Overview

overview

10

Static

static

1

URLScan

urlscan

10

https://cutt.ly/rwqF...

windows10-2004-x64

1

Resubmissions

21-06-2023 02:12

230621-cm9a9age5v 10

21-06-2023 02:06

230621-cjle1sfc28 10

21-06-2023 02:03

230621-cg6ceage4s 10

Analysis

  • max time kernel
    68s
  • max time network
    68s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-06-2023 02:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://cutt.ly/rwqFCY0Z

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://cutt.ly/rwqFCY0Z
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3924
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3924 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4332
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4672
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3716
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3716.0.921168633\1246960672" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1768 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e33dcde1-be82-4d71-9a26-48ccf134bcaf} 3716 "\\.\pipe\gecko-crash-server-pipe.3716" 1900 27335ea5858 gpu
        3⤵
          PID:3328
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3716.1.2058614160\3326117" -parentBuildID 20221007134813 -prefsHandle 2284 -prefMapHandle 2288 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ae56469-5db9-4140-b948-8deae087696a} 3716 "\\.\pipe\gecko-crash-server-pipe.3716" 2300 27327f6f858 socket
          3⤵
            PID:2688
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3716.2.265810\15672913" -childID 1 -isForBrowser -prefsHandle 3252 -prefMapHandle 3356 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0503b402-cfc0-44d1-9de9-8e0aac62db55} 3716 "\\.\pipe\gecko-crash-server-pipe.3716" 3344 27338a5f558 tab
            3⤵
              PID:3520
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3716.3.892116662\1166210828" -childID 2 -isForBrowser -prefsHandle 2452 -prefMapHandle 1460 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ee531cc-5bbb-45eb-baf4-32628e847230} 3716 "\\.\pipe\gecko-crash-server-pipe.3716" 3460 27327f63b58 tab
              3⤵
                PID:5096
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3716.4.563299798\998117965" -childID 3 -isForBrowser -prefsHandle 4224 -prefMapHandle 4220 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b6678a2-d529-4feb-b6ee-db1c0bdff7ac} 3716 "\\.\pipe\gecko-crash-server-pipe.3716" 4236 27339f0a658 tab
                3⤵
                  PID:4176
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3716.5.980046835\1191086348" -childID 4 -isForBrowser -prefsHandle 5256 -prefMapHandle 5248 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba3e3464-b0b5-4a2e-92a0-ebf749894994} 3716 "\\.\pipe\gecko-crash-server-pipe.3716" 5292 27327f2de58 tab
                  3⤵
                    PID:4120
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3716.7.1063717427\748317012" -childID 6 -isForBrowser -prefsHandle 5400 -prefMapHandle 5404 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f692448-a7e2-468e-9d92-e9e1ad30b4cf} 3716 "\\.\pipe\gecko-crash-server-pipe.3716" 5392 2733a33f958 tab
                    3⤵
                      PID:4888
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3716.6.1563447177\1517629701" -childID 5 -isForBrowser -prefsHandle 2952 -prefMapHandle 4056 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b7a01a7-c685-4ca7-8462-950cc24d60f8} 3716 "\\.\pipe\gecko-crash-server-pipe.3716" 5272 2733a33ed58 tab
                      3⤵
                        PID:1568

                  Network

                  MITRE ATT&CK Enterprise v6

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                    Filesize

                    471B

                    MD5

                    57cdf6110f9169470652840b9ad5174a

                    SHA1

                    63ff540f9c2f154b5b8ab3ca0912a573732ff8ad

                    SHA256

                    e735be26082eaee491597b63ae68b20a2fb1ce4a580369357525a4df60629fa1

                    SHA512

                    11fdfdaa384e7e7d11a68e3b2ff4986c82ec06be6e7e56fd6e1be01994c8bf3d4578382756b72728b72bb3d0fe9f143faa2521fa5bcca6f6e719fed81f9fe96a

                    Download Submit

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                    Filesize

                    404B

                    MD5

                    1609e303f2ab7a5cda4ca877853f77ec

                    SHA1

                    2417aea207706059c20a28c73cbd25aef6c7b604

                    SHA256

                    233f8d8431611998ff060f50c56f177f96341e8e16446cb26945a68dde5876a0

                    SHA512

                    2338ecd44444df0d529503cb063cef00714a355b7ffcee7fa0e1f3ae99d8326370508b6668f330fead93f3071f5bf4452ce83dd0dcb2efc03a21d84747338fe1

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9afmek3\imagestore.dat
                    Filesize

                    2KB

                    MD5

                    6f0b45f4971112a19f736f45d25f4f85

                    SHA1

                    12ade5fa7033d7b05ee65f630f232eb8bfc6e1c8

                    SHA256

                    dce9f8810110366edf5782d417d04e92e198c9cf295831b743947b548071e0c7

                    SHA512

                    92a496450f02d2465b47d6781fa853e941651092e28d486ef00a90ce6cc8d1efd40a737bf52018511999fe0abce1fdc512ff89bc9fedc72397c315bab4ee7fe2

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\148610538813e3841abb038f03fc52ba35efd9167f[1].png
                    Filesize

                    2KB

                    MD5

                    81f9bea7b28a974066ef29638fe7dbb3

                    SHA1

                    805d08830610a7357e603774d77881ef01dfea53

                    SHA256

                    4e4390a207c6ddd4ef3dc8b3cc0662e0f79d0bc4007ccb5627df24f2087bb05e

                    SHA512

                    392fcc0328a96a463e3820c2da865db43c8fc8a79ad3aff87cff1ad1e7622d36211accbc43542a683b150bce4821a3523add9f9d3ead7f6fa70e57c41bce4129

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    134KB

                    MD5

                    fb04a9fb0483284c0913db22fa9c1a23

                    SHA1

                    66fa9f41928201e0e7b9bf0cbd884949bd93dac7

                    SHA256

                    ff115f764a965d31ddeb8cd3114282110e59f1573f6dd3a380fafb4d188715ac

                    SHA512

                    42e69400fb3795ca1b4d1b7ade6bf8923e7b084d5070cd38e9fbfc1e99e45240040e18eb4fd9714c52a9838b17bbe0ef32bc2fcc273830cf1bd44614da966cef

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\safebrowsing-updating\ads-track-digest256-1.vlpset
                    Filesize

                    54KB

                    MD5

                    4f9ef3d3a71d4cb49e623e3f4b7b1162

                    SHA1

                    c2d65973b44b051d043475e9387fa7100514acbd

                    SHA256

                    48ae004f3c542ac764dd5a1e894918ec4b250b5c1f7209256c191cae13106b1f

                    SHA512

                    f7017204ad37ceedbff4e8b58ab4edac75748d2f36693e59ea9d9157f637d29b53c6405d994ac9fc62712f2574013e95c4817ff49229c78dcc23cac805b13ed7

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\~DF17B1CF7C004E13B3.TMP
                    Filesize

                    16KB

                    MD5

                    6193a84953b056e806271b2bd7954ce4

                    SHA1

                    ddddecdfe442a3ce1093d0df5f4644a241c7c299

                    SHA256

                    5595591aaf98ec63d72ee3245d5da67f61233b10f17437791ed5e12dc154f9a0

                    SHA512

                    d634e900a2442a37abaf3d9b2584b5260c3015fa0949686e86e9f83060d451108529d015f0163a61a79474b27e320639d8753ce0bac0a0af890c0460531e7e91

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    9114c08c29ee828dc8e2545f712a1870

                    SHA1

                    c2d092d35ea37441814ca9c54911de71e96d45fd

                    SHA256

                    4fa0156e14a981e0f9ac77c0066ada574a28c9a90ab4117ff19e1812ac488563

                    SHA512

                    125c988ac57a538357beb95980064dc161d6b96a851865de9561413ae5affe7c9be410bf85ce892d8a29744334c2afd3223a635ef39a8d82d89a03a7ec97bc93

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    31c4e80d9fe401e9d986e716ca4d611c

                    SHA1

                    e6234d567a75b49128517a10c9e845b7b8c0086f

                    SHA256

                    0752fc5ffcc74fb9314e2fef3912822baa99820e14e0ec7765ba02631e3fd768

                    SHA512

                    9065bcf287bd9a156aa5558d311c7baa163c464c0e4b886a52609fe1c37c5920bc04b1759394af6f7f40b018a0024e300dc010cd80a4d7ae5c6b07e31db8ad2e

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    9a831920fdddaa5313c72508d206271e

                    SHA1

                    670f86de2f82f6e6cf4432e497de8004cb615f5b

                    SHA256

                    ac502626ba5b81d40d9b70d02b89b1ab534dd2b1469c4ea72fc6c01c8765e2e8

                    SHA512

                    ab00c9ed08f4151156e47019e48656d9d3ad2b51973af94dd598b2b7fea76d6f4be0e5b2d27d04f38cf17f91e3365cb94ab33c3ac06bee793394868e2dce4f0d

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    939793cd52ce7fca096dc4e20d4654a5

                    SHA1

                    1d036f9d2dd1bb7a2a738255ce4922224d111c53

                    SHA256

                    3e99b06d00dbec621025ed338cecff023fbb0c3180da9b1d857b9a551ab19a77

                    SHA512

                    82e17364d7cdc5b35c7ad45cd063a7f90b360a3db38e59e3b1c2ff7e0db808e62d23b95308c9ee8f9e54c65cf6346edb7679e1967995722a5d27134e8c3993e9

                    Download Submit