Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://ohepuethiolai...

windows10-2004-x64

1

Analysis

  • max time kernel
    42s
  • max time network
    45s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/05/2023, 17:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://ohepuethiolais.gives

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://ohepuethiolais.gives
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3980
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3980 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3412
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:212
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2648
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2648.0.2051999574\1584059506" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {841a6508-5c15-4c39-b729-bb74b0ee6341} 2648 "\\.\pipe\gecko-crash-server-pipe.2648" 1932 1fcdb416b58 gpu
        3⤵
          PID:1676
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2648.1.255411770\199101060" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {601efb7c-53a4-4798-9e66-55f28b05d3a3} 2648 "\\.\pipe\gecko-crash-server-pipe.2648" 2332 1fccd472b58 socket
          3⤵
          • Checks processor information in registry
          PID:2064
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2648.2.143375042\297517945" -childID 1 -isForBrowser -prefsHandle 3268 -prefMapHandle 3264 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cabcd50f-86ab-430c-bd03-f9ac4e26b9be} 2648 "\\.\pipe\gecko-crash-server-pipe.2648" 3276 1fcde140358 tab
          3⤵
            PID:4288
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2648.3.1403720302\572359556" -childID 2 -isForBrowser -prefsHandle 2364 -prefMapHandle 1456 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f310af5e-86e4-4d29-a5ee-11f670062033} 2648 "\\.\pipe\gecko-crash-server-pipe.2648" 1444 1fccd46a558 tab
            3⤵
              PID:2592
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2648.4.1371317768\419843992" -childID 3 -isForBrowser -prefsHandle 4132 -prefMapHandle 4128 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8359df1-ce8c-4a52-9866-5e5e944cc492} 2648 "\\.\pipe\gecko-crash-server-pipe.2648" 4144 1fcdcff6c58 tab
              3⤵
                PID:4336
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2648.5.302380876\1027391956" -childID 4 -isForBrowser -prefsHandle 5048 -prefMapHandle 4944 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27234ac3-44db-4740-a27b-378650c8f39a} 2648 "\\.\pipe\gecko-crash-server-pipe.2648" 5056 1fce07f7f58 tab
                3⤵
                  PID:1816
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2648.7.1232894244\1994388800" -childID 6 -isForBrowser -prefsHandle 5372 -prefMapHandle 5376 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b6f3cd0-65d3-4c9c-9767-c7593a73a844} 2648 "\\.\pipe\gecko-crash-server-pipe.2648" 5364 1fce07f8258 tab
                  3⤵
                    PID:2948
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2648.6.993384849\298788476" -childID 5 -isForBrowser -prefsHandle 5184 -prefMapHandle 5188 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d054734-3c0f-495a-af23-41fc876c8668} 2648 "\\.\pipe\gecko-crash-server-pipe.2648" 5176 1fce07f7358 tab
                    3⤵
                      PID:2388
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2648.8.1553492915\340585784" -childID 7 -isForBrowser -prefsHandle 5840 -prefMapHandle 5744 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5740bf47-ed44-4bc1-a1e8-7e72b6b6bc5b} 2648 "\\.\pipe\gecko-crash-server-pipe.2648" 5828 1fce2433358 tab
                      3⤵
                        PID:1968

                  Network

                  MITRE ATT&CK Enterprise v6

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                    Filesize

                    471B

                    MD5

                    080320bb3fe7e7f860019942e6f77f9c

                    SHA1

                    2d6f3813b1ed7972c01df6330eb3b0c30339eda9

                    SHA256

                    9eb11d5a62c35054e50d193211638a08c9b94d5b360f943df4124e28ab793a6f

                    SHA512

                    9def7fa57fc58af72dc374f0ca010107585a355ffcb3c1d3b99064a455acf3fe8ed7d42052234fe2d042b5ccda8af4ba16a8b2dd882b01f0be7edb8cf7aa8944

                    Download Submit

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                    Filesize

                    404B

                    MD5

                    c863e326a0d88de1a1169522fe518dce

                    SHA1

                    ffe5d1070598f630bfcc260b05801ffb3b5c30b2

                    SHA256

                    6addc4e435fcb58f227311316de246c64035cc932285a5fcc7ec2034a3a3c041

                    SHA512

                    2ba16edb95691092f33e11d2768ea3f7fd82815c4a226dd92e2f2e0c26a48def1b0b1639843bd248420139a257f69cae4493b6afbcf1bb8cf9e96c557124bd44

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    144KB

                    MD5

                    89afcc1a770a268ce14443051fafb28d

                    SHA1

                    e4a7ca370decf6a6ffae90af2b7c009b2dcb2ee4

                    SHA256

                    d52e55381d2841f349dff297344c251840dbbf392fd51e2b5c13e4074a41e0ba

                    SHA512

                    ab25a5eddfe4cb8ccb06bf1fe3329c60627018af5339b15b0ce7df3e6992971fb5f884d25254fcb3896d1a9dfd2b19a5174670fe28c95923e19dd6815fc48436

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    def55c6033e73708927c4e56fd7819d9

                    SHA1

                    4a59cf2bfb5bcc9b6ad28a5f3d0fc8aedab7bea1

                    SHA256

                    769538614c9fa1f0fb372ff47851f6b229177c02a9627bafed94af5d30539ebd

                    SHA512

                    cc972138a758a3f0101a7cde23230bf0126e0c3c8a6e41abcd938a9009d38fac21b65d8098e51e39476ba929a8f0d48bfa8df04067c9b7587047bc12bc807056

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    4b4efa54aecce197bfcfed74a6411f70

                    SHA1

                    ff6889d4dd61ce0ad8bf27386dcfebae6bf2e3b1

                    SHA256

                    327309e18293328931f07f9a3fbdb9cac90f88522427a6584cdb0904680ff275

                    SHA512

                    779c90019d267c1c6dd3642a712f89c4cb7d85213ce0f3760624b506b5cd182466b34d1458e5a7df8f8d9308dc8a38d78da2c743b74793167035bb18177ccf4e

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    108b97b1ff7efbdb1aecce96d55ff2e5

                    SHA1

                    bb72b2e0c3d859fe5e821632307a32df331b55e1

                    SHA256

                    c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e

                    SHA512

                    e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionCheckpoints.json.tmp
                    Filesize

                    212B

                    MD5

                    29ce37dc02c78bbe2e5284d350fae004

                    SHA1

                    bab97d5908ea6592aef6b46cee1ded6f34693fa2

                    SHA256

                    1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693

                    SHA512

                    53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    1c3342933f50aeb977e2c475db6a0ad7

                    SHA1

                    978340023d92e7973064c016662c132f05f1a012

                    SHA256

                    16d0aa164cc72855f4c8c51ae8aa84d43860636f8993a57f645011dca9d740cd

                    SHA512

                    8ec56f5dfd781a6b17bf399415ff17da3b3ded61cf8da9e628972c849aebb20cb95decdc5eb158183cc9ce4485c048513cd39917871f8454618504a1e461e42a

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore.jsonlz4
                    Filesize

                    1KB

                    MD5

                    6a8399dfe1aa1d18f5703b6cda9a4fea

                    SHA1

                    86d654767b6218c1a74ca9c85895bd8d217c5632

                    SHA256

                    ab93a3ef96020dcdc91f6b09999631709719488f743b5874e70db468e1ed484c

                    SHA512

                    f526b026f7e1db9bd988a7128c24da93385c1e2eddb0a1c431c062697cc8bfe3f0ab103eb7957a5d88aaffab664d062bffacc786411b30f7c97cf57bf9e9d6d6

                    Download Submit