Overview

overview

10

Static

static

URLScan

urlscan

10

https://877878834873...

windows10_x64

1

Analysis

  • max time kernel
    70s
  • max time network
    141s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    14-01-2021 13:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://877878834873477923747834-secondary.z6.web.core.windows.net/#RP@RP.RP

  • Sample

    210114-q2lnlh7p8a

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://877878834873477923747834-secondary.z6.web.core.windows.net/#RP@RP.RP
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:424
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:424 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1620

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    1c719258028a30f4c5c4b9927bca78b5

    SHA1

    74876832f8b66db34beda49067d1cdcb54a809f8

    SHA256

    c6a5befebb221e5937f4985c5aee4897942e9469ab7e93a11b7d05c33cfc57a5

    SHA512

    0c2059b78f00f5dbac85f91e6661734e9de9726948edbaf1ce1224a3156203072c40f61e00c0c5bbb5cab937e7026e4e90446e941e2d504ebcf9b877ab28e493

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    b3398f71dd36db78c7979d7bd69d16e9

    SHA1

    691359f8644cbedd1a03c8da94dc895c344f9384

    SHA256

    35184f72fd88848782c51f1a7f28b0859a4254111477f9c3d74977f4a27f3a6e

    SHA512

    d64c437a830de8166b2f1247205f1e0968bd742f4eafe57d9a8102211f5b649e7812bb7e48c74e25986ab6276acbf53c02e8a289d8c51fa28f80150c1ad40c51

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\06EYSFEW.cookie
    MD5

    e9434bb2d6fa038f147ee6850c01546a

    SHA1

    dfe61426a7c347055877bfeb74eb640802928342

    SHA256

    ac162d69dcb917b100d21020a21fb8a99b6de15f1b9dd54a3792b49b8beeb2eb

    SHA512

    a54907a8b96208195b7930420655e3696f095749afd71874ea960a8e829606206672783b27b78f223ae8009b606d284f26ffa48851bd56facd4a755ba097ea0c

    Download Submit
  • memory/1620-2-0x0000000000000000-mapping.dmp
    Download