Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://ec2-34-222-22...

windows10-2004-x64

1

Analysis

  • max time kernel
    44s
  • max time network
    46s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-05-2023 11:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://ec2-34-222-222-186.us-west-2.compute.amazonaws.com/A5q8AvahVJ2YggjZWRL9IHqJj28N9fwm-CC9i5e7FZog2JHj7m1HtQvi2LTdQ1iLaUjuRopJbr3aMQG57QxSX6R2_JG_57rUn0PPAhqy4056aPojiYV4p_FSNkwVE2ClquDIlAuimE_UqBIe_o3WWdGGbDclkMPg4uD7-6ZAQYcajgmxTWBx1LyBcnGGqR0Zc3_XG1aSoqjCh3K966aFfROEgOD1-ZDBM

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://ec2-34-222-222-186.us-west-2.compute.amazonaws.com/A5q8AvahVJ2YggjZWRL9IHqJj28N9fwm-CC9i5e7FZog2JHj7m1HtQvi2LTdQ1iLaUjuRopJbr3aMQG57QxSX6R2_JG_57rUn0PPAhqy4056aPojiYV4p_FSNkwVE2ClquDIlAuimE_UqBIe_o3WWdGGbDclkMPg4uD7-6ZAQYcajgmxTWBx1LyBcnGGqR0Zc3_XG1aSoqjCh3K966aFfROEgOD1-ZDBM
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4796
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4796 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3240
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2540
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:984
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="984.0.961673439\1090194113" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f565e206-bfa4-4c17-a42d-bfb5c1a9374f} 984 "\\.\pipe\gecko-crash-server-pipe.984" 1916 1b17e7eb258 gpu
        3⤵
          PID:1488
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="984.1.1447959090\833731614" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b74bf78-8c0a-49c6-906b-91c87ce11fb6} 984 "\\.\pipe\gecko-crash-server-pipe.984" 2316 1b171772b58 socket
          3⤵
            PID:3732
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="984.2.2141301673\418763490" -childID 1 -isForBrowser -prefsHandle 1648 -prefMapHandle 2688 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41e8cc1c-4c7e-4b0e-b674-79fc18e7bf7d} 984 "\\.\pipe\gecko-crash-server-pipe.984" 3192 1b1026f6f58 tab
            3⤵
              PID:3956
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="984.3.617626696\414842983" -childID 2 -isForBrowser -prefsHandle 3480 -prefMapHandle 3484 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59287c2e-8fb6-404c-bcbe-66ce0e7a5ada} 984 "\\.\pipe\gecko-crash-server-pipe.984" 3064 1b1012b6058 tab
              3⤵
                PID:1964
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="984.4.640981722\1943588689" -childID 3 -isForBrowser -prefsHandle 4084 -prefMapHandle 4080 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0eed73e6-a98f-4b22-9c20-9b989a46d68d} 984 "\\.\pipe\gecko-crash-server-pipe.984" 4108 1b17176d058 tab
                3⤵
                  PID:1728
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="984.5.12799878\274319289" -childID 4 -isForBrowser -prefsHandle 4932 -prefMapHandle 4916 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {346ce384-dfe2-4fb7-a406-671e67651edc} 984 "\\.\pipe\gecko-crash-server-pipe.984" 4952 1b104fac758 tab
                  3⤵
                    PID:2580
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="984.6.938828104\1050594763" -childID 5 -isForBrowser -prefsHandle 5152 -prefMapHandle 5156 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6537691e-b10b-4a0d-8680-96841212dea1} 984 "\\.\pipe\gecko-crash-server-pipe.984" 5144 1b104fad058 tab
                    3⤵
                      PID:3216
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="984.7.1458560958\1133563739" -childID 6 -isForBrowser -prefsHandle 5344 -prefMapHandle 5348 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0594513d-fcd7-4a67-9202-0710651c4664} 984 "\\.\pipe\gecko-crash-server-pipe.984" 5336 1b104faee58 tab
                      3⤵
                        PID:2532
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="984.8.2143131815\242683450" -childID 7 -isForBrowser -prefsHandle 5692 -prefMapHandle 5696 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b4a7ad8-d2bb-44c5-8beb-815814eaa075} 984 "\\.\pipe\gecko-crash-server-pipe.984" 1488 1b106abdb58 tab
                        3⤵
                          PID:4732

                    Network

                    MITRE ATT&CK Matrix ATT&CK v6

                    Initial Access

                    Execution

                    Persistence

                    Privilege Escalation

                    Defense Evasion

                    Modify Registry

                    1
                    T1112

                    Credential Access

                    Discovery

                    Query Registry

                    2
                    T1012

                    System Information Discovery

                    1
                    T1082

                    Lateral Movement

                    Collection

                    Exfiltration

                    Command and Control

                    Impact

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                      Filesize

                      471B

                      MD5

                      3b2daafe6506b789e6b8b0a9c4eb42cc

                      SHA1

                      da166c0ddf9e4065561b8849c8a841148797bd46

                      SHA256

                      65c2f718c41a8b2a8bfa7709fcd48d70ec0546c7e8ff80d83076fec0d8db1943

                      SHA512

                      2398cb5a868b7fc6638531994ffb1f149db0f231e89fcdc53e4d5a0b44c81cb12aed855675893e27e3b5b48a3e2e10076d403bb697a3319af702ddff62de4173

                      Download Submit
                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                      Filesize

                      404B

                      MD5

                      1db1bb2c3b9abb9fbf0ceae46712a5e4

                      SHA1

                      eef5013409ec0dec06fc3421b9833460d41d3f13

                      SHA256

                      a341945d4e95ff5a113a5a73d9bb7c4b698cec16c892fc01b1cefa846c5e5e04

                      SHA512

                      fe7e1a593e7c6dcaf556201f690604e1bf2edefed8387d6e9ae85ca32694031dc8f03dd068e9f705c53285680469b8800a928e9400a4411095905c3a01100430

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\95fmw5u\imagestore.dat
                      Filesize

                      1KB

                      MD5

                      7981752d7aeb5ce8f46a7203d6959c28

                      SHA1

                      2a5ac35315771e2afeff8e07b3edd24364a8ef84

                      SHA256

                      5167474328b262d6142aba13c50c5478d53f211a89678fc00bf546a048fd8db8

                      SHA512

                      e0742078e6a41cf812e61e93fc75b67ecde0b14fa83a78cdec7b0d589b7aea3e9fc69b191dae5f400fe615dde6fe20e666f80a72b0366aebb7a83203441c2c62

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1B83N948\favicon[1].ico
                      Filesize

                      1KB

                      MD5

                      864fce5a44b12f4d61be5e45bb6be601

                      SHA1

                      a9351d3e5e05171d5486dc28e37c54ad231a2b95

                      SHA256

                      1822604df5e92a7992dab0359f8787b392874e39e526f6d857fb736355b2d986

                      SHA512

                      e3dc48190ef67f9ec604cee6992eb9f514775efa8d9388b8429d22fae58a19a45108740f63b3325f0146f0e872fcc5ac135761f738a30fb03a77f555087209cb

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\activity-stream.discovery_stream.json.tmp
                      Filesize

                      140KB

                      MD5

                      4c5bb17b353bec99507ad220a1c3e258

                      SHA1

                      bc79b0ae57a0c94a9ca84ea97134ce6cc344c56c

                      SHA256

                      b2cbf2171f0cb1e59f93a34f242b189c5506a7448d1a9e1efb5538a450da873f

                      SHA512

                      7e9c84cddd06ed82c5174fe738be6062c220d3cdf02ab5e87e68b45c1492a2e91b51919a54409c1ebc3f39d508607e6e43f59a37ce3212c6b6e3dde75b1c140c

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\cache2\doomed\31640
                      Filesize

                      1KB

                      MD5

                      ac890753ae884c1c65e801530037d94f

                      SHA1

                      07f297ae718b3dddc7982ce3e4a74e31099cb525

                      SHA256

                      0aee0fa34b3a3df3b8ca7a67baa1e1917e601502f32e9577e1cf90326467bf35

                      SHA512

                      974b333bcac3a80cfd5ce78a89213668c027eae9c868c43a34ee58116677618a8951bf579cdd95e84eb055450c8c0ca786327404210ae92ec462f3708c038d80

                      Download Submit
                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      bf292bac96187a34394ce3477522cb87

                      SHA1

                      983ae92892eae4dded7262d6bf2d3b0b0c14b784

                      SHA256

                      548d91efc7bac63146e49fa5d3c1182bf75bb26ecd77d39235ef5a94bdb1d880

                      SHA512

                      0bcd21cf70db2d9f1c2c8b14486497113503ac104b051d0e300887fd72cb4e6e95bf1b0cacd947f4044a9c4d6cdd4e67d31e138c42a467702b057e2b21313046

                      Download Submit
                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      564e8ae5d90bb21eb6fd4816b1b9e37f

                      SHA1

                      f3efe9a2674db2469a6178f33d8db3eeaf4b8e95

                      SHA256

                      dc3e083c62f7a85de988b1b754cdd1bec3fd0f468a613140f5575fa6bdf2da5e

                      SHA512

                      c31304176351f6aadb34bc82d3800df14f2e0263f321c6f87cdad9b13e4226c2085f58822ccdde6fad6b67a9da396bc5332ed5c74bf4390d9c33274c38bfc00f

                      Download Submit
                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs.js
                      Filesize

                      6KB

                      MD5

                      2ca68eec3c1fdbaa1ae996ee759fc3c8

                      SHA1

                      54363409a7393613ff528d0488d1cc16796ef2d8

                      SHA256

                      4fe10ac0c622a99629804d64c89b59339a12a63ffb0b56132bfe39ec9b25aa1a

                      SHA512

                      e2fdc625ee7d3e54c1cca72810eccccc3f493253319dad56693d77904692830302564897d7d9c33b876f645bfcd1a5498be9be81bb18932e3333d00ca3408c12

                      Download Submit
                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      2KB

                      MD5

                      e7e6966d4007ca2fb334079d50e13c42

                      SHA1

                      e76d7faa613a683c045b1a7642215bc9ccb86f97

                      SHA256

                      2b3e43f4cf404f104b85e3151bdd757c325fe68c3b4d7ad9f17340f0eb92df6d

                      SHA512

                      f4691473fc585fb170c768e95fb67bf7e276a0f6df59602b0a6a601a7589ffe066120e99982cc9d3e6cad5044d57aa30622c7a03ccdb2b5309990c64a09efd4c

                      Download Submit
                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      2KB

                      MD5

                      d0958209a2e81a354e4617328fd5668a

                      SHA1

                      0036aeaa6f8dc5e7eb60c4f8c62f6939a5ef613b

                      SHA256

                      4ef9de1127b2b8f99504d1050fadbf7bd0d0f60aaa4f83abad6f33c4acdfa254

                      SHA512

                      51b33a326e3839dc27ae4a5c122b2ab2eeb5a196e57c17851dbc19b27a0678b6fcfbbec36a9675e5bdedc78f54105a0e5729a9a15cc0cdfff05ff250f850ce28

                      Download Submit