Overview

overview

1

Static

static

https://t.umblr.com/...

windows10_x64

1

Analysis

  • max time kernel
    142s
  • max time network
    142s
  • platform
    windows10_x64
  • resource
    win10v200430
  • submitted
    29-05-2020 23:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://t.umblr.com/redirect?z=https%3A%2F%2Fembelyulexpiredembalajetecnico5684.com%2F%3Fsigninn-&t=NTZmMDdhYTZhNjUxMzM1MTMyNmNiMmY4ZDA2YzRlMTBjZWUyNjY2ZixjZGYyODBmZTVkZDM0MDRjNDgyYzRiMmE4ZmI3MWYxMjBkZGVlZjBk

  • Sample

    200529-pbgs8gd5xe

Score
1/10

Malware Config

Signatures

  • Checks whether UAC is enabled 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 75 IoCs
    adwarespyware
  • Modifies system certificate store 10 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://t.umblr.com/redirect?z=https%3A%2F%2Fembelyulexpiredembalajetecnico5684.com%2F%3Fsigninn-&t=NTZmMDdhYTZhNjUxMzM1MTMyNmNiMmY4ZDA2YzRlMTBjZWUyNjY2ZixjZGYyODBmZTVkZDM0MDRjNDgyYzRiMmE4ZmI3MWYxMjBkZGVlZjBk
    1⤵
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of FindShellTrayWindow
    PID:1008
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1008 CREDAT:82945 /prefetch:2
      2⤵
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      • Modifies system certificate store
      • Suspicious use of SetWindowsHookEx
      PID:3484

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\2EZ09VY9.cookie
    Download Submit