Overview

overview

6

Static

static

1

URLScan

urlscan

1

http://tiny.cc/iospr...

windows10-2004-x64

6

Analysis

  • max time kernel
    80s
  • max time network
    86s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2023, 18:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://tiny.cc/iosproxy

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://tiny.cc/iosproxy
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4252
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4252 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2568
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4696
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:348
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="348.0.1088315968\176882253" -parentBuildID 20221007134813 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cca24b1-0007-4634-b1e1-0a2035c6705d} 348 "\\.\pipe\gecko-crash-server-pipe.348" 1924 242f9bd1b58 gpu
        3⤵
          PID:3724
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="348.1.324019952\1822507957" -parentBuildID 20221007134813 -prefsHandle 2312 -prefMapHandle 2308 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3f90e83-88ba-432b-bf0e-ebd0aa009ca1} 348 "\\.\pipe\gecko-crash-server-pipe.348" 2324 242ecb72b58 socket
          3⤵
            PID:4736
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="348.2.2146869439\1105477104" -childID 1 -isForBrowser -prefsHandle 3160 -prefMapHandle 2952 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4854bf5-0892-4094-8438-bf2371087f52} 348 "\\.\pipe\gecko-crash-server-pipe.348" 3156 242fd7e9258 tab
            3⤵
              PID:1608
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="348.3.443299841\1438131631" -childID 2 -isForBrowser -prefsHandle 1212 -prefMapHandle 3540 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {129ab3cd-7b61-405a-a841-5c8dc34c3afb} 348 "\\.\pipe\gecko-crash-server-pipe.348" 3444 242ecb5fe58 tab
              3⤵
                PID:1100
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="348.4.1444628667\1174075166" -childID 3 -isForBrowser -prefsHandle 3728 -prefMapHandle 3744 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9512a280-aee5-4230-a168-7786d71b694e} 348 "\\.\pipe\gecko-crash-server-pipe.348" 3780 242fd9eda58 tab
                3⤵
                  PID:2236
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="348.5.145306753\1247638912" -childID 4 -isForBrowser -prefsHandle 3004 -prefMapHandle 3132 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3df76446-6f7a-4616-91d6-66b8e176ec2c} 348 "\\.\pipe\gecko-crash-server-pipe.348" 5176 243000fa958 tab
                  3⤵
                    PID:2844
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="348.7.521180776\1276116404" -childID 6 -isForBrowser -prefsHandle 5504 -prefMapHandle 5508 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f1d2113-5cf1-4c59-a3d4-78b7701f86ef} 348 "\\.\pipe\gecko-crash-server-pipe.348" 5496 243003dc858 tab
                    3⤵
                      PID:2776
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="348.6.154901099\294217926" -childID 5 -isForBrowser -prefsHandle 5312 -prefMapHandle 5316 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c13b4a37-6087-4111-9aaa-4ec7bd910950} 348 "\\.\pipe\gecko-crash-server-pipe.348" 5304 243000fb858 tab
                      3⤵
                        PID:4712
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="348.8.1431667668\201660613" -childID 7 -isForBrowser -prefsHandle 5532 -prefMapHandle 5536 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0129858b-ab22-4920-9dbd-bca8b406dcd0} 348 "\\.\pipe\gecko-crash-server-pipe.348" 5316 242ffac5158 tab
                        3⤵
                          PID:5008
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="348.9.1332160400\935020244" -parentBuildID 20221007134813 -prefsHandle 6020 -prefMapHandle 6016 -prefsLen 26849 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {36f56a0b-175d-4502-9983-16fe425e239f} 348 "\\.\pipe\gecko-crash-server-pipe.348" 6032 242fd09c058 rdd
                          3⤵
                            PID:5424
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="348.10.629342906\1250978164" -childID 8 -isForBrowser -prefsHandle 6356 -prefMapHandle 6372 -prefsLen 26849 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5bf9e53-2298-4c8d-a413-13501cf32498} 348 "\\.\pipe\gecko-crash-server-pipe.348" 6316 242fd092258 tab
                            3⤵
                              PID:5928
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="348.11.555504611\1751505585" -childID 9 -isForBrowser -prefsHandle 5196 -prefMapHandle 5184 -prefsLen 27250 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eaf7af7a-0134-43d8-9a8d-ea512977af92} 348 "\\.\pipe\gecko-crash-server-pipe.348" 5280 242fbe85158 tab
                              3⤵
                                PID:920
                          • C:\Windows\system32\AUDIODG.EXE
                            C:\Windows\system32\AUDIODG.EXE 0x4a0 0x378
                            1⤵
                            • Suspicious use of AdjustPrivilegeToken
                            PID:6136

                          Network

                          MITRE ATT&CK Enterprise v6

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P8NMKCW2\suggestions[1].en-US
                            Filesize

                            17KB

                            MD5

                            5a34cb996293fde2cb7a4ac89587393a

                            SHA1

                            3c96c993500690d1a77873cd62bc639b3a10653f

                            SHA256

                            c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                            SHA512

                            e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\activity-stream.discovery_stream.json.tmp
                            Filesize

                            147KB

                            MD5

                            cc6b20dc114e9b70cc13bf20ec3dc09c

                            SHA1

                            2dd6aaffcf168f9a4af78f957f41f3cc5df39289

                            SHA256

                            675fd55bb0ed3be51c6ace6ab072177c2b049e1e90933d9188e2c348a385e49c

                            SHA512

                            b7bc6a6df653a6e32ba5e8588942e7c9c545060657791b0ddf8701ff130681555dcf0e3eb6e2cf377fa3ee4b50b8f508fdeaccb56bc1403da7b7aafd00d4ff08

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\safebrowsing-updating\ads-track-digest256-1.vlpset
                            Filesize

                            54KB

                            MD5

                            4f9ef3d3a71d4cb49e623e3f4b7b1162

                            SHA1

                            c2d65973b44b051d043475e9387fa7100514acbd

                            SHA256

                            48ae004f3c542ac764dd5a1e894918ec4b250b5c1f7209256c191cae13106b1f

                            SHA512

                            f7017204ad37ceedbff4e8b58ab4edac75748d2f36693e59ea9d9157f637d29b53c6405d994ac9fc62712f2574013e95c4817ff49229c78dcc23cac805b13ed7

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs-1.js
                            Filesize

                            7KB

                            MD5

                            816932e7a49786063d08106fd087d8bc

                            SHA1

                            3ba3433fd525099a170efae5c3880603b01bd2f5

                            SHA256

                            6ce06ca770c16d965c5e5404eb34a45bf6bf39a09884796f2b1188d8df306e44

                            SHA512

                            dea6bb995bb9f5d230468bc7fef72f788ec0cbb3566b2d167fc87a8b83e6ca0f648a4df41b3b18ab51f3a49fb3c48335e0623b250bcf5c33aedc965e265398ef

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            1KB

                            MD5

                            543e016e72a130b14b33cb41bce1c05d

                            SHA1

                            8fd7d24e1961bd210debb5fb9992fb675fdf9f87

                            SHA256

                            0afe08484b073813a2252a583e6adc3cd533afab1b8d587839c4166d7ee07efe

                            SHA512

                            19cefb45da073720d0bb09b73ceabbf6ad717e3b482780b257038bc66392a8b3937fb0de060df0326486ef5c6bef4bef9dadc3244033c0de9692eb26d588c61f

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            20KB

                            MD5

                            79234a81cedacd892d3fabf60a3c9e10

                            SHA1

                            3e222785417dae39d40df17ca07cb3cad4561a23

                            SHA256

                            4e94ddaf413758536ca79af8648de2ed9f358f294bc294ee5cfc17f8f060afcd

                            SHA512

                            ec8948a793902138975b67e0d3a6fa785197b20c255d395e8eb31f4a8fb4b8fbf44e2b85cec696be256a63050984b11a61e3c18d3c74da7926ac81e2793f41a8

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            20KB

                            MD5

                            79727eda74953182d8e48cb420321605

                            SHA1

                            830502a9c5a2537d6e1653874d2dc26a5fe272cf

                            SHA256

                            5b0986fd2f1034f8c379f7b5546c37bd27b8b93b41b251439744d2b7c1e1ddc9

                            SHA512

                            88c61564b0e473606ded483ea3a60103fe2d88286cd562c078bb92b423a2dc79d78332ae0742860f791270aa1b0c85269e1d6212e4810e7c92e9ca13fe0fa826

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            1KB

                            MD5

                            b0dfc88c67861ce39fbaae83bf3a52ad

                            SHA1

                            1e4cc6e980a2362a81027df009bff7b1f3f11156

                            SHA256

                            b4079adf7cd3dfd7807f05f7bdf0e58458e036c1f7a542441b88a405adbcc262

                            SHA512

                            73e62b1fb589828a1f361940abaf336f374865b786c5b490ce9365066dc1160afa53afad8fb939f2c91f6a2d3a5994e088a8770e7c8f01ec1d8b041d6645a070

                            Download Submit