Overview

overview

10

Static

static

URLScan

urlscan

10

https://commentpatte...

windows10_x64

1

Analysis

  • max time kernel
    71s
  • max time network
    141s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    14-01-2021 10:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://commentpattern.com/

  • Sample

    210114-71ys7mw9y6

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 59 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 23 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://commentpattern.com/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:636
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:636 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3724

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA
    MD5

    24a07313624f427cb53db0d982e3b992

    SHA1

    589f641cdce080cece46fe42b9202f1a9800eaff

    SHA256

    beb51f30846230636c6b34fa99ac5aa6496a4b92fb35538088a2d71eec5820c6

    SHA512

    58ba2327f010079e3cef63bcdcf25c5338512c7bef12e2f66440498c79b23cd7a27e3f410ec67a2c4fd22f682df4e5596ad866a50a41000f385daa6e5dba9c3a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    1c719258028a30f4c5c4b9927bca78b5

    SHA1

    74876832f8b66db34beda49067d1cdcb54a809f8

    SHA256

    c6a5befebb221e5937f4985c5aee4897942e9469ab7e93a11b7d05c33cfc57a5

    SHA512

    0c2059b78f00f5dbac85f91e6661734e9de9726948edbaf1ce1224a3156203072c40f61e00c0c5bbb5cab937e7026e4e90446e941e2d504ebcf9b877ab28e493

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691
    MD5

    0f60eee223595d0eae179362fe78462d

    SHA1

    a41f26f6a2cc521d5136e84e11355cb37c666004

    SHA256

    16c1708fa4cea45a733e3cbf765c29e8d18de81e2190e2906f153b4c59ab8c53

    SHA512

    f76fdfb7b866c5c19731e285e546e07f0175ba890cf1c37caef350fb0bebafe16098d1abeac70cd2126d072319a619441c30fc3f558f302a399f3b2193974263

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA
    MD5

    753145e56fb96f2b760421e6470fe675

    SHA1

    a11d85a6d3fc9536a0da719787a6815dfc1c806c

    SHA256

    1ba91d8f20935e26a2c96f6ce09d0f0a7de4149966e0ba966fa95b104a5e5732

    SHA512

    9d4621219f001e90a5ae7e9b969b25ad7c752e448f4e509103ccd583090cd1734ab2b6fa7ef3dfcbfbf080c90131acf990e75e2972fcdff96afee7f30a1750e0

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    738f3c5e8273ae7d5198f098228c0d34

    SHA1

    92bc7adedf90be8c1bb6343956643ea08b916f24

    SHA256

    027b53e8b12d45ecfea391982140daa89baaa544536f483ec66deb6fbe8cc210

    SHA512

    19696f8adc37f0d5700459f6e5a5159057a39e5adab298a6bababa4e1fc0a51e3b15663ea3dcdf4c918db89bfa938dd74bdd57ecbf6061e965159a9e8efccdfa

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691
    MD5

    818a30fb1686c2f052ba86584edb4041

    SHA1

    39bd84d0b32412b24782ed0a609179144dc359f0

    SHA256

    b6d1fcde9e6cd8bfe35321095136006b95535362f77c054322335c70cb2ff244

    SHA512

    37fbec736de9fc3a298f4049684e5552fe693e25984a2243338ee741b31454a75ec6d36b88693eb0651bf9ed59ffa1fbc32b88e15ad775943fd33449500144bf

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\FJA777TU.cookie
    MD5

    6cf93dbcc87096a71a58e3b09ae64063

    SHA1

    382eb00972dcb4d87ce33e099606e889aaae0100

    SHA256

    ededd43700dc14955eb3d92fa0890be2962d070e35659bdd276dcfd86305509f

    SHA512

    19d31d2aeb1698e8ccbe19d297658f2ff3d834bbb158ce07910728ad63713b53787b6b40ffce77a5e3443cf74ed29ea05f46d9402493ef4917bb7aa57c444eeb

    Download Submit
  • memory/3724-2-0x0000000000000000-mapping.dmp
    Download