Overview

overview

10

Static

static

10

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

10

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

1

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

10

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

1

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

1

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

1

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

1

ฺฺฺK...ฺฺ

windows10_x64

1

ฺฺฺK...ฺฺ

windows10_x64

1

ฺฺฺK...ฺฺ

windows10_x64

1

ฺฺฺK...ฺฺ

windows10_x64

1

ฺฺฺK...ฺฺ

windows10_x64

8

ฺฺฺK...ฺฺ

windows10_x64

1

Analysis

  • max time kernel
    605s
  • max time network
    624s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    22-11-2020 06:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    index.html

  • Size

    26KB

  • MD5

    3e198c8b972a962aabf0a2bbe26c1029

  • SHA1

    236dd9eadccb3aff18f910867d4231b38f8b77c8

  • SHA256

    13ac02b44e2c48890c00ea16afe1d2e2918fa9cd9f20ae2782efb8c1c0c61425

  • SHA512

    7ba8f027e23edac3e51f5e5a8f18431d03086582d034e09321ae2c539011639805463766ee520c9c8bef7b89e004c2c03c7178c0b7a953850a763aa39046d240

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1196
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1196 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2960

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
    MD5

    ffc04cd305e33221116feebf2eaa50b0

    SHA1

    6aeecd1a32ce6655a43e6b35cb2d0cb45876c9d4

    SHA256

    e0215011ac1136f278389a2a9b9572d9cdbb704f4a2a6d4b9cb8e99eba316de4

    SHA512

    ecd09a4db7f337f7b4b767edca0615262af8785c3dd85e6369037c04eda0865c59949a406e6e016ba8e893e7f740881be22909aa472ea6fd1c38aa3902979a01

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
    MD5

    ade3a4cd16db0810a06651227985f393

    SHA1

    60ed96fa77548e289afc97efa9172e25776a0dae

    SHA256

    bf1c38943bd09760d0a4d037ee02ec395fc911f180bade700e3b92def8fe28c5

    SHA512

    8dcb929864e69ae026590bbe30146037b1a415be6cf31caf555a648fa1a93c805ebd9be8be90a2a2e954a58fa57b07803bfc28d8d07a24467387cd1ff241a16b

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\4MY4KY2C.cookie
    MD5

    79376ec61253be4cf4fbb1b41e92b9d4

    SHA1

    9ce488404244a628b6d81c61a3d155c87852488d

    SHA256

    2cac98c14db6247a69bcdb5c456bdb3d7c418a81ba633f28caf6a1c250337181

    SHA512

    bc44406103ba66b6890ffa7d0ee665619780381f6cacc80e0c4daddfe03de907868cedc134e445cb8d690518e3a0f17ecb01b305a9f4bd5f2542113240f44a27

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\H9PZPAU1.cookie
    MD5

    e9e35ea3fa1f40586ca0122b3d99979a

    SHA1

    978bc0e96762d4e04ab739bb64226f7f490920b5

    SHA256

    251dd4294118add286c5dc42cd9de12d26f91585a23288512608613db54f7bea

    SHA512

    5a8a29f78ded14995c6a68a59a16c3272b2b365bdc3b6542783509e0fac8752ee34738640864edc69c0de97ed8641254402617521ac9e58640391df6acdcc771

    Download Submit
  • memory/2960-0-0x0000000000000000-mapping.dmp
    Download