Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://buzzingagile...

windows7-x64

1

https://buzzingagile...

windows10-2004-x64

1

Resubmissions

14/02/2023, 23:21

230214-3byngsgg99 7

14/02/2023, 23:17

230214-294rqagd2z 1

Analysis

  • max time kernel
    171s
  • max time network
    174s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    14/02/2023, 23:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://buzzingagileefficiency.anelson17.repl.co/

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of FindShellTrayWindow 35 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://buzzingagileefficiency.anelson17.repl.co/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1728
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1728 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:584
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:780
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef62b4f50,0x7fef62b4f60,0x7fef62b4f70
      2⤵
        PID:1880
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1064,10866181571432612391,7622965632333857814,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1072 /prefetch:2
        2⤵
          PID:1940
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1064,10866181571432612391,7622965632333857814,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1376 /prefetch:8
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:864
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1064,10866181571432612391,7622965632333857814,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1704 /prefetch:8
          2⤵
            PID:1008
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,10866181571432612391,7622965632333857814,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:1
            2⤵
              PID:1020
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,10866181571432612391,7622965632333857814,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2156 /prefetch:1
              2⤵
                PID:1232
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,10866181571432612391,7622965632333857814,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
                2⤵
                  PID:2084
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1064,10866181571432612391,7622965632333857814,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3280 /prefetch:2
                  2⤵
                    PID:2160
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,10866181571432612391,7622965632333857814,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
                    2⤵
                      PID:2204
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,10866181571432612391,7622965632333857814,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3612 /prefetch:8
                      2⤵
                        PID:2276
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,10866181571432612391,7622965632333857814,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3716 /prefetch:8
                        2⤵
                          PID:2284
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,10866181571432612391,7622965632333857814,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3820 /prefetch:8
                          2⤵
                            PID:2292
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,10866181571432612391,7622965632333857814,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3928 /prefetch:8
                            2⤵
                              PID:2328
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1064,10866181571432612391,7622965632333857814,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1052 /prefetch:8
                              2⤵
                                PID:2492
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,10866181571432612391,7622965632333857814,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=544 /prefetch:8
                                2⤵
                                  PID:2536
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1064,10866181571432612391,7622965632333857814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 /prefetch:8
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:2600
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1064,10866181571432612391,7622965632333857814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3892 /prefetch:8
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:2608
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,10866181571432612391,7622965632333857814,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=956 /prefetch:8
                                  2⤵
                                    PID:2616
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1064,10866181571432612391,7622965632333857814,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3156 /prefetch:8
                                    2⤵
                                      PID:2748
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,10866181571432612391,7622965632333857814,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 /prefetch:8
                                      2⤵
                                        PID:2788

                                    Network

                                    MITRE ATT&CK Enterprise v6

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
                                      Filesize

                                      1KB

                                      MD5

                                      0c60783d37ebd37b1ebf089a4fd49708

                                      SHA1

                                      935de5fa574ac31110b081d3cc7b4f3fd69dcaa6

                                      SHA256

                                      b9738f4da05f9f8c53a450fa87d89867af93dbdc9c4861f35fb11d815b4542c2

                                      SHA512

                                      44618b74b334f6e711358e36162ac0a0acbb33163b2997e5f5393b62e4602d7f375306b67e3fe7edc26442eea452f8adfb48619601d06ab241dcd0b75e374787

                                      Download Submit

                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_1694189887CF06662249C56FB9CAA600
                                      Filesize

                                      472B

                                      MD5

                                      bb1e4db11a6d0206c68a9274210d2120

                                      SHA1

                                      ce389f25bc611015de3ea733b5a6c08ad13af6ae

                                      SHA256

                                      1b78c7ffc08566a5bdd8638c50f92e8f5d77d5d398e938ff82b5e5bf7f08cb1f

                                      SHA512

                                      877028c98191f6d2400dd6d8f7abc0793af41530c3142e5697f555f2bdef8ef01fb2a4aab43f6256d593b5c23f3c0cbf5492eebb194cc55e51060a5785c9dbfb

                                      Download Submit

                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
                                      Filesize

                                      61KB

                                      MD5

                                      fc4666cbca561e864e7fdf883a9e6661

                                      SHA1

                                      2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

                                      SHA256

                                      10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

                                      SHA512

                                      c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

                                      Download Submit

                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
                                      Filesize

                                      724B

                                      MD5

                                      f569e1d183b84e8078dc456192127536

                                      SHA1

                                      30c537463eed902925300dd07a87d820a713753f

                                      SHA256

                                      287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

                                      SHA512

                                      49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

                                      Download Submit

                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_81782FA44A40DE105399E9D74979FFF7
                                      Filesize

                                      472B

                                      MD5

                                      81a861ad34eebfde7b0fb8be89ae9a80

                                      SHA1

                                      4e36dac83150fac2efa4cada5b72ae50fe7aa95c

                                      SHA256

                                      f9dca744ee31eaffa8710d2e1863ce4ee0e0a206b0288b82a6631f4e424c561d

                                      SHA512

                                      1dae1e3f3c6e626718c0e90329bf79fcf2f779aa957ee256285ea6f62680a307b2351a763961787ddc955e04f8596b6e779dfc75847ded998af7a29c0176010b

                                      Download Submit

                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
                                      Filesize

                                      410B

                                      MD5

                                      537e9895b596a10ed3666c7aa5deb7ed

                                      SHA1

                                      4ab43f6f6d3cc2963f1847e132264a5329b9af08

                                      SHA256

                                      01d0f9b69f2018d02bb73e3c63597ec53cb8008520f23c66be416e20ec1d81af

                                      SHA512

                                      d575b66f9686691e72308ef8bf36c4cc4c68707f256fae823c3a5756ae2363a5c6b50a88756e1386d15738b0110dc47ab03437b4cdeac0b664c68d57393ca2f9

                                      Download Submit

                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_1694189887CF06662249C56FB9CAA600
                                      Filesize

                                      402B

                                      MD5

                                      4a6fb2bfe2be7dbb542d71152f9d7783

                                      SHA1

                                      7ad68415dcb7297a5c6856cd51a8f6e5c4ab48c0

                                      SHA256

                                      4e59517504275ebfba215fba1278ec13bfacccffc3933b72d6d07764f3240d84

                                      SHA512

                                      ae26fae47915bdd4fde550586f7e652bfd67e29529f7a39ab24dc1e182df49643cbcad055a388895110b1be3a04fe2ee601c6230b555a278ca805133ec033e6d

                                      Download Submit

                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                      Filesize

                                      342B

                                      MD5

                                      21985d2b4cc5918189382b12254a7a6e

                                      SHA1

                                      9551a8cbf907b2a6bbff04049f247414dd7144bc

                                      SHA256

                                      f99e93c5e3d3b380ce5dcc8b15403e947f2ef842437341ce02c7699d9e4abe19

                                      SHA512

                                      03b9e9e19b7e725265d21015a456c78d30411a5b7b6f0c0215dcf68caeb5ef74f33132fddf9b5af598cb98f1d2ea990409fd2a3e7c8ee5fcbe986539ffdf834d

                                      Download Submit

                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                      Filesize

                                      342B

                                      MD5

                                      3d2ffdab3267428e559f6c89c8b03586

                                      SHA1

                                      5ab091dcc4b5b54c8320f02d63e51c4da99fb380

                                      SHA256

                                      2155ee7d306299c222de082a79345d6dfc787205bff7479a8f91a05f4550cb71

                                      SHA512

                                      4550dda237c0b2927a13f183e928483f2dafc029235cc7a18b0045da8262354ad0458f65ba6263118003e82ec8da9b5c038551f8a2141d87c14bfc1c98784dfc

                                      Download Submit

                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                      Filesize

                                      342B

                                      MD5

                                      a768d158a6d9f5c97ff9e88897c366cc

                                      SHA1

                                      95db8717b5eb501b04ec5d07768ae912224e5bbd

                                      SHA256

                                      bcfb108d908c094a3feca9f22b145fbc19fce3417f263d0ef1f57a551d5cadc2

                                      SHA512

                                      3fef3a31ba751dbe9d575c6ec753b395600a7b902d1a5d0fd335efa595cf2a2f2dfff48e09dbe2bc54e0b0245a47e750d5bc57d9ed65f48ee618628e063cf9da

                                      Download Submit

                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
                                      Filesize

                                      392B

                                      MD5

                                      8bfc96e1b1c162d0b1e6db2d47935f2c

                                      SHA1

                                      36421f17f9c420b792aa1159eff3725f67fa2c28

                                      SHA256

                                      8fba19fe9b1c252df453428d27b8b1ef726d439755a8dd50c267d71b5986982d

                                      SHA512

                                      bf058e91305a8788d66e3ba8f7773acf63f093c16bcdf1bdd9b6fa56f3fb35572e779c01c4f38b821b47550adcd409d79cbeed0fda40015fbd79fa66661fb06f

                                      Download Submit

                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_81782FA44A40DE105399E9D74979FFF7
                                      Filesize

                                      410B

                                      MD5

                                      586a846987510adc21833c89f4cb255e

                                      SHA1

                                      9b7cc0245458af1079745a3c94a383042e9bdd99

                                      SHA256

                                      dc88e7d65dfe876d82006ede4c3bd1edfb73be20a4eada0c962f2436c0f7c3f2

                                      SHA512

                                      5a1e29aa988727ea14267e96f1e5f51bc9ac0c249318e3ddf2fd8a619f46ba16b25da5fd91e5f3cb8a125d1d220c484a2a4fc222e324c056cb6a2606a03de2f9

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t9o3c8r\imagestore.dat
                                      Filesize

                                      1KB

                                      MD5

                                      48daf54d57650fa29930023534972e99

                                      SHA1

                                      dcf78d32af49567016b2db317553947d5635a24e

                                      SHA256

                                      3aecb4266ba68d16a9c33ee58d9540c1f6c6f24a673445b714eb4853246e639c

                                      SHA512

                                      5d9a5ed5d417196faebc95e68ac1791d88ea27a2fcec38c832e8aa5fd1e8d4d21855a2108f4e72dbd5cab30dd3ae32b3e72d60da796ff36cb7e6402f4f20b83b

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5M3B6RK8.txt
                                      Filesize

                                      601B

                                      MD5

                                      ef743257874717ef6818ce369bc1757a

                                      SHA1

                                      5c4cc18f013bb5ea320d46c6b11c0486ea765d78

                                      SHA256

                                      291cbce670248ef693dbf17f230095214805b08c4a50999206cf8c156817312a

                                      SHA512

                                      8295ed10f1140a7f03f04240c0143be5a4f7784667e9f30d9986e1d36ecdffbb53088918fad54630742676b1e85a5fa39ae8521bb70213c1789313fa4748b39e

                                      Download Submit