Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://gugug.com

windows10-2004-x64

1

Analysis

  • max time kernel
    1663s
  • max time network
    1611s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-02-2023 20:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://gugug.com

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://gugug.com
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1368
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1368 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3052
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3780
    • C:\Users\Admin\Downloads\Start Survey\Start Survey.exe
      "C:\Users\Admin\Downloads\Start Survey\Start Survey.exe"
      1⤵
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:448
      • C:\Users\Admin\Downloads\Start Survey\UnityCrashHandler64.exe
        "C:\Users\Admin\Downloads\Start Survey\UnityCrashHandler64.exe" --attach 448 3032425500672
        2⤵
          PID:1944
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x524 0x3e8
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1264

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
        Filesize

        1KB

        MD5

        20b5aa34e9119ec51cb0601caf0e11da

        SHA1

        4734e8c52f486e9e9258a7ca5cb11a8a275b4367

        SHA256

        afacf7b892b52baab57ad6882a1a728316bc3acd5058cc3df09a24a4667d5bd9

        SHA512

        4297047787ebd075a2b6a2455b7b010a9cd93a7c7e6632e5192fd278b88eec4d623ca168dc63b8f0e98439358beba035e5df82046a30bd4dc191fdf4960c3b72

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        471B

        MD5

        ccb3ea965204795878736144d1a57796

        SHA1

        c74c7a85503f1a1ba0c1876cdeec774aabb3910b

        SHA256

        09912639ea660c3f744c3d70ee54d0a43b591074ee0bb150e5447fd20f8a4f93

        SHA512

        16916d8458a84465e7dd6e4af1b24adcbbd3ce830766313f6963fdf7e6ed0c66b76b04636e91b68110e23604833658cc040563d46eda2bca3309fd233cbb1ac5

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
        Filesize

        416B

        MD5

        5eede41c856e98acadfdf93a980dcb43

        SHA1

        c2ff7bfd8916a35fd8e44ee19be6444953a9bdce

        SHA256

        d0173f0e56f56c0c2394fcdeb8ddb1045c5719eccac2b1b177a687fe3ddb80b2

        SHA512

        ab79e6a721772232abcd7b567bd96f673d0dd38f2375a14bf320d801ab498ecb08214c7a6606acd388034f57a8d0bf1e6cb5c82626556809a99b17c2f33a5c57

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        434B

        MD5

        849f70ce854fbb398cff8e8277271487

        SHA1

        2e8366e63a037559af01871157b144ac5262f7bb

        SHA256

        4993278a53846c9b5434f49c59692d045119ac7a83cdeff5cce97fadb8f69d0b

        SHA512

        9e64f410af42b95f6df28008b13732860b8bd425635b2a4a5d67ca018b0340533ad99898c05026cec22c03e8f301703d74ea3e6b8879ea7459c3e8e5e4d4437e

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml
        Filesize

        15KB

        MD5

        1a545d0052b581fbb2ab4c52133846bc

        SHA1

        62f3266a9b9925cd6d98658b92adec673cbe3dd3

        SHA256

        557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

        SHA512

        bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ru1r3yf\imagestore.dat
        Filesize

        438B

        MD5

        a4e98fccea971137ae43851a288f997f

        SHA1

        451db76e78c414369ef290a808258a6062918440

        SHA256

        da8c272a1d520c4ad8dbfc61b14f4dd7856747ef122ee86b14bdeca227e59401

        SHA512

        0447458eb11b661a2f0f2ae6304e1ed49e2a9b50b9241e6990010d0e2c1ca56fda448a14c3fd49442a2c4a44bf40f13427af37d1e62df0264d157bcdd8a2c30b

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ru1r3yf\imagestore.dat
        Filesize

        5KB

        MD5

        7cfa4f873dd689bd29563329f535c7b1

        SHA1

        ee739466c57bda5ef8300b639c14c2b2efb3257f

        SHA256

        890198fd0c579e7cc950d02a7435a6cf01fbc48b604194449a44d9a8a2c7b7be

        SHA512

        c76cb894e9317893b95fccc9a2b7b23c2a2de6a894f8a0c588918b58e2f04b3cb87a8c6c8941d8ff1e2d25e65f70dfa6994ae67921097b429469c6b0e3c0712b

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ru1r3yf\imagestore.dat
        Filesize

        8KB

        MD5

        a318f02a7a470e28c4864de183f7d4b9

        SHA1

        6314b937a987c998a6291905e1328b56c10fc749

        SHA256

        35c3dfa31582902a93ecbd616fbcf47e33ac57589e7a09b21997f0e0fc2e6bce

        SHA512

        9b3e98f681b5c0815c707a05618647fcbc747e6c2093dd2a02ebe6a82a83bb9322dc9b2379d5d1d149e535dbe589cbe7c63eac44a02eb81f72747ec5099cca74

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DU2BEY67\favicon[1].ico
        Filesize

        5KB

        MD5

        9a3fe3a8b81bbf459c98753295394945

        SHA1

        0549a475c5fce345669877802f80eeffadfa6fff

        SHA256

        f5392ebf26bc5e9599340a9e5cef6644629b2b43bdbeb5c03e8382aaab7ef165

        SHA512

        1e4978397370430859b3c3c8f18015ec040fa8f1e15ea5086ffba069bacd537255c7ec9409117a2a27fd401c6b90a27f586183360680915dbed75cdf57a430ec

        Download Submit

      • C:\Users\Admin\Downloads\Start Survey.zip.0ek4vg0.partial
        Filesize

        29.0MB

        MD5

        6266887c3600149e0b287c6702fe4697

        SHA1

        1d00c1f9cbef046e8e4c7e67693d62b5dac4ca9e

        SHA256

        30df01c4b375ba65307f610881a74b4bebef733b4c1819545ef089231eacdac8

        SHA512

        2ecd773a641de29b07408d0202057d4c5db752e35190302998b7b09e258b68379b9aef4b27790c23bfe312fd70d23d73bec71e3d59115d44e768bb8b299ae00b

        Download Submit

      • memory/448-154-0x000002C2194E0000-0x000002C2194F0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/448-160-0x000002C21A290000-0x000002C21A2A0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/448-146-0x000002C213680000-0x000002C213690000-memory.dmp

        Filesize

        64KB

        Download

      • memory/448-145-0x000002C213670000-0x000002C213680000-memory.dmp

        Filesize

        64KB

        Download

      • memory/448-144-0x000002C20AA80000-0x000002C20AA90000-memory.dmp

        Filesize

        64KB

        Download

      • memory/448-147-0x000002C218790000-0x000002C2187A0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/448-148-0x000002C2189C0000-0x000002C2189D0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/448-149-0x000002C2189D0000-0x000002C2189E0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/448-150-0x000002C219450000-0x000002C219460000-memory.dmp

        Filesize

        64KB

        Download

      • memory/448-153-0x000002C2194D0000-0x000002C2194E0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/448-152-0x000002C2194B0000-0x000002C2194D0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/448-151-0x000002C219460000-0x000002C219470000-memory.dmp

        Filesize

        64KB

        Download

      • memory/448-176-0x000002C2184A0000-0x000002C2184B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/448-156-0x000002C219500000-0x000002C219510000-memory.dmp

        Filesize

        64KB

        Download

      • memory/448-157-0x000002C219510000-0x000002C219520000-memory.dmp

        Filesize

        64KB

        Download

      • memory/448-158-0x000002C219540000-0x000002C219550000-memory.dmp

        Filesize

        64KB

        Download

      • memory/448-155-0x000002C2194F0000-0x000002C219500000-memory.dmp

        Filesize

        64KB

        Download

      • memory/448-143-0x000002C20AAD0000-0x000002C20AAE0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/448-161-0x000002C21A320000-0x000002C21A340000-memory.dmp

        Filesize

        128KB

        Download

      • memory/448-159-0x000002C219550000-0x000002C219560000-memory.dmp

        Filesize

        64KB

        Download

      • memory/448-162-0x000002C2184A0000-0x000002C2184B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/448-163-0x000002C218790000-0x000002C2187A0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/448-164-0x000002C2189C0000-0x000002C2189D0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/448-165-0x000002C2189D0000-0x000002C2189E0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/448-166-0x000002C219450000-0x000002C219460000-memory.dmp

        Filesize

        64KB

        Download

      • memory/448-167-0x000002C219460000-0x000002C219470000-memory.dmp

        Filesize

        64KB

        Download

      • memory/448-168-0x000002C2194D0000-0x000002C2194E0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/448-169-0x000002C2194E0000-0x000002C2194F0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/448-171-0x000002C219500000-0x000002C219510000-memory.dmp

        Filesize

        64KB

        Download

      • memory/448-173-0x000002C219550000-0x000002C219560000-memory.dmp

        Filesize

        64KB

        Download

      • memory/448-172-0x000002C219510000-0x000002C219520000-memory.dmp

        Filesize

        64KB

        Download

      • memory/448-174-0x000002C21A290000-0x000002C21A2A0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/448-175-0x000002C21A320000-0x000002C21A340000-memory.dmp

        Filesize

        128KB

        Download

      • memory/448-170-0x000002C2194F0000-0x000002C219500000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1944-142-0x0000000000000000-mapping.dmp

        Download