Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://sussylink.ne...

windows7-x64

Resubmissions

25-06-2024 22:21

240625-196ewazbln 10

23-06-2024 21:43

240623-1k776sxanr 4

Analysis

  • max time kernel
    513s
  • max time network
    513s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    25-06-2024 22:21

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    https://sussylink.netlify.app/

Score
10/10
adwarepersistenceprivilege_escalationstealer

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 2 IoCs
    persistence
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 61 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 43 IoCs
    persistence
  • Manipulates Digital Signatures 1 TTPs 64 IoCs

    Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Modifies system executable filetype association 2 TTPs 53 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 10 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 9 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Runs regedit.exe 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://sussylink.netlify.app/
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2432
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2432 CREDAT:275457 /prefetch:2
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1824
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:1328
    • C:\Windows\regedit.exe
      "C:\Windows\regedit.exe"
      1⤵
      • Adds autorun key to be loaded by Explorer.exe on startup
      • Boot or Logon Autostart Execution: Active Setup
      • Event Triggered Execution: Image File Execution Options Injection
      • Manipulates Digital Signatures
      • Modifies system executable filetype association
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • Event Triggered Execution: Netsh Helper DLL
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Runs regedit.exe
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2936
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:1496
      • C:\Windows\explorer.exe
        "C:\Windows\explorer.exe"
        1⤵
          PID:2904
        • C:\Windows\explorer.exe
          "C:\Windows\explorer.exe"
          1⤵
            PID:2808
          • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
            "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"
            1⤵
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2900
            • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe
              "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe" Adobe Reader;459152
              2⤵
              • Suspicious use of SetWindowsHookEx
              PID:1976
          • C:\Windows\SysWOW64\DllHost.exe
            C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
            1⤵
              PID:800
            • C:\Windows\system32\SndVol.exe
              SndVol.exe -f 46269595 21474
              1⤵
                PID:3028
              • C:\Windows\system32\LogonUI.exe
                "LogonUI.exe" /flags:0x0
                1⤵
                  PID:2944
                • C:\Windows\system32\LogonUI.exe
                  "LogonUI.exe" /flags:0x0
                  1⤵
                    PID:1824
                  • C:\Windows\system32\LogonUI.exe
                    "LogonUI.exe" /flags:0x0
                    1⤵
                      PID:2888
                    • C:\Windows\system32\LogonUI.exe
                      "LogonUI.exe" /flags:0x1
                      1⤵
                        PID:2664
                      • C:\Windows\system32\LogonUI.exe
                        "LogonUI.exe" /flags:0x1
                        1⤵
                          PID:2252

                        Network

                        MITRE ATT&CK Enterprise v15

                        Reconnaissance

                        Resource Development

                        Initial Access

                        Execution

                        Persistence

                        Boot or Logon Autostart Execution

                        3
                        T1547

                        Active Setup

                        1
                        T1547.014

                        Registry Run Keys / Startup Folder

                        2
                        T1547.001

                        Browser Extensions

                        1
                        T1176

                        Event Triggered Execution

                        4
                        T1546

                        Change Default File Association

                        1
                        T1546.001

                        Component Object Model Hijacking

                        1
                        T1546.015

                        Image File Execution Options Injection

                        1
                        T1546.012

                        Netsh Helper DLL

                        1
                        T1546.007

                        Privilege Escalation

                        Boot or Logon Autostart Execution

                        3
                        T1547

                        Active Setup

                        1
                        T1547.014

                        Registry Run Keys / Startup Folder

                        2
                        T1547.001

                        Event Triggered Execution

                        4
                        T1546

                        Change Default File Association

                        1
                        T1546.001

                        Component Object Model Hijacking

                        1
                        T1546.015

                        Image File Execution Options Injection

                        1
                        T1546.012

                        Netsh Helper DLL

                        1
                        T1546.007

                        Defense Evasion

                        Modify Registry

                        6
                        T1112

                        Subvert Trust Controls

                        1
                        T1553

                        SIP and Trust Provider Hijacking

                        1
                        T1553.003

                        Credential Access

                        Discovery

                        Query Registry

                        1
                        T1012

                        Lateral Movement

                        Collection

                        Command and Control

                        Exfiltration

                        Impact

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                          Filesize

                          342B

                          MD5

                          1f9d37725034fc13acd950a033dc49f4

                          SHA1

                          7c66293490fba83e51d856541d7f46e0462b0340

                          SHA256

                          0152080f0b6eeb3df695734177d591a10a3fbde0ed439e995d057dadbb5f9f01

                          SHA512

                          38070f72dc959ec9e3693941b53814731d83d2b760de8e4d9d44ac355834fa1e595a463343f1f63a1eaa0bc67041efaef9879782ae9f741f2afba1f9e8afa85e

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                          Filesize

                          342B

                          MD5

                          dca30b08f7ddf815c4a75b6cfb23cede

                          SHA1

                          d2d39984894aff325979156881778315309bd744

                          SHA256

                          7381503420123773e54111cafa293839bbe5c335f4d1cefc34dcc296fffe583f

                          SHA512

                          819ba7d094fa3fbec8987099b16a2de6e75cb0f728844d3ada370542db8c0fac75fab18c4d910f56b0700728cd806e695fa1a847c84867df08f22e21757b5c43

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                          Filesize

                          342B

                          MD5

                          42704c935044fd6d2c8f3b47d7d617ef

                          SHA1

                          a03567f7935a7d576ecee4569f71a0e21558d046

                          SHA256

                          e699c23d4af6197e419c0203ccf92aee372390871d78cb6f371eced1818eb89b

                          SHA512

                          082f687efaf9f0f75600b6afe5bd2a7d29fee3284c57702059dc65c4f43174de6642f31caf5bdb80067f0799ebdba4079256a9521d78088dc8492a4cdf4f6791

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                          Filesize

                          342B

                          MD5

                          53e8dab80db218cd12131820530262d4

                          SHA1

                          41b264509219227c8c169cfca24a458ed89aa847

                          SHA256

                          e6c415af440bea55cf519d91de3a923735bbfcb5c6cf0793e0335b9a4451926a

                          SHA512

                          8e482e950f5294d89856bd758fcb1c349cd83d2ebb6190ea1e1c37b7c21d75899427a5e9053789cd886d36d9c5fbb2fd4a0a5ed653a95f4b6b07ac8cf6c6fd74

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                          Filesize

                          342B

                          MD5

                          9fe8aaba2b35b5c5fdf29c1a7156d4fd

                          SHA1

                          988d8a05a406e1720e30202bdc9dbe087523e03f

                          SHA256

                          52bb87604863f23d9437f6ceca78f77e43681eb704d0601cd07afeddbb96d740

                          SHA512

                          eed2458173cdcf40d4401b16092aa08b443c791613cfd7f6fdb87837ded435d5164d93af32b3cc18ccefa0f0fc3279f44e871c06acadacd2dc3bb46cd3dc8e66

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                          Filesize

                          342B

                          MD5

                          05d5fd4da48b2691d3b798086aba3e40

                          SHA1

                          4c5b28e0185eea8d24814051eb8ca1b0f83e23d9

                          SHA256

                          4242d47b2778ac005dfd5ae07a07dd58286b5b409bbee9b12b0695a91c9276aa

                          SHA512

                          f0e708bfa0e7880fb9f0af697d125c3498e757ca9604b40b3e2308381ae5a5b6c035fffc1be9f4ec11a7d6caf6f1ded158ac3a4756c1a75d04bda12987f7d43f

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                          Filesize

                          342B

                          MD5

                          a3da8849985f67559b2a54973520f405

                          SHA1

                          1a0d7940748c2f53f6ce0cd46f33f4ed8c6ad807

                          SHA256

                          2f2e8db5ed9d1b4c5b1d89c0825e7771713dc60f9c2259635e742f123410b216

                          SHA512

                          9544a6ca042eb6f537dd7de2d6076480a54c78dab3b0e9f8150503cf0bc695aa8d69c61006ff29673402ca778ba004ee7c7b4309a536aec65076d24a25af1dec

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                          Filesize

                          342B

                          MD5

                          b85b2de730da17861e7a09f7b920bee6

                          SHA1

                          243dd49ed06a084e33147f4401be13c591f822c9

                          SHA256

                          a585a1a667a0c637527357da644e534e152e1c184ce2f6fba6430debfb016fff

                          SHA512

                          c95e924727aa0ae5090f91e648358ea7321f99fda45d327582f59b9a0c9361ffd6283dae85c4eeb965a172a23d4519dfaa7fec50bfe305ba7efde9b42a60a55b

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                          Filesize

                          342B

                          MD5

                          2de2529c46dc2460a16d2c45b503133f

                          SHA1

                          d132a4886eb7e3556fa5ed64656e202840fe4182

                          SHA256

                          4353a19bfe3c3cdaecbd8f639fcf8cb84a25f5f992353fba534de5700d2ca3f8

                          SHA512

                          2dd3389c9630fd424a3842a6805a1bb90112c592f4e30393218e4a5d4baa154e9499e5f0074c6ccd4c13048332039450172683101d584e51f6e0d03c76f5fb06

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                          Filesize

                          342B

                          MD5

                          55b8f923cbc9b527a13c2abbeb5f8ae2

                          SHA1

                          f8b0a2f094a4da0f56e5951d7515f81e73305518

                          SHA256

                          8799151d6b097f3ae540c07a0ffe04e000cf8019d1541c6ce8cc4998b1680933

                          SHA512

                          dcc2914d8db10a6f05e5c1773962eed6db41d7ec399133a1ae1c6f545cad24485d8cdb0ac5f9727e212fd238a09eee153cfa00dee4ed44a3487b4c9dd07a4ba8

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                          Filesize

                          342B

                          MD5

                          b0718b119b6e04e89eda5c2bee2631bd

                          SHA1

                          0115f43a903de7e21eccb6628cd8221f769b4a07

                          SHA256

                          f5472e3b74921e5f4f9590849f6577cc55a47ab39b988d9c988c3296d7def059

                          SHA512

                          628739a5933078124688f09167bc2a5107e0a3bb445cc506a2be50cdc5d1501140b9293a73f0fdc36bced5ee4f32759a234d9ac643e28498c96415d8e69b955a

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                          Filesize

                          342B

                          MD5

                          c19c03a92f2d483838223558f63e9fea

                          SHA1

                          104fccf570596872285a258177b4146a076da7fc

                          SHA256

                          5848830892a2dc507544944d153305495b4b1aa3f66ee89d1f7278d1930e6c9a

                          SHA512

                          e87c30bc47f1a295a9a55d9d644d4ca53ff0dce79770ae77621a67d2c4d63e52dc42b68d7571200e0e9e17eb509443abeecea9e1e41a203113eb991e2d653a98

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                          Filesize

                          342B

                          MD5

                          3ae8c21606ffce3f85497f3bbd8f53cc

                          SHA1

                          a7437314070e74e1b427ce516ce99e1b1544eae5

                          SHA256

                          7b42b6ffec4509728794c627d68ab85180ca2081818216eaefc7890eaa183636

                          SHA512

                          dd4725ae1d20423679cc83cb2626f51fa27faf1d4e3554acddcc4b2eb747758341fa7fe99ee220fc74a6526e4321c497d0480c3c432aa20bde31c00a8af8a484

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                          Filesize

                          342B

                          MD5

                          db2177d9e47a5e52f7359f8e037b7e19

                          SHA1

                          bb8ec2d83a04997168c5e99d7bed4b3990bba3df

                          SHA256

                          b2ca77f57c6f467df8d7ab1206da3977e7657d4d29de23a20e9f695f74be23d2

                          SHA512

                          69118bfc9347cd39bc7f842a49679d6eeb29b5fdb76869e31d376437df9ce928307554f7a923b43436c38a9dbb068a4e1ce0f17d236c00abf08aa86fc9ee8f7b

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                          Filesize

                          342B

                          MD5

                          b38c512c7a892b0f98513e5feece74e6

                          SHA1

                          d8e843d999b40c03767783cea3568d85953420cd

                          SHA256

                          89c09c09c9feae49272faf17e26a6f1dbb8b75bb79e9fdf43708641a7bd9cb7f

                          SHA512

                          9889e6f5c1c86f634fa0f35e8e66a76aa3dc79a8a66be7b47840af96a1e8baefcdb9876dcf827aeb18168c48ccdf968631cb71bdacb914a1aaa95085c551746c

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                          Filesize

                          342B

                          MD5

                          50c6b471e5a789b868f9efc245a3cc80

                          SHA1

                          ed3ce3613917ac6d331a659d26eba217d642ba13

                          SHA256

                          beaa2ae5e4dd107553374fd2ee9d5df7f22aabb000e6d9d56074ae47c036aa46

                          SHA512

                          6844b7f2c183bb1c1bb7dac4e167aa4f6f93ec62378cf3131f9a64168b3031871f68c373fc7b5033c380a03df8cf1e9a9e300f218e638cff7384e5e8b98e29d9

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                          Filesize

                          342B

                          MD5

                          b0a40ec0a622b0fe6d3f1ac0410a6499

                          SHA1

                          0ac2167b5992f9277ee35bc44f873be2b42a2b2f

                          SHA256

                          c87eaa567e406dda1280753a37446dc704770009134cbb3136b34419b0a658fb

                          SHA512

                          204afefa5f970471dabd6d8bdeb4dd43d0541fefc4dff2678033759b753b5f133d9532b49879584c57d011dc1dba18760c89bed42b2deb13d1df0662c7cd3e5a

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                          Filesize

                          342B

                          MD5

                          69ec1d43c932c78bcd8772ba9145d7be

                          SHA1

                          b5ad1317e9eb6367a593eba8abd295b5d3ea89b2

                          SHA256

                          cedc85d38c241868d6088e3a51ad2eb7db6fb0442769cac66f82ce87e9e8f913

                          SHA512

                          677c2c2cd22011050d679d8063fe089d693530cbae7dd08b58e8cfa6da60f34be6d6238883b648e6042427f8d5b8b59d29d5a8c145cebc2abf83718852687729

                          Download Submit

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                          Filesize

                          342B

                          MD5

                          8254ced42c434ca69c56d238bf03dd08

                          SHA1

                          cd312420110a15a88471b21027e6200ac5d76767

                          SHA256

                          d370ad64a45f60d73925537b765afd09f2d1ebbfd9125e2358b99e4dfdd1631e

                          SHA512

                          885aba2447fd2d3e0ebb67ffe479491db0d83fe066fc08ba082213c445ef3fe41c8bea473f50b6335852cf5e12728c59fe8aa752bcdcf41707c8cac3e164b4ab

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\Cab20E9.tmp
                          Filesize

                          68KB

                          MD5

                          29f65ba8e88c063813cc50a4ea544e93

                          SHA1

                          05a7040d5c127e68c25d81cc51271ffb8bef3568

                          SHA256

                          1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

                          SHA512

                          e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\Cab2179.tmp
                          Filesize

                          70KB

                          MD5

                          49aebf8cbd62d92ac215b2923fb1b9f5

                          SHA1

                          1723be06719828dda65ad804298d0431f6aff976

                          SHA256

                          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                          SHA512

                          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\Tar218E.tmp
                          Filesize

                          181KB

                          MD5

                          4ea6026cf93ec6338144661bf1202cd1

                          SHA1

                          a1dec9044f750ad887935a01430bf49322fbdcb7

                          SHA256

                          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                          SHA512

                          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                          Download Submit