Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://download2291...

windows10-2004-x64

1

Resubmissions

14-03-2023 19:37

230314-yb5dtabd4y 1

14-03-2023 19:34

230314-x99whshe46 1

14-03-2023 19:30

230314-x7y18sbd2s 1

Analysis

  • max time kernel
    151s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-03-2023 19:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://download2291.mediafire.com/6k5hycgw8ezg6uaJLXBiF61tZGM-ddGZ8dt1-9xevbTfzogo699IIBu2hiWs00bm9_u2SCnSaLm6bD0iS3z4hduUVXk/fbogurtw1x5l2ia/Adobe+Animate+CC+2022.zip

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://download2291.mediafire.com/6k5hycgw8ezg6uaJLXBiF61tZGM-ddGZ8dt1-9xevbTfzogo699IIBu2hiWs00bm9_u2SCnSaLm6bD0iS3z4hduUVXk/fbogurtw1x5l2ia/Adobe+Animate+CC+2022.zip
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3616
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3616 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4508
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1920
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3096
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3096.0.715207643\2005124312" -parentBuildID 20221007134813 -prefsHandle 1856 -prefMapHandle 1848 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {15d686d1-839e-4481-8382-697a062c09b2} 3096 "\\.\pipe\gecko-crash-server-pipe.3096" 1948 21162116858 gpu
        3⤵
          PID:4484
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3096.1.1656196114\2097819926" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31689c7b-a315-4be0-88ee-fe6eb3c985a3} 3096 "\\.\pipe\gecko-crash-server-pipe.3096" 2316 21154172b58 socket
          3⤵
          • Checks processor information in registry
          PID:4304
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3096.2.1570939849\1076776741" -childID 1 -isForBrowser -prefsHandle 3344 -prefMapHandle 3340 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0d9a64d-5279-48f6-b0cf-e5df395e7e4c} 3096 "\\.\pipe\gecko-crash-server-pipe.3096" 3352 21164709f58 tab
          3⤵
            PID:3024
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3096.3.1206495769\226527303" -childID 2 -isForBrowser -prefsHandle 2452 -prefMapHandle 1460 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {982db59e-ef13-4096-aeb0-b9e327988758} 3096 "\\.\pipe\gecko-crash-server-pipe.3096" 1680 21154171958 tab
            3⤵
              PID:4576
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3096.4.879171150\1453278962" -childID 3 -isForBrowser -prefsHandle 4168 -prefMapHandle 4164 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97329252-638a-4022-83c3-2cb07f2d09fb} 3096 "\\.\pipe\gecko-crash-server-pipe.3096" 4180 2115416ee58 tab
              3⤵
                PID:4180
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3096.7.1109976103\1222950816" -childID 6 -isForBrowser -prefsHandle 5292 -prefMapHandle 5296 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10143ea1-c739-4d17-9b2f-89d73632143e} 3096 "\\.\pipe\gecko-crash-server-pipe.3096" 5284 21167389458 tab
                3⤵
                  PID:2564
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3096.6.1281708546\1757507441" -childID 5 -isForBrowser -prefsHandle 5104 -prefMapHandle 5108 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f66cf88-6ac4-4ae7-bbb5-a7c7b3f74857} 3096 "\\.\pipe\gecko-crash-server-pipe.3096" 5092 21167388e58 tab
                  3⤵
                    PID:3444
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3096.5.1804791983\893247323" -childID 4 -isForBrowser -prefsHandle 4936 -prefMapHandle 4780 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c3040e3-0ee2-4de7-8892-1d49e9db26b8} 3096 "\\.\pipe\gecko-crash-server-pipe.3096" 4976 21154160458 tab
                    3⤵
                      PID:3788

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                  Filesize

                  471B

                  MD5

                  c66cfa49f6cadadf1e4c32bc41cd8a8d

                  SHA1

                  facf5beec3d61902fcef4fd6b480c9d5c9ad4f70

                  SHA256

                  2c353825e60adc95b1ff3285367a587866a49f725e9a1c27eccdb547ccb51ea0

                  SHA512

                  113d06705ed15ea79c868b06dbb50b23171365a18c0953076a8f962a49df6a0bc6d1a02d73fc6b53d540982a352eea702b553769c27947a42842d67cb766bc12

                  Download Submit

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                  Filesize

                  434B

                  MD5

                  2c71d0a7107093c93be43b1e1d243f22

                  SHA1

                  2c6f0ca088f5bb1c06538fc28f8a58eea307ba81

                  SHA256

                  a1d083b6727e609c1814c64d2508f6650098b227cf3962b1548b63f460314d25

                  SHA512

                  0d36e43a464fdd677c377cc547355a43232c37c510e43305a50ba9bef858fa9f79670469fb267379a4e1c351900e0cdabbbbd60c35288b344525722ad3f68951

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\suggestions[1].en-US
                  Filesize

                  17KB

                  MD5

                  5a34cb996293fde2cb7a4ac89587393a

                  SHA1

                  3c96c993500690d1a77873cd62bc639b3a10653f

                  SHA256

                  c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                  SHA512

                  e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  163KB

                  MD5

                  314423a2ae7ec1778c3509e4a767dd50

                  SHA1

                  8a3aecd409d41125b8bb3558e892f120c3f0bfa4

                  SHA256

                  53a426b4d79276d56a75c64d600305322d71607391b7aaa416892fbe3e06e5c0

                  SHA512

                  e1d7f66414e30681e975b1edc3ef288c50d006d34167f02633fa30268ac03d7c65aaef0d530fb251ea86e3edc0c8b04f8a4419ae116eda7b8fbe3d537613357c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  3a89ee26dfc4083fb1cff3638e2a9094

                  SHA1

                  a0747a559a7761e29783fa7b8e54ded7b04054d3

                  SHA256

                  0ab1333a79bba67e5fbd3cd1ab70ecd46edb4a987aa48af956b893f2260450d1

                  SHA512

                  4809d2d6b1856e178e391934161bbda38d830270ff5ccfda736ce5977b01e0e79fe08245a9b602cddd53ff985bce607f81bffd61435ed4dbc535bafddd6798cc

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  2cd99e7c2beec1dfb09ca7fd05ee45d5

                  SHA1

                  5aef4bb22e55812dbbe27949e5fd90753c88dfdd

                  SHA256

                  0bede6a0d0ab09c593e57606df8934d0ba0bc58f46ef8efecde3d47bfeb366ad

                  SHA512

                  15a2370dab2e1a5c6ecd4057d6a73b29279b77b7523f4f0d2f8c8a69c17f80ca8382575c0f18a47e67961dbf19c5259bd2046fe4defb1deeb46c0d912fb5e52f

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  108b97b1ff7efbdb1aecce96d55ff2e5

                  SHA1

                  bb72b2e0c3d859fe5e821632307a32df331b55e1

                  SHA256

                  c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e

                  SHA512

                  e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionCheckpoints.json.tmp
                  Filesize

                  259B

                  MD5

                  c8dc58eff0c029d381a67f5dca34a913

                  SHA1

                  3576807e793473bcbd3cf7d664b83948e3ec8f2d

                  SHA256

                  4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

                  SHA512

                  b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore.jsonlz4
                  Filesize

                  884B

                  MD5

                  61da8e18f1b2798c413cf1fc4b94fcfc

                  SHA1

                  11b2a78b7d774e9ad00e3faee190bc786755fd10

                  SHA256

                  a9a59aeb03219deaa20fabaf2f395ecb96ef5442733d8a81e37b71a33fb45265

                  SHA512

                  743ef6c716275945abbcfafcbf32f455a7858cea6997de8b48741648c12f96a75363cd9fb9f749e8025e20bca443b430c7e47e16dd3704beb96727fdcdd18293

                  Download Submit