Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://yt4.ggpht.com/

windows10-2004-x64

1

Resubmissions

16/05/2023, 09:05

230516-k2a11acb26 1

16/05/2023, 09:04

230516-k1lq4sae9w 1

Analysis

  • max time kernel
    61s
  • max time network
    63s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/05/2023, 09:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    http://yt4.ggpht.com/

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 27 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://yt4.ggpht.com/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1300
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1300 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3036
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4084
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1948
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.0.597971929\56684132" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 20812 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d275e179-4c9f-4167-9796-d6b6aa9c3b45} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 1900 1a000b82e58 gpu
        3⤵
          PID:4444
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.1.1122185447\720873645" -parentBuildID 20221007134813 -prefsHandle 2288 -prefMapHandle 2284 -prefsLen 20848 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d30f637a-c820-422e-8483-2d627b5e476a} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 2300 1a001010c58 socket
          3⤵
            PID:4436
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.2.291623975\1906226626" -childID 1 -isForBrowser -prefsHandle 3028 -prefMapHandle 3024 -prefsLen 20931 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc8ee537-ee1f-4620-85cf-117fc892c187} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 2764 1a0038f6b58 tab
            3⤵
              PID:916
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.3.1050027674\1271984177" -childID 2 -isForBrowser -prefsHandle 3508 -prefMapHandle 1108 -prefsLen 26441 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d50b070c-892d-448b-874c-f515901ced27} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 2440 1a00201e558 tab
              3⤵
                PID:1136
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.4.85666339\2026909264" -childID 3 -isForBrowser -prefsHandle 4136 -prefMapHandle 4132 -prefsLen 26441 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7387f679-ac13-43f3-91dc-1939eb5605a3} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 4148 1a072b5f558 tab
                3⤵
                  PID:4504
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.5.152354033\757396267" -childID 4 -isForBrowser -prefsHandle 5036 -prefMapHandle 5052 -prefsLen 26579 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c5a8a68-a8a4-4954-a99b-73d5f43012fe} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 5056 1a006560458 tab
                  3⤵
                    PID:4788
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.7.1688549928\971340619" -childID 6 -isForBrowser -prefsHandle 5364 -prefMapHandle 5368 -prefsLen 26579 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3255c004-26ad-4140-8b22-cbb38ca7bb3a} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 5356 1a006562258 tab
                    3⤵
                      PID:2516
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1948.6.1858857647\1062122886" -childID 5 -isForBrowser -prefsHandle 5176 -prefMapHandle 5180 -prefsLen 26579 -prefMapSize 232645 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3326d687-2f82-4bc8-a10c-8e96bad6c27f} 1948 "\\.\pipe\gecko-crash-server-pipe.1948" 5168 1a006561058 tab
                      3⤵
                        PID:2256

                  Network

                        MITRE ATT&CK Enterprise v6

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          145KB

                          MD5

                          acc7c5cfbfde9368edc723c33db9d9d5

                          SHA1

                          82a50f275f01589961ddf27117ae515451a4878b

                          SHA256

                          df36259b465a6889da63c685415af68d655cc7233dfedbaeaaac78366893ef44

                          SHA512

                          f9efb7965880be7966a34264ac27c6706e0196217c4653987b01099f3a8be8975c3605aba7ee8fd06e3d3c81e3f0ca033b6444da87e697bc8db86a75dca917db

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\~DFAE5C0AA279A51297.TMP
                          Filesize

                          16KB

                          MD5

                          16e8b5fda3046124bc7e88a776caf5ed

                          SHA1

                          860c3f21237890ef3abc2f9caa6215065e33d15f

                          SHA256

                          d7661d48ea03b531670934823cf383d03ef3c89ff5f4845e6801e2c55032fa32

                          SHA512

                          8e74d39f306ddf6a80b3b3af6d4a8e9fe44af5fff633dd4b1ba7d4a54e9fc2045fd257c33354a2ee6158fbe9a888ffd1fad24bc76f499b25c6142c7bcbe0c336

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          bf9630943b458e22e2c30726b8ec3dfd

                          SHA1

                          8007cd385868296bbf7144b2778a189c964d3075

                          SHA256

                          7a8ff91caa168d513e6c367996dd712648609d933cdcade4e7f0373c26cf07d7

                          SHA512

                          4c726bf95aa7a29301c8657cc1d077a4b9f7dfd539f1b988caae3d6d9e9c24926c0be315d47d993127026ca4ec6c1ecfc4fe548580eac191843488a72a53b4b7

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs.js
                          Filesize

                          6KB

                          MD5

                          9971fa8fa89a208685d3e30835832fb5

                          SHA1

                          5d9972a3bdbd4c18b3648597d2fd9f9fd6e30300

                          SHA256

                          13417a67a65fecc73ad5acc94d17d8a6fac3b0a343daf12d1cd2d126b9198084

                          SHA512

                          02b107e0d9449fa2d4d3655a880fbdeea4477205fa6c21aaf641c3d358353aa437cf040ec842107f973253bef767e48b9a0267dea5ed2d331aa192ef540e3b1f

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          4f3d3a12b05ec3d6ba382b16ff47a5df

                          SHA1

                          f811e5712a2ff961b145bc2564123e3857bc0ecb

                          SHA256

                          13117d3409c7938f3ef67dcc9178ed44099324522c1757f39d64012a8b064a31

                          SHA512

                          acde67f6e78e24231f6cbee5d8a6650518b7fe8a43aefeae5d32b20f3829054d8ca857e19061d46b16fc03dba99278ace6562b269348c5b182ebb09720621350

                          Download Submit