Overview

overview

1

Static

static

URLScan

urlscan

http://www.mhariri.v...

windows10_x64

1

Analysis

  • max time kernel
    102s
  • max time network
    141s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    13-01-2021 10:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://www.mhariri.villas-zakynthos.com/?VGH=bWhhcmlyaUBldm9sZW50aGVhbHRoLmNvbQ==

  • Sample

    210113-d82ce3f5za

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.mhariri.villas-zakynthos.com/?VGH=bWhhcmlyaUBldm9sZW50aGVhbHRoLmNvbQ==
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4700
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4700 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:5064

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    a36b44d5adb4041932847abd904a977a

    SHA1

    d26d17290820c64c4139b4677633df29ab51c6b2

    SHA256

    9cff6cca3aa67e7e5ee897b37889577e1cfb2b68036849202a11b33d9cba569f

    SHA512

    4edf5ee43ed3045b027027ee8b4d16595c7e4945eb60d24ea4d37ecbbb9e1333e01cc6a0031af28edcf26b686287f1ad4ae2093853ae71a1747c428e78d0832e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    68a30f3ba7adf4200ea274ab2f102a25

    SHA1

    3c5d297af449c98802d29df9616abcc7091132cd

    SHA256

    be74ec1688c3248e6731fe136b4a526cceaca771e05f63fab5d34f71a39b7b22

    SHA512

    a9a70a2266fb90e48d44758e8af84b76a1017e834293241966b9547aa3ff1fd660f160f3b26613f93eba53ac3cb4392ec48c0614cb14153d79fc85f6a3d065dd

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\7VN46F2G.cookie
    MD5

    c235b6c67f5894ac5bdceb2915dba4b2

    SHA1

    d511a7e1817a413a478f17187811bc78cb38cbf9

    SHA256

    c5891176d3e2c183ac6055a896c9c3b41b93be3a3d7941198d9c1dbb7b83cdfc

    SHA512

    957b05c7edd9fe8a8b83c8fcdad8aa56473a31071492d2b2dfcdb4dcd77e2994b75065c6957cdfe6a901b72f325dcd52a064f633171b39b78e8f67504c2b3c3c

    Download Submit
  • memory/5064-2-0x0000000000000000-mapping.dmp
    Download