Analysis
-
max time kernel
513s -
max time network
513s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
25-06-2024 22:21
Errors
General
-
Target
https://sussylink.netlify.app/
Malware Config
Signatures
-
Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 2 IoCs
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 61 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection 1 TTPs 43 IoCs
-
Manipulates Digital Signatures 1 TTPs 64 IoCs
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Modifies system executable filetype association 2 TTPs 53 IoCs
-
Adds Run key to start application 2 TTPs 10 IoCs
-
Installs/modifies Browser Helper Object 2 TTPs 9 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
-
Modifies Internet Explorer settings 1 TTPs 64 IoCs
-
Modifies registry class 64 IoCs
-
Runs regedit.exe 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 9 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://sussylink.netlify.app/1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2432 CREDAT:275457 /prefetch:22⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
-
C:\Windows\regedit.exe"C:\Windows\regedit.exe"1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Boot or Logon Autostart Execution: Active Setup
- Event Triggered Execution: Image File Execution Options Injection
- Manipulates Digital Signatures
- Modifies system executable filetype association
- Adds Run key to start application
- Installs/modifies Browser Helper Object
- Event Triggered Execution: Netsh Helper DLL
- Modifies Internet Explorer settings
- Modifies registry class
- Runs regedit.exe
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe" Adobe Reader;4591522⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
-
C:\Windows\system32\SndVol.exeSndVol.exe -f 46269595 214741⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x01⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x01⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x01⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x11⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x11⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Active Setup
1Event Triggered Execution
4Change Default File Association
1Netsh Helper DLL
1Image File Execution Options Injection
1Component Object Model Hijacking
1Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Active Setup
1Event Triggered Execution
4Change Default File Association
1Netsh Helper DLL
1Image File Execution Options Injection
1Component Object Model Hijacking
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD51f9d37725034fc13acd950a033dc49f4
SHA17c66293490fba83e51d856541d7f46e0462b0340
SHA2560152080f0b6eeb3df695734177d591a10a3fbde0ed439e995d057dadbb5f9f01
SHA51238070f72dc959ec9e3693941b53814731d83d2b760de8e4d9d44ac355834fa1e595a463343f1f63a1eaa0bc67041efaef9879782ae9f741f2afba1f9e8afa85e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5dca30b08f7ddf815c4a75b6cfb23cede
SHA1d2d39984894aff325979156881778315309bd744
SHA2567381503420123773e54111cafa293839bbe5c335f4d1cefc34dcc296fffe583f
SHA512819ba7d094fa3fbec8987099b16a2de6e75cb0f728844d3ada370542db8c0fac75fab18c4d910f56b0700728cd806e695fa1a847c84867df08f22e21757b5c43
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD542704c935044fd6d2c8f3b47d7d617ef
SHA1a03567f7935a7d576ecee4569f71a0e21558d046
SHA256e699c23d4af6197e419c0203ccf92aee372390871d78cb6f371eced1818eb89b
SHA512082f687efaf9f0f75600b6afe5bd2a7d29fee3284c57702059dc65c4f43174de6642f31caf5bdb80067f0799ebdba4079256a9521d78088dc8492a4cdf4f6791
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD553e8dab80db218cd12131820530262d4
SHA141b264509219227c8c169cfca24a458ed89aa847
SHA256e6c415af440bea55cf519d91de3a923735bbfcb5c6cf0793e0335b9a4451926a
SHA5128e482e950f5294d89856bd758fcb1c349cd83d2ebb6190ea1e1c37b7c21d75899427a5e9053789cd886d36d9c5fbb2fd4a0a5ed653a95f4b6b07ac8cf6c6fd74
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD59fe8aaba2b35b5c5fdf29c1a7156d4fd
SHA1988d8a05a406e1720e30202bdc9dbe087523e03f
SHA25652bb87604863f23d9437f6ceca78f77e43681eb704d0601cd07afeddbb96d740
SHA512eed2458173cdcf40d4401b16092aa08b443c791613cfd7f6fdb87837ded435d5164d93af32b3cc18ccefa0f0fc3279f44e871c06acadacd2dc3bb46cd3dc8e66
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD505d5fd4da48b2691d3b798086aba3e40
SHA14c5b28e0185eea8d24814051eb8ca1b0f83e23d9
SHA2564242d47b2778ac005dfd5ae07a07dd58286b5b409bbee9b12b0695a91c9276aa
SHA512f0e708bfa0e7880fb9f0af697d125c3498e757ca9604b40b3e2308381ae5a5b6c035fffc1be9f4ec11a7d6caf6f1ded158ac3a4756c1a75d04bda12987f7d43f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5a3da8849985f67559b2a54973520f405
SHA11a0d7940748c2f53f6ce0cd46f33f4ed8c6ad807
SHA2562f2e8db5ed9d1b4c5b1d89c0825e7771713dc60f9c2259635e742f123410b216
SHA5129544a6ca042eb6f537dd7de2d6076480a54c78dab3b0e9f8150503cf0bc695aa8d69c61006ff29673402ca778ba004ee7c7b4309a536aec65076d24a25af1dec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5b85b2de730da17861e7a09f7b920bee6
SHA1243dd49ed06a084e33147f4401be13c591f822c9
SHA256a585a1a667a0c637527357da644e534e152e1c184ce2f6fba6430debfb016fff
SHA512c95e924727aa0ae5090f91e648358ea7321f99fda45d327582f59b9a0c9361ffd6283dae85c4eeb965a172a23d4519dfaa7fec50bfe305ba7efde9b42a60a55b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD52de2529c46dc2460a16d2c45b503133f
SHA1d132a4886eb7e3556fa5ed64656e202840fe4182
SHA2564353a19bfe3c3cdaecbd8f639fcf8cb84a25f5f992353fba534de5700d2ca3f8
SHA5122dd3389c9630fd424a3842a6805a1bb90112c592f4e30393218e4a5d4baa154e9499e5f0074c6ccd4c13048332039450172683101d584e51f6e0d03c76f5fb06
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD555b8f923cbc9b527a13c2abbeb5f8ae2
SHA1f8b0a2f094a4da0f56e5951d7515f81e73305518
SHA2568799151d6b097f3ae540c07a0ffe04e000cf8019d1541c6ce8cc4998b1680933
SHA512dcc2914d8db10a6f05e5c1773962eed6db41d7ec399133a1ae1c6f545cad24485d8cdb0ac5f9727e212fd238a09eee153cfa00dee4ed44a3487b4c9dd07a4ba8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5b0718b119b6e04e89eda5c2bee2631bd
SHA10115f43a903de7e21eccb6628cd8221f769b4a07
SHA256f5472e3b74921e5f4f9590849f6577cc55a47ab39b988d9c988c3296d7def059
SHA512628739a5933078124688f09167bc2a5107e0a3bb445cc506a2be50cdc5d1501140b9293a73f0fdc36bced5ee4f32759a234d9ac643e28498c96415d8e69b955a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5c19c03a92f2d483838223558f63e9fea
SHA1104fccf570596872285a258177b4146a076da7fc
SHA2565848830892a2dc507544944d153305495b4b1aa3f66ee89d1f7278d1930e6c9a
SHA512e87c30bc47f1a295a9a55d9d644d4ca53ff0dce79770ae77621a67d2c4d63e52dc42b68d7571200e0e9e17eb509443abeecea9e1e41a203113eb991e2d653a98
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD53ae8c21606ffce3f85497f3bbd8f53cc
SHA1a7437314070e74e1b427ce516ce99e1b1544eae5
SHA2567b42b6ffec4509728794c627d68ab85180ca2081818216eaefc7890eaa183636
SHA512dd4725ae1d20423679cc83cb2626f51fa27faf1d4e3554acddcc4b2eb747758341fa7fe99ee220fc74a6526e4321c497d0480c3c432aa20bde31c00a8af8a484
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5db2177d9e47a5e52f7359f8e037b7e19
SHA1bb8ec2d83a04997168c5e99d7bed4b3990bba3df
SHA256b2ca77f57c6f467df8d7ab1206da3977e7657d4d29de23a20e9f695f74be23d2
SHA51269118bfc9347cd39bc7f842a49679d6eeb29b5fdb76869e31d376437df9ce928307554f7a923b43436c38a9dbb068a4e1ce0f17d236c00abf08aa86fc9ee8f7b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5b38c512c7a892b0f98513e5feece74e6
SHA1d8e843d999b40c03767783cea3568d85953420cd
SHA25689c09c09c9feae49272faf17e26a6f1dbb8b75bb79e9fdf43708641a7bd9cb7f
SHA5129889e6f5c1c86f634fa0f35e8e66a76aa3dc79a8a66be7b47840af96a1e8baefcdb9876dcf827aeb18168c48ccdf968631cb71bdacb914a1aaa95085c551746c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD550c6b471e5a789b868f9efc245a3cc80
SHA1ed3ce3613917ac6d331a659d26eba217d642ba13
SHA256beaa2ae5e4dd107553374fd2ee9d5df7f22aabb000e6d9d56074ae47c036aa46
SHA5126844b7f2c183bb1c1bb7dac4e167aa4f6f93ec62378cf3131f9a64168b3031871f68c373fc7b5033c380a03df8cf1e9a9e300f218e638cff7384e5e8b98e29d9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5b0a40ec0a622b0fe6d3f1ac0410a6499
SHA10ac2167b5992f9277ee35bc44f873be2b42a2b2f
SHA256c87eaa567e406dda1280753a37446dc704770009134cbb3136b34419b0a658fb
SHA512204afefa5f970471dabd6d8bdeb4dd43d0541fefc4dff2678033759b753b5f133d9532b49879584c57d011dc1dba18760c89bed42b2deb13d1df0662c7cd3e5a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD569ec1d43c932c78bcd8772ba9145d7be
SHA1b5ad1317e9eb6367a593eba8abd295b5d3ea89b2
SHA256cedc85d38c241868d6088e3a51ad2eb7db6fb0442769cac66f82ce87e9e8f913
SHA512677c2c2cd22011050d679d8063fe089d693530cbae7dd08b58e8cfa6da60f34be6d6238883b648e6042427f8d5b8b59d29d5a8c145cebc2abf83718852687729
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD58254ced42c434ca69c56d238bf03dd08
SHA1cd312420110a15a88471b21027e6200ac5d76767
SHA256d370ad64a45f60d73925537b765afd09f2d1ebbfd9125e2358b99e4dfdd1631e
SHA512885aba2447fd2d3e0ebb67ffe479491db0d83fe066fc08ba082213c445ef3fe41c8bea473f50b6335852cf5e12728c59fe8aa752bcdcf41707c8cac3e164b4ab
-
C:\Users\Admin\AppData\Local\Temp\Cab20E9.tmpFilesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\Local\Temp\Cab2179.tmpFilesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\Local\Temp\Tar218E.tmpFilesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b