

    8d95eefa8e022b30d80fcfda4c413d67c6b5ee82

    SHA256

    d502aad1d029372548cebb8e92c4411b79760fb48c9220ba7ec719484d193681

    SHA512

    bf57ae06ae23c905435b65241fe67d85a4b6c8f3b31d4d49104b1cd8523367ebc617e272622882daa27ee9f02d4d67018e2102a72773c24d92e693a9209ff40c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dqptnfu\imagestore.dat
    Filesize

    34KB

    MD5

    b0986a6cd4151a06337c1089cf844a67

    SHA1

    f7718cc29bd7a50a782615c96ee60d84a1e5c6d0

    SHA256

    8b5de73493355423d2ba50e0bb55f6da7427bad8844b0a4f396fd44a4869920d

    SHA512

    4b53cbc0b82ef0dd887f76580a029e7954b0756fcbf1e0131009b82cd30c6818547e79072a3ec5bc61d10a3bd7bfd7f55b5308114b34e100cd0f60f7cfdc95c0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dqptnfu\imagestore.dat
    Filesize

    38KB

    MD5

    06a59eb5f35522292f0581f21a3d516c

    SHA1

    d59c3ede3315f896a66499b64dd10287a3fbe871

    SHA256

    cc9597a9d7d782167ca3c09ebacc1df0be194d5e130af533c13dffbf6315482b

    SHA512

    afdde0df0a952a77049ba021d4942e4bb96603604f82efb7e8257ee6ea4d8e98de67f90c294690963a761015637b22d3ed9a9414acea3501502e913a7e24774f

    Download Submit

  • C:\Users\Admin\Downloads\Poly Bridge v1.0.5..rar.486v24n.partial
    Filesize

    123.7MB

    MD5

    6d43b6b46b552498245676e89c10def6

    SHA1

    6764da8ca84189db36b55a9d08943d522f8674d8

    SHA256

    c03c0c820f18b7ec1c41b219f5ceaf178dc0b55b2c0e820caceac46e4208293d

    SHA512

    9f7acb0a9ce6a8db6e60370ad98588bd1fc1234af1dafe3e9a7f8b19172af8aee0541dd2bd07412696bdbb93a4d8c2564c3cfb32a13062bcded164f3d6c60aba

    Download Submit