Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://yangak.com/da...

windows10-2004-x64

1

Analysis

  • max time kernel
    59s
  • max time network
    61s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-03-2023 22:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://yangak.com/data/cheditor4/pro/temp/7.html

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://yangak.com/data/cheditor4/pro/temp/7.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1468
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1468 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1788
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4368
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:448
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="448.0.1776653506\1386925853" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d00cd04-dde4-45c5-b036-816c25cd78be} 448 "\\.\pipe\gecko-crash-server-pipe.448" 1916 196bbb18358 gpu
        3⤵
          PID:2808
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="448.1.1448081873\856815868" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ada2623a-78fc-4cc9-845e-b2a51d00d783} 448 "\\.\pipe\gecko-crash-server-pipe.448" 2316 196adc72858 socket
          3⤵
            PID:4812
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="448.2.363232856\1267159798" -childID 1 -isForBrowser -prefsHandle 3324 -prefMapHandle 3224 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {424feeee-b982-4615-8d0d-7eb042b977d0} 448 "\\.\pipe\gecko-crash-server-pipe.448" 3068 196be70b258 tab
            3⤵
              PID:2724
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="448.3.702014495\1733794668" -childID 2 -isForBrowser -prefsHandle 2360 -prefMapHandle 1484 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81cdd12d-b558-4912-ac8c-a1b05586df54} 448 "\\.\pipe\gecko-crash-server-pipe.448" 1168 196adc71358 tab
              3⤵
                PID:1336
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="448.4.1939732461\997009704" -childID 3 -isForBrowser -prefsHandle 3756 -prefMapHandle 3752 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aea73a98-8199-4a2f-a4b9-6f2b7abb3d0d} 448 "\\.\pipe\gecko-crash-server-pipe.448" 3768 196adc5b258 tab
                3⤵
                  PID:4408
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="448.7.854242982\554000557" -childID 6 -isForBrowser -prefsHandle 5300 -prefMapHandle 5304 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4693614a-7542-43ad-bf75-9bb2cb6a4a9b} 448 "\\.\pipe\gecko-crash-server-pipe.448" 5292 196c0f9c558 tab
                  3⤵
                    PID:5308
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="448.6.2072796679\1667686846" -childID 5 -isForBrowser -prefsHandle 4932 -prefMapHandle 4724 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e2c2400-d20d-4866-8b8e-8c86fc9ea8b5} 448 "\\.\pipe\gecko-crash-server-pipe.448" 4952 196c0f9a758 tab
                    3⤵
                      PID:5300
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="448.5.503190183\390845122" -childID 4 -isForBrowser -prefsHandle 5092 -prefMapHandle 5088 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a9386b6-bb9e-49f7-98a4-09e37a6ecb3c} 448 "\\.\pipe\gecko-crash-server-pipe.448" 5100 196bfe70858 tab
                      3⤵
                        PID:5292
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="448.8.966536120\2095349766" -childID 7 -isForBrowser -prefsHandle 5792 -prefMapHandle 5784 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b093ca80-d94b-472b-b0ec-578716245946} 448 "\\.\pipe\gecko-crash-server-pipe.448" 5800 196c2334e58 tab
                        3⤵
                          PID:5836

                    Network

                    MITRE ATT&CK Enterprise v6

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\activity-stream.discovery_stream.json.tmp
                      Filesize

                      144KB

                      MD5

                      6501d41e37cf97d78ff563ed57e7f2ca

                      SHA1

                      e9b50e0949dd962074c7596d525c2605191a0d37

                      SHA256

                      3af00851dcde4f421032a2f4b2364abb80b81766b88d8887659aa58a3582a6fa

                      SHA512

                      c042de03a990f8704494c0b1d73c8f1794963023f53f6cd0f91ecb5568c3bdcc6bc538392367b570d8c98d81626b4aa413f2e3ebad26417fa08fc9d2bcd025ef

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      74e45b625df69f251aa35cbf6fcbc3a2

                      SHA1

                      32c693dc380ad45cad783dde0fdd49527963407b

                      SHA256

                      aef98f6bd90e655d78ba8ba190186eb200430b84f2414b6e8bb4182334d87ee2

                      SHA512

                      068e6f0889aac042015dff320e757b35e8cf988b541508da43d2b7761527f6dd93bc4b82eacf25344cd06085e117c55faaf319fb5da62142a3e30da60067cb44

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      d7ceafe52f4ba00c279619ac7a9e74e2

                      SHA1

                      bd3a78aa611279af87b715f2125d6304fe312806

                      SHA256

                      111d9498c09e9e7e238cbc3b4b5c71f00183ffed02d9f8462d499c4db72115d2

                      SHA512

                      e3bc6af3daba2ba738ff734f13e987c21eb0ec7ae1648374c077ddce21280e8c09f9543ce437a61c1cdb4661aea51e9b426ec30c431e7c6ae1ea0aea3b2d90c2

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
                      Filesize

                      7KB

                      MD5

                      cc41c49124258fee314b74cff134abc6

                      SHA1

                      8d846b2659363d8084ff7451408c7254d4a64ef5

                      SHA256

                      877b7d73c4c08bfc534c5a30cb251fd0546208845eb27ddc68fd981fb3a381f3

                      SHA512

                      debbffb1dce2925f7bd1c24e2eefcb2dda03ff2bf8a1d59d088671fbca50b306c7526faa5374dcab7aabdebf4671caf18eb5e04a8b6a33312f3f3408b63c8927

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs.js
                      Filesize

                      6KB

                      MD5

                      207077fed406e49d74fa19116d2712aa

                      SHA1

                      3ce60cb9b4fbd6b00a9ae26c599b9fdbe2b6c5ee

                      SHA256

                      b02701ad3c4478f891a550eac65f0a8c183999aa22a1dd171bd698b990124c58

                      SHA512

                      0c6398230b3eb103a0ce280f127515d998a6c9ea8908b8b248b132782f8166141ba8e1faabc7ace4b80e9c925bc5d7885f0fba8c16cb2e7798055727dc66190e

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      1KB

                      MD5

                      783d420b83b459ae172ed10e2d8a1570

                      SHA1

                      7bf66f83cb0584a77bb937a1056923fca4ef23f4

                      SHA256

                      a539c8226615092397b8c1326d2e9dcd60d6b66bcda9fc5292118b90d31723c1

                      SHA512

                      df3b8ed1f11c72efe1b0253ced32d0dbd9362c951bc1c73348a9e9ad8707c5ce2a828887375fc96c9b078bfb610a0ae76ec3f15c9b176c8b6a12d2b1bdad609e

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      1KB

                      MD5

                      7f814ca3fa40eb0079182c1d64f32a3c

                      SHA1

                      561218f94b455deedaebcf4b7b09d95508b88818

                      SHA256

                      ede7edc1c2ff881d2558b64f6adfe2715956c41fa5645a14baf11a74824732a1

                      SHA512

                      15b1a22594fe504cf89c279a290381f7745314e4a8fa5fe376e28097584bbe888eababea76627530a52da686a9955cbe6730b0da7d40e8323928e41c3459e2a2

                      Download Submit