Overview

overview

10

Static

static

8

URLScan

urlscan

10

https://bafybeidmwc5...

windows10-1703-x64

4

Analysis

  • max time kernel
    599s
  • max time network
    601s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    29-03-2023 09:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://bafybeidmwc53v7bvtirhqsjbnhpejvpe4yndnpcvq6cylyaqf4vrlvx3fy.ipfs.dweb.link/?filename=QmVew3YmKmkLmuuBy6YtVfon18cqcUiZuTx4bse69sJaP7#[email protected]

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Modifies Internet Explorer settings 1 TTPs 60 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 21 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://bafybeidmwc53v7bvtirhqsjbnhpejvpe4yndnpcvq6cylyaqf4vrlvx3fy.ipfs.dweb.link/?filename=QmVew3YmKmkLmuuBy6YtVfon18cqcUiZuTx4bse69sJaP7#[email protected]
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2076
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2076 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2340
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2076 CREDAT:82950 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4472
  • C:\Windows\system32\cmd.exe
    "C:\Windows\system32\cmd.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5072
    • C:\Windows\system32\NETSTAT.EXE
      netstat -nao
      2⤵
      • Gathers network information
      • Suspicious use of AdjustPrivilegeToken
      PID:1368
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Drops file in Windows directory
    • Checks SCSI registry key(s)
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:688
    • C:\Windows\system32\resmon.exe
      "C:\Windows\system32\resmon.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4228
      • C:\Windows\System32\perfmon.exe
        "C:\Windows\System32\perfmon.exe" /res
        3⤵
        • Checks processor information in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        PID:1188
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Checks processor information in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:32

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    27eeb470ea47791b773b0c543d47d7c0

    SHA1

    cf692b6241651b506a7639c0c02f4ab582b728bb

    SHA256

    887291e1eaf9e037071221908bc110ee40235c5d9c6dd4001699cdbfd55c9cd4

    SHA512

    23f1b1f25ca82aa1b9a235921ba87b86f61e58a1d19b031547144a6035144b14c0ca1f7a9391c00eca50c0be4f35a161d0b4402cdff37f1c9350a368ce3f1321

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    3288d3822152e1162456b273d8254da8

    SHA1

    9445d57ceccff7f6388b527d1df03dbae8db56c0

    SHA256

    03043e6d8f55d743fb6f26781719daa737aeef8427772319e66c089c5d3e00d4

    SHA512

    cc89e2c11421079c967d4e69857fb54390492fcc1f5736d3a3ab4fe8cc1e33f07594e16474e93adf40a91351f33b3f28b25092c2290ab4243c409ba60560405f

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\F12\perftools\visualprofiler\settings.json
    Filesize

    3B

    MD5

    ecaa88f7fa0bf610a5a26cf545dcd3aa

    SHA1

    57218c316b6921e2cd61027a2387edc31a2d9471

    SHA256

    f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5

    SHA512

    37c783b80b1d458b89e712c2dfe2777050eff0aefc9f6d8beedee77807d9aeb2e27d14815cf4f0229b1d36c186bb5f2b5ef55e632b108cc41e9fb964c39b42a5

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BMT3HFX2\plugin[2]
    Filesize

    411B

    MD5

    6f65b6608be4e65166d660fdc450fa60

    SHA1

    91862bd34ab08e3511b7b7f1e71baefd57c33016

    SHA256

    7c56cbab79bd396e31a1f2a0891e23aa7d49e7a87c3bfd6d7ca445a095d73b9d

    SHA512

    38fcbb1e3f5ac1fc959d7509b6b1930d6ee5e3284815ca13c2976501ca8f00fa0b5661d9ebb76e5800ca126b3d0564626015e45e7beb401ba42c99f4d6230e2e

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\F0WVC1MM\CommonMerged[3]
    Filesize

    572KB

    MD5

    9ef197a076681c3d4c5e7a1e07cf15f5

    SHA1

    350d4ad02899f3838e4ce3bca3a13deb496c5509

    SHA256

    a24521823149886e4ebb47b4c8bdb7859985683ec302aaf941872b8d2852bebb

    SHA512

    6ca063a22f226421c8c901e659a38180f5198a12af7a8d380d74de1e2fcfb5bfb892cda88770729a2367f2b23e5a1bfc34cede0fade20c4dc13e0391fbd41cc3

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\F0WVC1MM\isDebugBuild[2]
    Filesize

    87B

    MD5

    70f25a5edce5e20d870ff1c98a5ec5f5

    SHA1

    5fe33de0c8cb6d65f794c4dff0bfd5bdb15a7073

    SHA256

    ae2cfc14f884e61f693b00ad0945f372face67b1fc49c6479502cefba3b82e9e

    SHA512

    e4db4b122bc436edaa2dc810dbe1b0d61a5115e01a05b8e4f0874e639781b517b70ba5a80e1df7176aa612917c05ea10c06fc8114a8caeb00b38b7b01f8dc34e

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IV9H23MJ\QmVew3YmKmkLmuuBy6YtVfon18cqcUiZuTx4bse69sJaP7[1]
    Filesize

    141KB

    MD5

    9712607cc89519de62890a4efbe7421f

    SHA1

    d96059cf6213a5282a351d6ba254271b74d24906

    SHA256

    87bd79e9917d74843da24cdb576175268796c47a7c822cb530f47fa5546590cd

    SHA512

    819a8c5cb2ed988d139384550045492b07336c8e18076315fc059221bb66089803fcb394604be977f0807d7956d5ee475b43bc232e6ea8e497b7d0f965f6c08d

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IV9H23MJ\controls[5]
    Filesize

    22KB

    MD5

    cf6ae18a4a5a48e497570557391d7920

    SHA1

    ad9ce2ad74fd0bcd5fa998cff895168ada13a1cc

    SHA256

    993700d10307ac3485ea71e01c49dd2abae6360a5f1406e03e91c7a6532fc591

    SHA512

    43e9e37f8de63d2131e3159471a8a7765a08a4efbbd1505a1fb1dce4a85ca2e7e1391a241b2e01509f69b5ffb183ab488d20341a5baace00cfd8d753d3955e8f

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IV9H23MJ\plugin.f12[4]
    Filesize

    160KB

    MD5

    fdf4a73ffdab93e3a0422b9d2e252ca9

    SHA1

    c969911ecf2414e17fc16c1a15512bab79842d23

    SHA256

    26c3f906421451fb7a86d275288c9ea0bd6810959812edb6564e0c23f76702e0

    SHA512

    569c53094876dd65556a824416bfd0016764205ebf6e61c87529445d4c619860a086895a92f735089da501b96e5fb3361279f9731f5d46c56695133bf8318b6a

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IV9H23MJ\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\FDLAL1HE.cookie
    Filesize

    608B

    MD5

    4e32487b5434153a15b21beac11ed1ce

    SHA1

    a5f5cb5b148996709bfc28fc21847534cc693c29

    SHA256

    f63d0a46cdaa949f9c415a175cd6ccc83e0915cf0b55a9a23ad5bcc7ef94d0eb

    SHA512

    de20a273526c73115579dd3612c45ee8ec497ed17c7f299ddb1d41c25ac305be753012df37659963e565f1dc1283c0ca57b57dafca63f93692c8ca3453bcaddd

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\~DFEBA767EE47C73DA0.TMP
    Filesize

    16KB

    MD5

    9ffcf967410609eab508f254e7ca6aa2

    SHA1

    061671a355104728137c16cdec077b7312545f36

    SHA256

    a3ec8754d1131e7e3f9e35a5ea52257b5cae7686f3f4355da048ac16f4a30e98

    SHA512

    11d215e25afe2eb70c54c54c6b4e3125382c842324889ffc15e1b9f0e333c04473e9a8eed6fbda0c09478693811ef46efe97a16d08209ef00496b98afd6b6973

    Download Submit