Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://swcloud.pro

windows10-2004-x64

1

Analysis

  • max time kernel
    200s
  • max time network
    209s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/06/2023, 12:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://swcloud.pro

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 53 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://swcloud.pro
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1280
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1280 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1984
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4104
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:528
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="528.0.89795165\1157890216" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1816 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {25e9422e-f96c-4956-8270-dad06a2cc09b} 528 "\\.\pipe\gecko-crash-server-pipe.528" 1952 1a535716558 gpu
        3⤵
          PID:3908
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="528.1.1350963465\1880659570" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f32905e-5090-435d-9918-387d44f1e71b} 528 "\\.\pipe\gecko-crash-server-pipe.528" 2332 1a527771958 socket
          3⤵
          • Checks processor information in registry
          PID:3732
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="528.2.1133453007\662467392" -childID 1 -isForBrowser -prefsHandle 3044 -prefMapHandle 3040 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {68952a4b-2a93-4921-ba44-db0e3d16d342} 528 "\\.\pipe\gecko-crash-server-pipe.528" 3056 1a53850a258 tab
          3⤵
            PID:1272
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="528.3.968144993\450162385" -childID 2 -isForBrowser -prefsHandle 2476 -prefMapHandle 2364 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc7601e2-d48e-41f5-8f69-c5f4347784eb} 528 "\\.\pipe\gecko-crash-server-pipe.528" 3388 1a527768758 tab
            3⤵
              PID:3140
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="528.4.1855836417\604023297" -childID 3 -isForBrowser -prefsHandle 4132 -prefMapHandle 4128 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c1afe92-398e-426a-ba7c-df104b8496b5} 528 "\\.\pipe\gecko-crash-server-pipe.528" 4144 1a527761358 tab
              3⤵
                PID:3340
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="528.6.1438404806\822308539" -childID 5 -isForBrowser -prefsHandle 1648 -prefMapHandle 4308 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8ef8b65-9271-47d4-94eb-8616009d2578} 528 "\\.\pipe\gecko-crash-server-pipe.528" 4872 1a53a068158 tab
                3⤵
                  PID:2936
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="528.7.137530906\1537885252" -childID 6 -isForBrowser -prefsHandle 2780 -prefMapHandle 2776 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78d62f18-f409-4602-b0d4-56c9cbef3d13} 528 "\\.\pipe\gecko-crash-server-pipe.528" 5192 1a53a7b0358 tab
                  3⤵
                    PID:4920
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="528.5.1555487597\820238409" -childID 4 -isForBrowser -prefsHandle 4944 -prefMapHandle 4796 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {850ee80c-8600-4cbb-bd09-31a453c927cd} 528 "\\.\pipe\gecko-crash-server-pipe.528" 4936 1a536c5ff58 tab
                    3⤵
                      PID:1980
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="528.8.72137670\1989339333" -childID 7 -isForBrowser -prefsHandle 5808 -prefMapHandle 5820 -prefsLen 26832 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e69f4174-0bb3-4cd4-9ab7-c5face9c413a} 528 "\\.\pipe\gecko-crash-server-pipe.528" 5816 1a535753358 tab
                      3⤵
                        PID:4152
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="528.9.1988748612\265059919" -childID 8 -isForBrowser -prefsHandle 4824 -prefMapHandle 3024 -prefsLen 26849 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1ea0534-d23e-400d-a238-67a29df7ce1d} 528 "\\.\pipe\gecko-crash-server-pipe.528" 4396 1a538509c58 tab
                        3⤵
                          PID:448
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="528.10.730054048\1906828841" -childID 9 -isForBrowser -prefsHandle 3396 -prefMapHandle 5976 -prefsLen 26849 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5526a57c-6af4-48f7-a933-104181cf1467} 528 "\\.\pipe\gecko-crash-server-pipe.528" 5844 1a5386d3a58 tab
                          3⤵
                            PID:4468
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="528.11.711542336\370195860" -childID 10 -isForBrowser -prefsHandle 1204 -prefMapHandle 3364 -prefsLen 26849 -prefMapSize 232675 -jsInitHandle 1480 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c55f58c5-1d8a-486c-a30d-19698a9991aa} 528 "\\.\pipe\gecko-crash-server-pipe.528" 3612 1a536d27258 tab
                            3⤵
                              PID:3676

                        Network

                        MITRE ATT&CK Enterprise v6

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9afmek3\imagestore.dat
                          Filesize

                          13KB

                          MD5

                          17748a07917f65375618fc4985eb2aef

                          SHA1

                          ddc42805f92c5be01d0b966517384c35c125ac61

                          SHA256

                          075dc76577e7889d565a78a7d00ab1bffa45c43e64ecd1f68d4945f22a0f3a50

                          SHA512

                          30c0fe3f0b3fbceb271cc3c7349a3d03a15955b88b4283c2bd87e46a59f2ec67775be0b2db58fcff578f0275ae149993c3efb3c319d8b7907260a567e09056ff

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\VHR31625.htm
                          Filesize

                          895B

                          MD5

                          ba95522328107a2a987edef4382a00e2

                          SHA1

                          f323692d860280b90886d64ec19d8434dbdab8ee

                          SHA256

                          e9b599f2fa8872767f4ffe1cd2ccf53b6674d69679a9bf58eac7784ffb2be3a8

                          SHA512

                          6842eef18cc49f54ec9e4a1910290b174f4cfcc2f225f9f852b9a63da0077b0bba8b597e55d141a108e4f13a818bcb0b9ae930ca9b3aa4f0458af2862f87ef42

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\style[1].css
                          Filesize

                          234B

                          MD5

                          bb93e7dfd88dfc773d8a9f362915d145

                          SHA1

                          1e926f4bd021fc0ab62650ab6fa1491c45e55f89

                          SHA256

                          9994e16e6b1b43748c9deb10694bdfd9017220d5363a519f47fbb5bb27c015a0

                          SHA512

                          148efadbc2a48b73dfc23692c02abd4b22adb1483563bba7926b5422cc6910027ea7411d90d79c9c5cab21ad770f780b9c37f3efcf6dc008dd8d92f3bf2f8e16

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\beacon.min[1].js
                          Filesize

                          19KB

                          MD5

                          d294b48fb7400508953205265f95d2e1

                          SHA1

                          fd545d38241c9c56e81f61e45cd239976ecd0b46

                          SHA256

                          13a548e040a1ec08f77911fed1d559b95e5daae0ee227e632140e003c7268e7b

                          SHA512

                          8c6093a43a410180c6358479ced2ade0140f19e7f53f482237a6465548bcdf990517cf053a69a7f2305058d82b35df20fd8bb8db535d81687042868e3c57e50f

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKFP9JBL\pricing-table[1].js
                          Filesize

                          9KB

                          MD5

                          2d711fc0a7bd67bc969943e8e20b4d95

                          SHA1

                          698d3ecdcb4d6199f6f3ad229cc48c0cec34afb7

                          SHA256

                          852066587847b151f478d6f5d75af5eb6667e7381a3bf3a4f2e21da4e1d0c40c

                          SHA512

                          b201009e5b7f1a512545e1c11c754d2053160e4930852782e1a6eab6f89aff72463ced623e9e03233201c2f0e2d098b3ce8c6036c894cba136e02f663513a09e

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\plexseerr[1].png
                          Filesize

                          13KB

                          MD5

                          13eb682b64192508ea1cee2f316fffcc

                          SHA1

                          c4703a57f7499e79ef2b6ea93a3f9dea611785d2

                          SHA256

                          508f47be99f1e3329e9aad683dcc1ede3260a7071268a399817cbc3b9eb35884

                          SHA512

                          884c3019285d5cd2d89354aed7582c7f8b754741623a1ecbeddf4164b354e761f89ec8464a134a43bda0e0087df9c5ef5ad136993fd96dd9b4238402d37bf0c7

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\suggestions[1].en-US
                          Filesize

                          17KB

                          MD5

                          5a34cb996293fde2cb7a4ac89587393a

                          SHA1

                          3c96c993500690d1a77873cd62bc639b3a10653f

                          SHA256

                          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                          SHA512

                          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          134KB

                          MD5

                          8f905929c3cf08ccc85fd8932ce14ff8

                          SHA1

                          a24d89c560aecf5f3a9ccc202a838b15ae6fb8ef

                          SHA256

                          86939ba2823b4ab0ba8fc26d20dec6d3d116c66e98af8538a9d4fb1831e513f8

                          SHA512

                          7902ee85ef906cfd9418305639f8e114c2b64f5dc1ab26cd230b1469eb687f0d580feae6de5a4b82813882719df6d430c7160a5c9dcfb773e35a83f88bd4330e

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\~DFB90905325E08B74B.TMP
                          Filesize

                          16KB

                          MD5

                          40ef307626fbd0c44eee39f7bb7dc78c

                          SHA1

                          6f5a7630c0978d864dd4aeb9333601aa837a5d47

                          SHA256

                          b2499874fa510fd41c853af530361d7a2cc78adde0e56f29e89c813624d51996

                          SHA512

                          867079479a8215627fca67b22b62bb3e863ec1dc903aaeca6c280b72e978127bdba6efb9de8f613aef60bc209291b2cc982f3346bede330fa1d72bebf37fd91f

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          753d108a1bee525717923a5bb3ac4307

                          SHA1

                          d3a889667039131fe5dd1a35381b14576ffeb513

                          SHA256

                          fcebce56fa8541f8014eb927d4de58e196f2f12cdb699cc6c1768e5a613dba88

                          SHA512

                          3b50fc26e9572f97342be4152a8839803225dfd618881edd6821f103938b708b6804f3646849829542727ec1e7135e9a9383d2a7b3f1dd97e29a3eadea13ec26

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          e2dae4f8addfa196867f45e608b4adbd

                          SHA1

                          ed68017400d2a272d915a1a700e7bd5f8f83a328

                          SHA256

                          3a84cc8f786d158870d3c7c4e5b20d03d8fb682d7fd9806fc5c6af17b57675bb

                          SHA512

                          be53039c595a0c3c2d11f41897391182f40a4bb4c41eb7ee7b1a1a71bd390211fa3f8d73772934114ab53393fad6a9451e20818c0349911d55e0107ec193821f

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                          Filesize

                          7KB

                          MD5

                          ee968bb2ee1bca066d9fe43c5fceb2d5

                          SHA1

                          d75c09c48c7e8152adc15f807d3e3a57c28c5d63

                          SHA256

                          75d45faeb7093aa8b75e47735ff49c222d8dfbdb5a0aaecdc6669153273de443

                          SHA512

                          1d35c4a8c97afe31db064adff50691865ef7291a53931b820423d2235fd717ef296a3f2f80ae840c0cb61550be74564136a1d5c5b3474e8db67c4f364b2b1c13

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js
                          Filesize

                          6KB

                          MD5

                          108b97b1ff7efbdb1aecce96d55ff2e5

                          SHA1

                          bb72b2e0c3d859fe5e821632307a32df331b55e1

                          SHA256

                          c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e

                          SHA512

                          e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          3KB

                          MD5

                          5a566641a774594b9371bf929affc117

                          SHA1

                          9d4f7700c70877ad35459d05c323f88c67794b83

                          SHA256

                          84df675c345b39c1d3b0e8d4f8184c4e599a2b9807b33ab611ff31620b1c7ee9

                          SHA512

                          d0425932c82faf5f3ba40a7186c706d0f98f9a457de6db9d7a0c05ac06ffee7d361b90d69077cf9c56a39ad25cc49c2ec0d3a72943722bf3dc87e21ecfb0537f

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          19KB

                          MD5

                          058f961313318d0e161b8b553b909892

                          SHA1

                          269e7692bbb440aec2a21027fc8c5e3f44869357

                          SHA256

                          1214c3bddec4138184546732da889a1a0c43244608595a479d0ca32b47f5d61e

                          SHA512

                          cbb138407eeaa0bcd1d4c3243f450f283e2464b56eef2c1a30d74f78759669deb8740ea35b8eb147315fc35a29bc639c449bbc1aafbcd6927cac25919a92d9c9

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore.jsonlz4
                          Filesize

                          19KB

                          MD5

                          46fab2241c7178c9c7a9ef7c3d067297

                          SHA1

                          ef2dcf04b4da921c7ea5a524dda61d987587e4f6

                          SHA256

                          d4e6e32397f24835f102c209f15836302e1d29f54bafb35b8294f1271dd09612

                          SHA512

                          2c6d6eb04085188d5ec6faf42293f4da5300c67b50da2128453b416089fbf291916a7220c8be644c722a498f2f723c4cffc147d22e0d0e92d81a6ecfcc0d33ff

                          Download Submit