Overview

overview

1

Static

static

URLScan

urlscan

https://keitaro21.pr...

windows10_x64

1

Analysis

  • max time kernel
    140s
  • max time network
    151s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    14-01-2021 06:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://keitaro21.pro/BKpYycTz

  • Sample

    210114-1rxf797xwa

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 79 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://keitaro21.pro/BKpYycTz
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1160
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1160 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3884

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    a36b44d5adb4041932847abd904a977a

    SHA1

    d26d17290820c64c4139b4677633df29ab51c6b2

    SHA256

    9cff6cca3aa67e7e5ee897b37889577e1cfb2b68036849202a11b33d9cba569f

    SHA512

    4edf5ee43ed3045b027027ee8b4d16595c7e4945eb60d24ea4d37ecbbb9e1333e01cc6a0031af28edcf26b686287f1ad4ae2093853ae71a1747c428e78d0832e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CC197601BE0898B7B0FCC91FA15D8A69_98CCF852FAA7F8030776218B3AB9F85F
    MD5

    48741edc27de45c9c852ca7821d4f937

    SHA1

    f5a8cf77b4902c7b29709d5d5ef6ff7dee115461

    SHA256

    6bbbc561ddf1275ee17a167a3c4c16b41130e453ed3d2e68bc9a4b1ea601b14a

    SHA512

    205e98e29a62c2d0beb41d481722556b4a8d9ddd207c9092217133529098566b1ea3c5b1abbf88cc7810345b554bae52f51bec6362b0f26aa529026a2ed06ee8

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
    MD5

    48d7b88f7986388169c9f46bd8d48050

    SHA1

    f34113edae5d2fe7046d9250a019bc19cf6534cc

    SHA256

    679a3247b5f50991c3aef6f491cd5a5b0c55f11693a886f6a7cfed811f108cc8

    SHA512

    fb43568a8419777a45ebf4a6325e3c256ce0c464fc9ecb88fd924709aa0ab2b631c027fc258e66e1fc5616f4d252029d926d31b29c445c8af31e4aa70fb0d21c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    5c72864c7c6daab021040250dd243479

    SHA1

    f0d9338e416686704005968e611382b71d270e87

    SHA256

    815655ff2cf69154983d61223bbd7ea5a01e5f2bd61a2cf3c41c1baf365de674

    SHA512

    c594941d11d68d1eece75e73d2d2bd9123619f0cafc2dd6ac424915a9abe97bf672838ac66c56e1ff1ad59242ac0263ba6598fc323baca6c6cdd695240a13358

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_98CCF852FAA7F8030776218B3AB9F85F
    MD5

    87073f46eddd14517027f1b97b07218e

    SHA1

    e08d9f71f0162cf0e468bfe035b01678e348fb93

    SHA256

    a84a13ef3df9345c3350512b8a403f8448057e491eb14a267906cb1a772bcb26

    SHA512

    c3e5ad05442909cc21e69af9b37d51dd4d6261c6c2e6fad938d53e3ca1bb9e9ef924579bccabef17f1668d13c14a5ba0097edad316e07c2449dcedb1cbcaa1ea

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
    MD5

    ff761632bf0e4c20c4d9f27334f7c9b0

    SHA1

    f78b19175b23c9c9922090b61b482a1f055d0b48

    SHA256

    2e45a317b9dcd51ca558360abe7d06f7d1900bd84a851d82230275456b116403

    SHA512

    b3bfd59afa5ece38bc617db153bcc5f20e787e5d56b12ad2ae6dba6d5ea5d57b5df96659fff9d37f0a1303891dc978e8ccceefe3b8c45d21f0cf063440ac92a1

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\12RNZYNO.cookie
    MD5

    4a079e6ab2d9d3903740d2d8ba5e9e4b

    SHA1

    6ac217fa67a1934c601653c82cee6182d36b5dc4

    SHA256

    5a71569107413110a1f5de8bbee0f54f95183ee6c293cd050727d6eacbafe112

    SHA512

    60534262b0cd74137ed26e812e31759f9dc881a13104c9d51ef3a1b777155fe7b6cfb6de2e479dc86d7b398a9192b2a643ac3fef8f8c0e1ced0d0beca2518619

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\2E7EPT0S.cookie
    MD5

    68e680083e7d88eab99eac4ea7beb4e2

    SHA1

    5dd28d1759d89cd70901a1d9c8fa6895f721580f

    SHA256

    9be99cef59ccd3a4392e66f8ca71f2185cba5c7582404597f5532ad5ee104ce9

    SHA512

    3a30f04ca9d9c17b08d27bd8952b01b6558877f447c0fad57d7a6e7edd6ee10ed9967affd2daaa70066b6534fe57a087365d9e0f5034f1d88ceb28cb12f4c827

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\2MWU6RG6.cookie
    MD5

    14eb2e262bb2596caf08b6b9d1d22236

    SHA1

    56542abb92e3ae6875b8e50801e4b55ee14d6c31

    SHA256

    e5bf06300dac08f196c55a87c32ce99bee30a0628c1cb53e9da122d4499db159

    SHA512

    e5ac7124153cffeac34f5f18f73b835e40e370dca92c2be21dcc83b9bfaff8178a5be04150342b9b15b4bed0e3953e693a49107acb64dd99618e5c2c11cab0d7

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\DRZ9GG7F.cookie
    MD5

    f94cb1255772e9bf07f74035ef260b02

    SHA1

    21c638433e7ab718a5bba627094c78dd90d3e1a8

    SHA256

    fb853557dc57ef9d4145ee7e845886845e814f98336ab6df6b05582036c39874

    SHA512

    67d3e3999a7bee7bdaa6ac7ed92f7bbf94f7828921ff754ea8a929be5e2f10ad6599b33ec421c2903063d2e60e46b9fc76212c3ed1384eac3f0503df0d810cef

    Download Submit
  • memory/3884-2-0x0000000000000000-mapping.dmp
    Download