Overview

overview

6

Static

static

1

URLScan

urlscan

1

http://zuzivebi13.xyz

windows10-2004-x64

6

Analysis

  • max time kernel
    151s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/03/2023, 15:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://zuzivebi13.xyz

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 20 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://zuzivebi13.xyz
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1192
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1192 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4644
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x2c0 0x3c4
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3824

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DVG6DU85\0071a8ef-8b7f-4cef-a2b1-9b06156ec810.s3.ap-northeast-2.amazonaws[1].xml
    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DVG6DU85\0071a8ef-8b7f-4cef-a2b1-9b06156ec810.s3.ap-northeast-2.amazonaws[1].xml
    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DVG6DU85\0071a8ef-8b7f-4cef-a2b1-9b06156ec810.s3.ap-northeast-2.amazonaws[1].xml
    Filesize

    259B

    MD5

    ec681cf34f8addf844c95a37ff290a75

    SHA1

    2920c961567de4096083489d8519c801738f4b36

    SHA256

    cc57c29602b702f33a8d5288ac05813662761781ac14154bb05523c0104422e9

    SHA512

    1fc4b6607d1099d4cfe0ceb741c6c994775e8b47c7217cd14ce729e85a627a71dfcabbf5d36d46c5adde9ba38e9a577364c5346b58b4706667f7d163ca82c165

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DVG6DU85\0071a8ef-8b7f-4cef-a2b1-9b06156ec810.s3.ap-northeast-2.amazonaws[1].xml
    Filesize

    322B

    MD5

    fa4d3dab3e1f583aafed219673906fad

    SHA1

    aeaf30a7885d74bebf88c7c2718afae1e3fe4b25

    SHA256

    da5cee93c4a9f2d19f97777c42af64b39788ffbd17209968aaab1c42b4628ee8

    SHA512

    08011ce0ca43d972ad1dd09a0ea6ad5092980da40a0a4f3ac7f7038e4e29f1e5448a1a1982db529b8530132ada36d2a470fcaa0f2640c385172182330081f469

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DVG6DU85\0071a8ef-8b7f-4cef-a2b1-9b06156ec810.s3.ap-northeast-2.amazonaws[1].xml
    Filesize

    322B

    MD5

    3cdf36524c3f5db4650d4795dc464f8c

    SHA1

    ab421321db535fff042c6928dad386d7923c8565

    SHA256

    264774575d11069bc48863e8ab00bf2079caa72833803e76fa82efed552c3a9b

    SHA512

    661d193fe0b12b08553023a9cc03f7518d4e32b5b5f32518ed915c4bedde0cbe9db00d52a1d82e7fd8ec5864402cebc4e43d10d329919028fe6098aa48f2c8b0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DVG6DU85\0071a8ef-8b7f-4cef-a2b1-9b06156ec810.s3.ap-northeast-2.amazonaws[1].xml
    Filesize

    322B

    MD5

    106bf6c9e7b1a60ed2269cf9e03f2c8b

    SHA1

    506f050fa0cbd838d4f2c158f7b15f992efe8227

    SHA256

    9fcdd42c48aadc76e44980ff56c6c50c3692e97de39ed657d1cae91e6a7eacaa

    SHA512

    5f03c4e5190361c30311a3d8a9033f39f9c8f6933df8559890796c58b5f982d1ac1794094b577197bc1fba275fb014e13c216724c9bacdfe9cd4d2ba13b6b6e3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DVG6DU85\0071a8ef-8b7f-4cef-a2b1-9b06156ec810.s3.ap-northeast-2.amazonaws[1].xml
    Filesize

    322B

    MD5

    1182dad43154e2d347afa71c5756f31d

    SHA1

    3158048838f95c5cf1b7833699611117a4be151e

    SHA256

    e71a91740e309587c536a61f7cbb49b89f070726fb439164f0cb4c6efd2dfecf

    SHA512

    e17b67af3a1f351132e8d7356f1c4861d0a4e6cd8c3b806bd144c15e76af5ee7aa9bb1d1dcf4f801f8253e15d8ed5ffaf253d99608fd8b6dd2f5a574ec7d76ec

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit