Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://billsingtell...

windows10-2004-x64

1

Analysis

  • max time kernel
    76s
  • max time network
    79s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/05/2023, 02:00

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://billsingtell.duckdns.org/from/5a069a3b14bdbc4e5249b8af01e08a0f/

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://billsingtell.duckdns.org/from/5a069a3b14bdbc4e5249b8af01e08a0f/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3012
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3012 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1556
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1716
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1012
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1012.0.875692921\2139030040" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cf9c037-42fd-4070-9972-e6ad7c6b031c} 1012 "\\.\pipe\gecko-crash-server-pipe.1012" 1916 1b5fc316558 gpu
        3⤵
          PID:4292
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1012.1.1292170983\483853751" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50abdba1-5213-4827-8c9d-4a3d007d827c} 1012 "\\.\pipe\gecko-crash-server-pipe.1012" 2316 1b5ee472b58 socket
          3⤵
            PID:3980
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1012.2.2110931829\1635014036" -childID 1 -isForBrowser -prefsHandle 3232 -prefMapHandle 3228 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b18c7a7b-2ddc-485e-9083-157ed2e36361} 1012 "\\.\pipe\gecko-crash-server-pipe.1012" 3220 1b5fb28c658 tab
            3⤵
              PID:976
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1012.3.1042772772\1082254420" -childID 2 -isForBrowser -prefsHandle 3420 -prefMapHandle 1288 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {273625d9-aebe-4b75-9b61-cd287ae8db6a} 1012 "\\.\pipe\gecko-crash-server-pipe.1012" 2456 1b5ee467b58 tab
              3⤵
                PID:4524
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1012.4.1411338851\364059712" -childID 3 -isForBrowser -prefsHandle 4156 -prefMapHandle 4152 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e630d204-4d63-4b42-ac32-9c8e6848e5bc} 1012 "\\.\pipe\gecko-crash-server-pipe.1012" 4164 1b5ee45ca58 tab
                3⤵
                  PID:4808
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1012.6.1036524411\1462748689" -childID 5 -isForBrowser -prefsHandle 4920 -prefMapHandle 1660 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37a4650f-efd4-47c2-a406-dafbccd187ff} 1012 "\\.\pipe\gecko-crash-server-pipe.1012" 5080 1b6018b8158 tab
                  3⤵
                    PID:4380
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1012.7.1774638586\406718360" -childID 6 -isForBrowser -prefsHandle 5288 -prefMapHandle 5292 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {646a2bb2-71ed-4071-a104-5a1f2978c53d} 1012 "\\.\pipe\gecko-crash-server-pipe.1012" 5280 1b6018b8a58 tab
                    3⤵
                      PID:1104
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1012.5.1068648499\431764026" -childID 4 -isForBrowser -prefsHandle 5052 -prefMapHandle 5048 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c396fba-6e4a-4fde-baf7-add23098f623} 1012 "\\.\pipe\gecko-crash-server-pipe.1012" 5060 1b5ee42d858 tab
                      3⤵
                        PID:3032
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1012.8.1702488390\1959992291" -childID 7 -isForBrowser -prefsHandle 5736 -prefMapHandle 5732 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {983a927e-1cc2-4917-9561-05b3aefd76d7} 1012 "\\.\pipe\gecko-crash-server-pipe.1012" 5744 1b60309d158 tab
                        3⤵
                          PID:392

                    Network

                          MITRE ATT&CK Enterprise v6

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver5DC0.tmp
                            Filesize

                            15KB

                            MD5

                            1a545d0052b581fbb2ab4c52133846bc

                            SHA1

                            62f3266a9b9925cd6d98658b92adec673cbe3dd3

                            SHA256

                            557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

                            SHA512

                            bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\suggestions[1].en-US
                            Filesize

                            17KB

                            MD5

                            5a34cb996293fde2cb7a4ac89587393a

                            SHA1

                            3c96c993500690d1a77873cd62bc639b3a10653f

                            SHA256

                            c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                            SHA512

                            e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp
                            Filesize

                            149KB

                            MD5

                            bf4db1678477cab8ac55046a6faa757b

                            SHA1

                            1ef3b27a3c8b1f5bbccccaf820759ddc9d5f3263

                            SHA256

                            e3d472341e568fbad9e72f49212316b5a8a2a8dcb793e12cdf129f1a62835b79

                            SHA512

                            db33773ff4a84f8efc42824c6d254e539126eb04e1fe11b4af593116b678febb052402f26bfc034f3aaa934b5454c6567dbfda06d0317eb8aef204ff23849cda

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                            Filesize

                            6KB

                            MD5

                            52ceb40af859036c61fd183eba33c31d

                            SHA1

                            bbb7c894b169ca355cfdbc046e46d9f45031e030

                            SHA256

                            df77d06f586843660a4b4344c60c7f2279078b3d3967cccc405970af9b15fc4b

                            SHA512

                            3a1443e60a303315886ea48208fafdaedabbada3b1349e649d9dda6f686eb3e20b759407e43ad07dea43767463456c9ff16e55d7cf7288883a3dbd4b42413267

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                            Filesize

                            6KB

                            MD5

                            fb2778215015454d95702b01de1ad616

                            SHA1

                            6d4f3ab3965bc6bfee9fb442358e024bdd361863

                            SHA256

                            9cbe129e3a849d1ef29718441b12ad40d44d1c8828947b661083191c038229ba

                            SHA512

                            09ee5003c34f1afc25a26c9e7e4f4b4910ff4fabc58130dd667d7956a60b2b36fe5823fa09683808f749bec9ae45e29749a91ac058b44c310e114dc1be0017ad

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js
                            Filesize

                            6KB

                            MD5

                            108b97b1ff7efbdb1aecce96d55ff2e5

                            SHA1

                            bb72b2e0c3d859fe5e821632307a32df331b55e1

                            SHA256

                            c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e

                            SHA512

                            e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            1KB

                            MD5

                            c4eca1b3cb56b1129e972df50823f1ee

                            SHA1

                            fc5e59f15973a40e5890f61df2630b1a7fddec08

                            SHA256

                            6933369424b8c75f7c402ff11c94fdacdcbb64b88bf73c060d5519d42343caa7

                            SHA512

                            60e9b41a4d0b375bab87f560e7c321fb3c78f33a3698eaaafc3503caffc09c71241af52605d3a9d8372827ac28f7c65e02ec09a6184c51fd9c8cf7b76712819c

                            Download Submit