Overview

overview

1

Static

static

URLScan

urlscan

http://links.aulavir...

windows7_x64

1

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    14-01-2021 10:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://links.aulavirtualctp.com/ls/click?upn=tFUIngqred1NjfeD5edcCNrvBsaKIDPsWNP7mkIOlEYMCRarHKLzBUf-2FfxjEaYui5LwyFXIDyrw7hFVsR5a8kW48o7y2TSFKWCzy5bUnPTxZf8I3u13PugSC6EnmrdcB-db0_YC-2FO-2F0WUamKGHMkYDY64z2CMGmlojasZl6ha-2BVhL2Jwarg6J3VAX096jWbI1s9J4LE6JgcBwKa3IejdPKty7-2FwzbFEB8mbC1YaBNN15fvitRcpp6jw7zP7mSwddNlzNhB38XLmGOXzthsTsLYiCJZlxkWt1k34GqgB-2BbEip70ioBeZ6F0skR562wd-2FA8taeU0yPouEVQsAPlmPhc93MS7t3dxyroRD3-2BjHE5nbsDhTEGQwUECy0nldMEtthmqlrS

  • Sample

    210114-cxebnkv9yj

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://links.aulavirtualctp.com/ls/click?upn=tFUIngqred1NjfeD5edcCNrvBsaKIDPsWNP7mkIOlEYMCRarHKLzBUf-2FfxjEaYui5LwyFXIDyrw7hFVsR5a8kW48o7y2TSFKWCzy5bUnPTxZf8I3u13PugSC6EnmrdcB-db0_YC-2FO-2F0WUamKGHMkYDY64z2CMGmlojasZl6ha-2BVhL2Jwarg6J3VAX096jWbI1s9J4LE6JgcBwKa3IejdPKty7-2FwzbFEB8mbC1YaBNN15fvitRcpp6jw7zP7mSwddNlzNhB38XLmGOXzthsTsLYiCJZlxkWt1k34GqgB-2BbEip70ioBeZ6F0skR562wd-2FA8taeU0yPouEVQsAPlmPhc93MS7t3dxyroRD3-2BjHE5nbsDhTEGQwUECy0nldMEtthmqlrS
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1424
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1424 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1784

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\013515Z9.txt
    MD5

    bd059a77166648b01dd897006cc01899

    SHA1

    35672b438b2751ea77b69cc8a6b8089ae022d9c8

    SHA256

    6a296cfc15ef55af3ddbdb3b3fc6fe9806be4b6f8867d4e8b5c6bce47214cb76

    SHA512

    a4ba38a511d82a4f08b7f23d07c00c56e5f23df3103508a3db0673f313735cf577db58bb6bbe333062b4ca51473dd39077eff52cc75bcd753bdf7b34aadc3108

    Download Submit
  • memory/1784-3-0x0000000000000000-mapping.dmp
    Download
  • memory/2000-2-0x000007FEF74A0000-0x000007FEF771A000-memory.dmp
    Filesize

    2.5MB

    Download