Overview

overview

1

Static

static

URLScan

urlscan

http://pnmefzusuldro...

windows10_x64

1

Analysis

  • max time kernel
    67s
  • max time network
    143s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    13-01-2021 08:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://pnmefzusuldrolqpnmefzusuldrolqpnmefzusuldrolq.browsmmaoertt.com/ywdvc2fyqgv2b2xlbnrozwfsdgguy29t

  • Sample

    210113-j31xgr6t7x

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 63 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://pnmefzusuldrolqpnmefzusuldrolqpnmefzusuldrolq.browsmmaoertt.com/ywdvc2fyqgv2b2xlbnrozwfsdgguy29t
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1112
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1112 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2616

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    9acb213e3098eea544dbd6f9dbd77033

    SHA1

    afb03453cace0199d37c64834a0a5c7d2aecd448

    SHA256

    8b52da8ad7d7e19495bbdbb6930ebfddfcec187113d6d38fc5f32bebf994de6d

    SHA512

    ad8bb5d6d24df0c628246e5bd82ca9094ea7eddbe1105f0410e90e6f5a4a997dedc3fb2db846f1275b85b28e30e82234f7b97706df0a13a3f2c948ccfba703c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
    MD5

    2113ed24cae7b685f5ddd44e3b9098a1

    SHA1

    a2c73cbb9ebfb4ff11ebecde24633b54513d098f

    SHA256

    1e19f1309e2c53a0947493fcc9c49e036dace1307753f6e334fce57cab67854f

    SHA512

    c7df31ca9a2ff98a5e5288c54836ba03c38de6189efba1c08ec032b204e7b7a3437af58ec2b4627b05525a523d9fd71251225221e84f02b0b936d4c3ba26f018

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    d7d11bee70c2725b6328fbde907af7a1

    SHA1

    dc5b6a73bdee2dffaf9136871dd741f5a0a65143

    SHA256

    d9746891a20c1812a076477472d077352d1a6e228243083181c6816500cc228f

    SHA512

    1dc6ec41b42fa56aa0f89e03a25f9b065f2efa94ae9601e0d4042cc74a0aedd27d10f5f9a8f33dc67560587186209eb97fc2a3648ac6aea2b38c96d8daa3e691

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
    MD5

    deedbf7817175c13254054ef272f7b76

    SHA1

    62a667d7857728fc39a7a4ecc546aa93443ff8e3

    SHA256

    6dcfd1d2b637c11bd4e96eb463efc1dc1cff6e2928673b58067a7841f29262db

    SHA512

    13e50bbb43a90464f60aa4dbb532c439f3f4cb3861baea187396395753eaa572203aaf8235585106599d626eb4947a55f1337dbef6c5f64f320bae4e265bfc69

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\6ZRW0U6X.cookie
    MD5

    a3833dc21f99ad3897d14504c8ab5a01

    SHA1

    f8acb389ddb0f467541c3e94a50e5b0ff14d5af4

    SHA256

    17532a2c18043f8cfbe00d9cfbf9366516849c761308694caaca5a5684f9e966

    SHA512

    7c6f35564e4a65c46e8976d248812df56ad13e99641add5e385749e9dda4a606caeed8078eb581452f197dc7c33da32ebf7ec046035c461502fc3f9c5f60d7c5

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\TJZ053PI.cookie
    MD5

    ae36d487b0557535df7bc6f7492ca4f4

    SHA1

    6a2c82a7531265ca1243ae81d2dbeede09400f73

    SHA256

    ce5da757e52a9605a97330356dbdfd66716350938427f9900ccb85cd633ee3dc

    SHA512

    ebb09fbc2c33fedf495dc470614362447ac73661ff453312e2200ee42ef13c4d8c45d3c97742409392f473683658c6473546199cefd424caa3f9643c59dc43be

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\X2TTXAG9.cookie
    MD5

    2a287d668965c21bc582e52fbc8e3149

    SHA1

    b583d559083423c0556dbe219f8f13ef30e16f97

    SHA256

    6e501c95beabda9214d779b0999e83ed03f9ebfbe36d1cca4f1958cd14a86ed3

    SHA512

    b387ec7c786aa0880bfd52a64959168798a2601724541067e1c813c6f6e56de3e69316aa0ffde3929c7e0b7925e32e80f1a094981b3c151c7034168fdc0b2814

    Download Submit

  • memory/2616-2-0x0000000000000000-mapping.dmp

    Download