Overview

overview

1

Static

static

URLScan

urlscan

http://www.cat.edu.a...

windows10_x64

1

Analysis

  • max time kernel
    91s
  • max time network
    151s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    14-01-2021 00:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://www.cat.edu.au.eimg.me

  • Sample

    210114-f2pp4w8c1s

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.cat.edu.au.eimg.me
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4768
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4768 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3476

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    a36b44d5adb4041932847abd904a977a

    SHA1

    d26d17290820c64c4139b4677633df29ab51c6b2

    SHA256

    9cff6cca3aa67e7e5ee897b37889577e1cfb2b68036849202a11b33d9cba569f

    SHA512

    4edf5ee43ed3045b027027ee8b4d16595c7e4945eb60d24ea4d37ecbbb9e1333e01cc6a0031af28edcf26b686287f1ad4ae2093853ae71a1747c428e78d0832e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    9618bf0cbd929f26c2250280dfe08629

    SHA1

    6b1bc2d658d50f19dbcd3e313add4039c9707525

    SHA256

    e9a92e94c8dd309b2e5b0c8f370765049a4f94813a31fa52a104ddcc82b3ad20

    SHA512

    054e431906260ee8ee8ab01a5beaa4eef7aecf962306980abbfece4b67396fd9f57c2978a2cabf6cc344c15bbcf7dc2813136eb31fd23603f74f5decf672f64c

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\TTPARYAR.cookie
    MD5

    c9a844bdfb6db33e5d3df8e3d93d17de

    SHA1

    3e16729f63d5f591eff40b0d36e78d25847682bc

    SHA256

    5c3d505c66d033fe602fb9ef5cd03491e52429b75a1a9058af12b0795f3b858d

    SHA512

    6ab1e2fac641f3dd52366f473bd4cad23cd4f0864ca94fbe97e287eea007d7afa601342476a869192e9355b0d88eb90ef4ee2e3b94e80f08ca7bab6e49f7873b

    Download Submit
  • memory/3476-2-0x0000000000000000-mapping.dmp
    Download