Overview

overview

4

Static

static

1

URLScan

urlscan

1

https://i.e-z.host/j...

windows10-2004-x64

4

Analysis

  • max time kernel
    199s
  • max time network
    203s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-06-2023 18:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://i.e-z.host/jumgb43w.mp4

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 1 IoCs
  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 54 IoCs
    adwarespyware
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 15 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 30 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://i.e-z.host/jumgb43w.mp4
    1⤵
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1280
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1280 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1380
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1280 CREDAT:82952 /prefetch:2
      2⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Modifies Internet Explorer settings
      PID:5068
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x300 0x420
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4428
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4016

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    0a18c4e5d48519f11d47e21d48beb4c1

    SHA1

    ef72edf3da93c8438e33829542296d86b9608d48

    SHA256

    572990d6df4be97a68222158083b64bc4391b26347069435b00407b3fd1d0e0e

    SHA512

    d6b78a5a080d0339a58a490122c80165dd3cce9ef1aad17e6363814859116c91a05142a5b8a7de4cbae658c9cc754dbbc1c99f96f139a17303db3f749ab6b7d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    ecb87f518a91e18589949be5d89b7d06

    SHA1

    44c88ce12b8dbcf4f10aeb2332957842ae56016c

    SHA256

    b32812a554c68d52158f963ca1fc5d654c3383595d5eba25d1c313b841b974b9

    SHA512

    af8a12237e6d3f19d67dc0fa3796f2031b5fd7c73ae908bfe6185dddf555d1eebb3b91d06f94bc2c720c9cf27df6d5487c544b8dffc0a7cf2877ff0e094fed32

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\F12\network\settings.json
    Filesize

    3B

    MD5

    ecaa88f7fa0bf610a5a26cf545dcd3aa

    SHA1

    57218c316b6921e2cd61027a2387edc31a2d9471

    SHA256

    f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5

    SHA512

    37c783b80b1d458b89e712c2dfe2777050eff0aefc9f6d8beedee77807d9aeb2e27d14815cf4f0229b1d36c186bb5f2b5ef55e632b108cc41e9fb964c39b42a5

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\controls[2]
    Filesize

    22KB

    MD5

    cf6ae18a4a5a48e497570557391d7920

    SHA1

    ad9ce2ad74fd0bcd5fa998cff895168ada13a1cc

    SHA256

    993700d10307ac3485ea71e01c49dd2abae6360a5f1406e03e91c7a6532fc591

    SHA512

    43e9e37f8de63d2131e3159471a8a7765a08a4efbbd1505a1fb1dce4a85ca2e7e1391a241b2e01509f69b5ffb183ab488d20341a5baace00cfd8d753d3955e8f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\plugin[1]
    Filesize

    411B

    MD5

    6f65b6608be4e65166d660fdc450fa60

    SHA1

    91862bd34ab08e3511b7b7f1e71baefd57c33016

    SHA256

    7c56cbab79bd396e31a1f2a0891e23aa7d49e7a87c3bfd6d7ca445a095d73b9d

    SHA512

    38fcbb1e3f5ac1fc959d7509b6b1930d6ee5e3284815ca13c2976501ca8f00fa0b5661d9ebb76e5800ca126b3d0564626015e45e7beb401ba42c99f4d6230e2e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\CommonMerged[1]
    Filesize

    572KB

    MD5

    9ef197a076681c3d4c5e7a1e07cf15f5

    SHA1

    350d4ad02899f3838e4ce3bca3a13deb496c5509

    SHA256

    a24521823149886e4ebb47b4c8bdb7859985683ec302aaf941872b8d2852bebb

    SHA512

    6ca063a22f226421c8c901e659a38180f5198a12af7a8d380d74de1e2fcfb5bfb892cda88770729a2367f2b23e5a1bfc34cede0fade20c4dc13e0391fbd41cc3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\jquery-3.6.0.min[1].js
    Filesize

    87KB

    MD5

    8fb8fee4fcc3cc86ff6c724154c49c42

    SHA1

    b82d238d4e31fdf618bae8ac11a6c812c03dd0d4

    SHA256

    ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

    SHA512

    f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\jquery-3.6.0.min[1].js
    Filesize

    87KB

    MD5

    8fb8fee4fcc3cc86ff6c724154c49c42

    SHA1

    b82d238d4e31fdf618bae8ac11a6c812c03dd0d4

    SHA256

    ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

    SHA512

    f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKFP9JBL\jumgb43w[1].htm
    Filesize

    3KB

    MD5

    7ad9d28efea9d74c0460faa4e77e4157

    SHA1

    f57baaa5883333d7c265e65ffc46f2448b1d9e3b

    SHA256

    d9b8a111647870be4e845b2094a543ed9e57e9791448fe55ecd2e8b11aa8bb4c

    SHA512

    0f58cc49ad403196f9b6b37dea2780f5786f75cf5ea6d61875a8f36077a6c5574c023e673e68a3b749f6a00e6c758f9f668e8ed5b5707ab887fe849490f6d547

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKFP9JBL\main[1].css
    Filesize

    17KB

    MD5

    ff2224a58be45a4f4ba31ed83bd02b3f

    SHA1

    88aad7328c06d4d12fa4725e63a8404aad1ae3a7

    SHA256

    8b47aa3911e2f7e8d4750af5d42469c3a494f422da7901e52d123ba9f891eaad

    SHA512

    b2f3d2de3b328b619b5132675faa102128d085cdabb314328532d6a6f6571e1acfc65f4dba6b7a95b27334c14532a7c967d091a0c11a6c6e59377f0d0878edd0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKFP9JBL\main[1].css
    Filesize

    17KB

    MD5

    ff2224a58be45a4f4ba31ed83bd02b3f

    SHA1

    88aad7328c06d4d12fa4725e63a8404aad1ae3a7

    SHA256

    8b47aa3911e2f7e8d4750af5d42469c3a494f422da7901e52d123ba9f891eaad

    SHA512

    b2f3d2de3b328b619b5132675faa102128d085cdabb314328532d6a6f6571e1acfc65f4dba6b7a95b27334c14532a7c967d091a0c11a6c6e59377f0d0878edd0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKFP9JBL\plugin.f12[1]
    Filesize

    160KB

    MD5

    fdf4a73ffdab93e3a0422b9d2e252ca9

    SHA1

    c969911ecf2414e17fc16c1a15512bab79842d23

    SHA256

    26c3f906421451fb7a86d275288c9ea0bd6810959812edb6564e0c23f76702e0

    SHA512

    569c53094876dd65556a824416bfd0016764205ebf6e61c87529445d4c619860a086895a92f735089da501b96e5fb3361279f9731f5d46c56695133bf8318b6a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\isDebugBuild[1]
    Filesize

    87B

    MD5

    70f25a5edce5e20d870ff1c98a5ec5f5

    SHA1

    5fe33de0c8cb6d65f794c4dff0bfd5bdb15a7073

    SHA256

    ae2cfc14f884e61f693b00ad0945f372face67b1fc49c6479502cefba3b82e9e

    SHA512

    e4db4b122bc436edaa2dc810dbe1b0d61a5115e01a05b8e4f0874e639781b517b70ba5a80e1df7176aa612917c05ea10c06fc8114a8caeb00b38b7b01f8dc34e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit