Overview

overview

7

Static

static

1

URLScan

urlscan

1

https://www.mediafir...

windows10-1703-x64

7

Analysis

  • max time kernel
    46s
  • max time network
    35s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    15-05-2024 05:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.mediafire.com/file/6hf7cji0istv29i/OringoClientCrackV3.3.1.jar/file

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Drops file in Windows directory 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://www.mediafire.com/file/6hf7cji0istv29i/OringoClientCrackV3.3.1.jar/file"
    1⤵
      PID:2752
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4728
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • NTFS ADS
      PID:500
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4348
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3504
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:3176
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:2408
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:3436
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:3904
      • C:\Program Files\Java\jre-1.8\bin\javaw.exe
        "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\OringoClientCrackV3.3.1.jar"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:2860
        • C:\Windows\system32\icacls.exe
          C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
          2⤵
          • Modifies file permissions
          PID:2044
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Modifies registry class
        PID:2132
      • C:\Windows\system32\OpenWith.exe
        C:\Windows\system32\OpenWith.exe -Embedding
        1⤵
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2428
        • C:\Program Files\Java\jre-1.8\bin\javaw.exe
          "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\OringoClientCrackV3.3.1.jar"
          2⤵
            PID:4412

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
          Filesize

          46B

          MD5

          d0c8c03745b4eb931851dbdf5a1349b8

          SHA1

          a50f2ed63b3ba6c36f11bee3e806cb5f33e01d8f

          SHA256

          ae34167e1b223d54e2c0c2005bb2ace1b36a824a59b172d52ff59c253f4cc0e8

          SHA512

          29b2f799e217fb0a63a97207842bb46a8be8e717e93f0f4d05e63bd8603d736318d58214eed270151fa831e5c3d67b9e68a82cdf27aa538c6c05d342c4d12126

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
          Filesize

          4KB

          MD5

          1bfe591a4fe3d91b03cdf26eaacd8f89

          SHA1

          719c37c320f518ac168c86723724891950911cea

          SHA256

          9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

          SHA512

          02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OHP8MVFQ\edgecompatviewlist[1].xml
          Filesize

          74KB

          MD5

          d4fc49dc14f63895d997fa4940f24378

          SHA1

          3efb1437a7c5e46034147cbbc8db017c69d02c31

          SHA256

          853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

          SHA512

          cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\J5KRTKP3\www.mediafire[1].xml
          Filesize

          13B

          MD5

          c1ddea3ef6bbef3e7060a1a9ad89e4c5

          SHA1

          35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

          SHA256

          b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

          SHA512

          6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\J5KRTKP3\www.mediafire[1].xml
          Filesize

          244B

          MD5

          5c08303131fcbf703bd94a6a1dad62de

          SHA1

          6e8d8dd2ef2866419bdd1d03278c547caca4951c

          SHA256

          266a6ebf35bef5d518bd885ee1f50d0a68250f1ab1c499d066d70edadb3ed778

          SHA512

          5a963c2afc75ed4993d899006bf672ea8743ec259928417825fb0f3718e86bd4c8fc073c16b6648728891025c5087221d13abf1d93d025242a27160d36e6d646

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
          Filesize

          392B

          MD5

          496c6a1f3bc9f772da4300e16bc1f524

          SHA1

          6b5525d27498406e3572d2bf449660a7638d46bd

          SHA256

          bd0af3ab99cdaba9131d03a9d7642d2a3333b0204fbac12a2107ef972b91843a

          SHA512

          eb4be8222485a80bd42554dff990146b7e71255fe439130e403d20086f1f986cc7c9cfedb4a260ed170aba1e456c3237f3595b65799b5c7878364e947dbddbdf

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\RXSV0UGS\favicon[1].ico
          Filesize

          10KB

          MD5

          a301c91c118c9e041739ad0c85dfe8c5

          SHA1

          039962373b35960ef2bb5fbbe3856c0859306bf7

          SHA256

          cdc78cc8b2994712a041a2a4cb02f488afbab00981771bdd3a8036c2dddf540f

          SHA512

          3a5a2801e0556c96574d8ab5782fc5eab0be2af7003162da819ac99e0737c8876c0db7b42bb7c149c4f4d9cfe61d2878ff1945017708f5f7254071f342a6880a

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KEN4K5YU\OringoClientCrackV3.3.1[1].jar
          Filesize

          32KB

          MD5

          eba35ba16ada2080a8d382a17f8d8451

          SHA1

          126575ca59cc32c7a021a20f09b5f434b8379ea8

          SHA256

          4087a63b7523bd7519b36bf3c570c1d7e738d5e5625d0cbfcc023389f5029027

          SHA512

          58d6414e028e7defb95f68a077bbcdc760bc77d33013b9d12521f25ce622e9e8732c1070e3efe2e190a6ddf31fae8ee70039334920fda77cc499d455ac814811

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
          Filesize

          2KB

          MD5

          27cb84b97bbe5b0939b173e31eac33cf

          SHA1

          94b204f1bfeb240bb8c49c3d1057ff86e58bb7ac

          SHA256

          3afe0bac3c86a2f66529c2e16f3e85f6da6a665f0b4614830832a6e28dd890d9

          SHA512

          4bef916e6d10ad0850c6c537edf84b89d5c5c378d3547fbd65f06a52160d7e05f2546f64554ac0f07b21ea19e35e7e16533146ba41c46b782e808cc689394a03

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
          Filesize

          488B

          MD5

          4a376f100be6db5ec0e8009ba6a4e233

          SHA1

          7e4b4d650f8ecffce8a4e93ce1fa6be32d3c6e96

          SHA256

          9d09d69a320a71dd57b4c9dc353ca79136b5c54ab6edab44235a0d109f5cc6c8

          SHA512

          4a25868ea1bfe9756d50ea4e5ee9f90361b73951875cb2bf3316628f7fb496e89261a221869221f36f1265790d71165c33c5065e01473bcde951101a94417e10

          Download Submit

        • C:\Users\Admin\Downloads\OringoClientCrackV3.3.1.jar.36eb8lr.partial
          Filesize

          1.7MB

          MD5

          092f84b62e380774a8480aae1d8e6c47

          SHA1

          b7f0911099e23f5b3c8b90e7bb8181b0b5e3aa60

          SHA256

          2b9a16713bb91851b82f29ece7e30ae32cb34e6cd3fabf8a96d13bcad95ea428

          SHA512

          b52f84b149fdf4ff04fc8fa874d6ff15afefdc12609fcbe3eb49c022f57549d18928110b1b3b883e9001fed7dd6832b88d02747290a39ca24d509747b7e65aa3

          Download Submit

        • memory/3176-472-0x0000023EE4B60000-0x0000023EE4B62000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3176-71-0x0000023EDF7A0000-0x0000023EDF7A2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3176-120-0x0000023EE0E00000-0x0000023EE0E02000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3176-118-0x0000023EE0C60000-0x0000023EE0C62000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3176-115-0x0000023EE0C20000-0x0000023EE0C22000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3176-112-0x0000023EE0C00000-0x0000023EE0C02000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3176-108-0x0000023EE0AD0000-0x0000023EE0AD2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3176-67-0x0000023ECEEE0000-0x0000023ECEEE2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3176-69-0x0000023EDF5E0000-0x0000023EDF5E2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3176-137-0x0000023EE0C70000-0x0000023EE0C90000-memory.dmp

          Filesize

          128KB

          Download

        • memory/3176-238-0x0000023EE1A00000-0x0000023EE1B00000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/3176-314-0x0000023EE1EE0000-0x0000023EE1F00000-memory.dmp

          Filesize

          128KB

          Download

        • memory/3176-124-0x0000023EE0EF0000-0x0000023EE0EF2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3176-126-0x0000023EE0F30000-0x0000023EE0F32000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3176-366-0x0000023EE54D0000-0x0000023EE54F0000-memory.dmp

          Filesize

          128KB

          Download

        • memory/3176-429-0x0000023EE4B00000-0x0000023EE4B20000-memory.dmp

          Filesize

          128KB

          Download

        • memory/3176-122-0x0000023EE0EA0000-0x0000023EE0EA2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3176-499-0x0000023ECEE80000-0x0000023ECEE90000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3176-110-0x0000023EE0AF0000-0x0000023EE0AF2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3504-43-0x00000269CF640000-0x00000269CF740000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4728-17-0x0000021ADDB30000-0x0000021ADDB40000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4728-194-0x0000021AE4B10000-0x0000021AE4B11000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4728-193-0x0000021AE4B00000-0x0000021AE4B01000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4728-35-0x0000021AE1CE0000-0x0000021AE1CE2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/4728-0-0x0000021ADDA20000-0x0000021ADDA30000-memory.dmp

          Filesize

          64KB

          Download