Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://usheethe.com/...

windows10-2004-x64

1

Analysis

  • max time kernel
    93s
  • max time network
    84s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/03/2023, 23:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://usheethe.com/WJaR

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 54 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://usheethe.com/WJaR
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1256
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1256 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1892
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1452
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4504
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4504.0.1870306236\288885276" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f221e060-47bc-4712-bd6a-7319d6da1cb3} 4504 "\\.\pipe\gecko-crash-server-pipe.4504" 1900 272b9092558 gpu
        3⤵
          PID:4700
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4504.1.622586905\2005682870" -parentBuildID 20221007134813 -prefsHandle 2288 -prefMapHandle 2284 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {daa42018-0b32-4235-8313-446ddc7c0e34} 4504 "\\.\pipe\gecko-crash-server-pipe.4504" 2300 272ab072858 socket
          3⤵
            PID:3576
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4504.2.1686006689\527226956" -childID 1 -isForBrowser -prefsHandle 1608 -prefMapHandle 3060 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfa3ece5-9ebc-4fb0-8bb3-e8bb80a85f5f} 4504 "\\.\pipe\gecko-crash-server-pipe.4504" 2916 272bbcf7b58 tab
            3⤵
              PID:1008
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4504.3.719120496\797676586" -childID 2 -isForBrowser -prefsHandle 2344 -prefMapHandle 1452 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cd53dc4-a5b4-4640-ae53-d98258c8cd8d} 4504 "\\.\pipe\gecko-crash-server-pipe.4504" 1084 272ab072b58 tab
              3⤵
                PID:3092
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4504.4.1874745352\1306683797" -childID 3 -isForBrowser -prefsHandle 4044 -prefMapHandle 3880 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b325429-0b33-4698-969d-1bfbe7edd15a} 4504 "\\.\pipe\gecko-crash-server-pipe.4504" 4052 272ab062858 tab
                3⤵
                  PID:4856
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4504.7.363274328\1322489728" -childID 6 -isForBrowser -prefsHandle 5288 -prefMapHandle 5292 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3d0a6d0-fab0-4193-a801-e15f35dc1e49} 4504 "\\.\pipe\gecko-crash-server-pipe.4504" 5280 272be499d58 tab
                  3⤵
                    PID:5008
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4504.6.1873059061\110220453" -childID 5 -isForBrowser -prefsHandle 4948 -prefMapHandle 4796 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f8af3b5-c908-4b47-9c09-db14ab1baa9c} 4504 "\\.\pipe\gecko-crash-server-pipe.4504" 5096 272be499458 tab
                    3⤵
                      PID:4940
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4504.5.1122663680\1712582312" -childID 4 -isForBrowser -prefsHandle 5076 -prefMapHandle 5048 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65817153-c120-4935-8e8d-0df104fae088} 4504 "\\.\pipe\gecko-crash-server-pipe.4504" 5088 272bbc66458 tab
                      3⤵
                        PID:3852

                  Network

                  MITRE ATT&CK Enterprise v6

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                    Filesize

                    471B

                    MD5

                    bdbbd793778777706223b00a4ea24ed0

                    SHA1

                    bf09527cebe8906bfe6aa1e885bc9fb1b3ec54e4

                    SHA256

                    8b1034038298faf34d3f580c1ded7212f40d146de7e62cff20826c8b53f80c36

                    SHA512

                    7397d981e28bee91dd0e08c3a38444d8524204118548e8db810f5a277cbb08c20a64350063cf36ee4a943edba249f1d0ed350d4cfbc0671461cf27c2534c1f13

                    Download Submit

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                    Filesize

                    434B

                    MD5

                    afc784e98a35afb62d8bb34f207aac20

                    SHA1

                    98d4b6b553ea35d05e87d5641e21ea47d7cdaa47

                    SHA256

                    8ad20686cd3d5bee1519905d90f3b301b4f9bfbf6829aa12e8045f9f48642f49

                    SHA512

                    81687274589aeca5eff0574e3529cfb58548e681b6427ebec9baeb07d40f1253c58ad481c70bca5180e9615dc03cdfa11a29ae30d87d2abf2194b944f3490f20

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SC43EMPQ\www31.davisonbarker[1].xml
                    Filesize

                    13B

                    MD5

                    c1ddea3ef6bbef3e7060a1a9ad89e4c5

                    SHA1

                    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

                    SHA256

                    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

                    SHA512

                    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\osplltc\imagestore.dat
                    Filesize

                    1KB

                    MD5

                    00c9a80cc642772c592fc18d8f2539fa

                    SHA1

                    bae21b198c9f098e3eaaacf467c16611b36275dc

                    SHA256

                    bc8702affadfaf85750bea85f0b738cbf8e243b5ac753460ab43400674a8359d

                    SHA512

                    bf5e750dfaa4e73a77115b4d0d14edf9715ea26cec30704c047aa1f44b5d957002eead23353266982a8d193855a86147431fac702040a3548c9da392ddb6328b

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1IYUAPIF\favicon[1].ico
                    Filesize

                    1KB

                    MD5

                    e548cccc7c3a847471bafe28f46a85d9

                    SHA1

                    1d84a143f0696e4932d57dddd6ab394eee31e365

                    SHA256

                    20664c8244561ff53ec95d92a97581c30d3e304181a9a0db7c5e8f555d8d140a

                    SHA512

                    d0f1729a5173f4fa8ee08a37d944ad86825ebf8b70ed71303fc42f6b3920cec5436df0337b45c1b39d803381c6042976727385f4dc5634570b7fbe6798973645

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S1Q31HZS\NXADGTZ1
                    Filesize

                    180KB

                    MD5

                    8feacf0b25b999d46f0316d7c320eaf6

                    SHA1

                    791e7e856f94b7b6ba34cab7b65970580daf4f83

                    SHA256

                    db60032c21341ecbd969d26b760089df6b11ad31f48d46a90e983a951b3032eb

                    SHA512

                    a36313a3dc9a810466cc622016111f83fe7609f3e878666104befc8da3cdd24ccaac21efe692516ae8e80d3f22b77d361d0fde001f20bd8913cd8ba97bc81606

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S1Q31HZS\suggestions[1].en-US
                    Filesize

                    17KB

                    MD5

                    5a34cb996293fde2cb7a4ac89587393a

                    SHA1

                    3c96c993500690d1a77873cd62bc639b3a10653f

                    SHA256

                    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                    SHA512

                    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YYL8D8JJ\am-push-cps[1].js
                    Filesize

                    100KB

                    MD5

                    eafb95fa9988e0ccd923cb9fbdbe8fb2

                    SHA1

                    de2bf24b137624384369d8127b40ccb4592939ce

                    SHA256

                    bc4720c44ed409f268f5c7791185c5464bd750e81a4e2deb2766b6d4270b4ca8

                    SHA512

                    9d5abeed9610681b3c06e10ae5965c6b603b535136a4b094d3703f64f70269cb3871f1604fdcd84f5b0aeaba247aeddea72704143ac273478deac14b817cec92

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    154KB

                    MD5

                    7ee2eaf2d61ed7971e0371fdc7273ce7

                    SHA1

                    8c57039b2da4817c5f04ad6e6515382aae1d1bde

                    SHA256

                    252e659c1741820a265b3c7cc5a09ba8e1564572a8d25f226908353e494b87d4

                    SHA512

                    68f614d3b3b9f2edc1405ee21cb93042c4aafc54e81b5076e8d10fe01f58aa2750d52587c91e30c15399301473d8f153bc2809f3843bc7ec67c033fc232d4a4a

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    7c09c3214e47ed42cf35e64c5ad4b8e3

                    SHA1

                    b3b433848f21f94611c9119dfbb1cd9ad0d9f8c7

                    SHA256

                    4ad31714e1b6d20f38faf23017fa17a0880f00aa9ae8596a191f16bf0eda390d

                    SHA512

                    fd42cc740931753648ec277a04bc2ff5b44ee84eb1a76f937e1277ca9959ed5b925b06aea7332b4f65b6ec806f1fe36ff30bd1db9b8c99fdd1fb7c674c06b92b

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    1984b45f201f1fd79d2154406648433b

                    SHA1

                    42f082dc6d4d43333688690bf4dfa7c7f8b618ab

                    SHA256

                    000a408519010d12b94281710f9a987f822093a1efb5293bbb50ca2e4a6a9df9

                    SHA512

                    e73a00cc8994d4023168e93ff5f5b6e6b13ffeb740872b64f565787cbb57e49e64eb03e4de1d8068a6f303f0615749fb27cb47bdbc4cef3fef1290bd3a3a17cc

                    Download Submit