Overview

overview

1

Static

static

URLScan

urlscan

https://sunriseerect...

windows10_x64

1

Resubmissions

21-11-2020 00:47

201121-ej5z3ev226 1

21-11-2020 00:42

201121-cdr1gwk9r2 1

Analysis

  • max time kernel
    67s
  • max time network
    141s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    21-11-2020 00:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://sunriseerectors-my.sharepoint.com:443/:b:/p/kcummings/EUeNZ5mxjcJElml09XOedNoBfuqJQy2ruQ-BrFVgKkCzMQ?

  • Sample

    201121-cdr1gwk9r2

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 63 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://sunriseerectors-my.sharepoint.com:443/:b:/p/kcummings/EUeNZ5mxjcJElml09XOedNoBfuqJQy2ruQ-BrFVgKkCzMQ?
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4704
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4704 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:5064
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{7966B4D8-4FDC-4126-A10B-39A3209AD251}
    1⤵
      PID:4088

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2F23D0F5E4D72862517E1CB26A329742_F6FACC49395CFA949BCE851E73323C49
      MD5

      61f25b772b49876e5d2548acf1abebcd

      SHA1

      717acc9bd9422f36bd1dcf0f468efc88fa169260

      SHA256

      bc80d370224e2c7e2309a835f5408238d05f53e70b6dac5fc8bf342cde50910f

      SHA512

      8fc75d707dc97af00823a05065323ed0888ffbdd2908040227eddefad7eb4cab1f981593e991c7a620ca226c30a2aa5518a0096b1276caf73923aa6caf6cb4f8

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04
      MD5

      7e90a4d1234afab04c200647348697c2

      SHA1

      8c0602abb5c06fca26368871d31d5024f7e0ddcd

      SHA256

      94eff05f3483b78d64d28441322aa8dbff213ef6b026fa1e154ebfe5288a0b91

      SHA512

      9c5903765c285192e8196c681850682ec355643b7bef60bc35c12ae8f63dff4bb67b56795aae01e2c89bd55cfd0a217965f607bdbeca3d5b3ef727887fc52ced

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
      MD5

      86c870fa0e077109a2b3608a8334a07c

      SHA1

      607491bce4e1217c4dae1a11175a7dc6ba9e1200

      SHA256

      d7ae63a43df14462912cd0740c6fcf6601f0c862e77068bdcd8304e1d2c5a0f7

      SHA512

      f75273ddaa36a941a5a23f92f7d3ac1f3a8282d30a842e1edefbec2b4add27d563a3c9b8bb1be3df52419920478b0f45862dfe50162d1c5f7b7ba5334e574a6d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2F23D0F5E4D72862517E1CB26A329742_F6FACC49395CFA949BCE851E73323C49
      MD5

      87c963b5b1b0cea450b1334584b7205f

      SHA1

      6b1466856f86edb70c182f68acad90447fc8b930

      SHA256

      bcd2ee535cf6d55d5fa96f63301966cd5419b4407bb2fcbda3b65f6703806243

      SHA512

      c94ec78fa5d03865943d1e76c327e360b3543592d457184aa85387d329c5c0df1c0d5ccb6c55270487e8022c1530cd8a6a2f01edbb21dad6c898c48cbd39e790

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04
      MD5

      66b446f19f0f36ecd0f30b00d671a22b

      SHA1

      09ca815db454f621bcc6de39ddbff601576324ee

      SHA256

      2998030889ee56ea725e1557f8aab5bff3b58dd01f6cbae0d3826c4467aa0a93

      SHA512

      9f896453acef090ba8ec4192aff431284e49471565709e77291450fe99519cc13e9e96da0cedeb5d9a7a8d7532182c97aa8873ef1ebfb5ea338203ee44056f9a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
      MD5

      d49a0fc6cfb67c982a6e03811c4ad481

      SHA1

      3c85ed8c84635a4813f4f10cb41eaefff44f430d

      SHA256

      034a475f42b2aeb595b2d3c1b9f69fe89289b342fcc63ba0c7866e05c74579e8

      SHA512

      a66674c6eb91262897614432ea07fca238038dba6e3d0f8a362afef5b360b64a77468c5f8c5e77993cedd99552f98673cae46fbf8c31d6b568a4a071ef9a2cfb

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\1FWMGCTG.cookie
      MD5

      442289a5057ec866398b3bd33a0795f1

      SHA1

      7624e61ce30ba2d23671c64e8ba6efe0c8a3eea6

      SHA256

      f2c4bad929d066a1f9fd2119200f855b98c3cd7386fd08209a7f03f49c7300c5

      SHA512

      e579369fd94411292134f6c2203f36ab8c2d2965edb9a39242f9b012e0357339df9cd812e13d2e31be1e8cec54fb17bae4b5f44ca0e0726584dd3bb4c478b813

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\47QZ7FU4.cookie
      MD5

      809fdd12393524356abb3b1f36c90412

      SHA1

      ad7b95e5568195d70905a91a7bd875b1de9f2ec9

      SHA256

      06d9a67ef9bf4ead37064a2e9190a97d4b08542662f19c862c452d63bdcaebcc

      SHA512

      4c0ceab18806437d4788c6237f417ff26be113b841002aff4451943f19ff77a1a936c4d481fa336f39798bd6eb8dc4db03cab4f47dba31eb1f956e7a671d7395

      Download Submit
    • memory/5064-0-0x0000000000000000-mapping.dmp
      Download