Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://ox-literie.c...

windows10-2004-x64

1

Analysis

  • max time kernel
    59s
  • max time network
    63s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2023 15:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://ox-literie.com/sl/?055677

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://ox-literie.com/sl/?055677
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1244
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1244 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4824
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1864
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1080
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1080.0.724317336\660519367" -parentBuildID 20221007134813 -prefsHandle 1844 -prefMapHandle 1800 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d7f6388-e756-4184-aaff-6235ba213c83} 1080 "\\.\pipe\gecko-crash-server-pipe.1080" 1924 1edb58e7e58 gpu
        3⤵
          PID:1016
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1080.1.1169699136\1470363881" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13423470-3eef-471c-b3c2-c65d5cb18e23} 1080 "\\.\pipe\gecko-crash-server-pipe.1080" 2316 1eda8975858 socket
          3⤵
            PID:2256
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1080.2.1573633345\651545474" -childID 1 -isForBrowser -prefsHandle 3200 -prefMapHandle 3196 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a59c02d9-c826-46e5-b977-58b0dffe8b2f} 1080 "\\.\pipe\gecko-crash-server-pipe.1080" 3208 1edb96e0958 tab
            3⤵
              PID:884
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1080.3.1918803331\1213435085" -childID 2 -isForBrowser -prefsHandle 2472 -prefMapHandle 2468 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a2773dc-fff3-4df1-b075-80c8185e7d29} 1080 "\\.\pipe\gecko-crash-server-pipe.1080" 2916 1eda8974c58 tab
              3⤵
                PID:3696
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1080.4.23616354\408839244" -childID 3 -isForBrowser -prefsHandle 4196 -prefMapHandle 4192 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6cbaef5-859c-422d-8a98-bccba5386a9d} 1080 "\\.\pipe\gecko-crash-server-pipe.1080" 4208 1eda895e258 tab
                3⤵
                  PID:1936
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1080.5.75197667\1124489927" -childID 4 -isForBrowser -prefsHandle 4968 -prefMapHandle 5084 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe40f2cd-d813-44c6-87f6-04dfa186d411} 1080 "\\.\pipe\gecko-crash-server-pipe.1080" 4944 1edbbfbe158 tab
                  3⤵
                    PID:4468
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1080.6.1861017386\1720209105" -childID 5 -isForBrowser -prefsHandle 4912 -prefMapHandle 2836 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bb0224a-e9d2-4d2d-9466-7d752932575d} 1080 "\\.\pipe\gecko-crash-server-pipe.1080" 4764 1edbbfc0858 tab
                    3⤵
                      PID:4492
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1080.7.1813050335\387110614" -childID 6 -isForBrowser -prefsHandle 5384 -prefMapHandle 5380 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af8b4e9e-c408-40c1-9858-4e6660a69449} 1080 "\\.\pipe\gecko-crash-server-pipe.1080" 5392 1edbc1cbb58 tab
                      3⤵
                        PID:3780

                  Network

                  MITRE ATT&CK Enterprise v6

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                    Filesize

                    471B

                    MD5

                    94efe971fd70d9d426978045456a879d

                    SHA1

                    97f170ffda6afd79be0795ffcc37c7efd82ee801

                    SHA256

                    fcfaf64c502c0feb0175aa72247927eeecd556004302a20e09f6fdaa644504e6

                    SHA512

                    baf5e9e1e9bbbaef3cd6365ec2b1c71314c14d0acd5837c1975e71a374b9fe724035929b47fe5bf5aef5845ef6eb17b178f20460b115419094733dfc8a27799c

                    Download Submit

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                    Filesize

                    404B

                    MD5

                    e8533fa4af3a8abc93e8bd19f19c2fd6

                    SHA1

                    d3c0dc2ccfd61f129d634436112a87be3c5079b0

                    SHA256

                    00ed124104d79993db094c555596a51be0dc5fb5485f889ecd0bd11529ac5b64

                    SHA512

                    e12a2d8cc7a7d214f0a31c793deb071c920f923648e884af7e7a256509dc25df1b053470bb9c6c6f9cb23840eba513c7ae3dfb1bc195ad2b84ad9c16847bf278

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\95fmw5u\imagestore.dat
                    Filesize

                    4KB

                    MD5

                    9aa0455dd898c40bee5ccc91d4da2c31

                    SHA1

                    719f18908193f5692dc645c796b59fdc8fc8e6e7

                    SHA256

                    1b574e53ecc333a2396957794516716482c69865b2f294c4214e0ad902725b7d

                    SHA512

                    8294bcdcee09f3a4823400d29109e2259ee3d3c3bfc5d014da545cdb034f3d7cfc909be67676a54b1efab8af604783b35b2857206b682459995cfbb7b779b621

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P8NMKCW2\w-logo-blue-white-bg[1].png
                    Filesize

                    4KB

                    MD5

                    000bf649cc8f6bf27cfb04d1bcdcd3c7

                    SHA1

                    d73d2f6d74ec6cdcbae07955592962e77d8ae814

                    SHA256

                    6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0

                    SHA512

                    73d2ea5ffc572c1ae73f37f8f0ff25e945afee8e077b6ee42ce969e575cdc2d8444f90848ea1cb4d1c9ee4bd725aee2b4576afc25f17d7295a90e1cbfe6edfd5

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    fec0ab84056ae45bc13d79f366da03e1

                    SHA1

                    2e492eba1dd322605494092cebfd9b1499672754

                    SHA256

                    6d5fe8aab800c4f9f8cb1577f032b92d0e043b236623954c40f412a17882fb35

                    SHA512

                    34c83071ec7e1054063228df669ba2640f7d078ce366f49a862cdb1c4dc4c75c329e9708da2593de2d146e658da6da6672fe50f48ba87275b09feacc28ec9238

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    2ca68eec3c1fdbaa1ae996ee759fc3c8

                    SHA1

                    54363409a7393613ff528d0488d1cc16796ef2d8

                    SHA256

                    4fe10ac0c622a99629804d64c89b59339a12a63ffb0b56132bfe39ec9b25aa1a

                    SHA512

                    e2fdc625ee7d3e54c1cca72810eccccc3f493253319dad56693d77904692830302564897d7d9c33b876f645bfcd1a5498be9be81bb18932e3333d00ca3408c12

                    Download Submit