Overview

overview

10

Static

static

URLScan

urlscan

10

https://is.gd/SJENdQ

windows10_x64

1

Analysis

  • max time kernel
    88s
  • max time network
    142s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    15-01-2021 13:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://is.gd/SJENdQ

  • Sample

    210115-ye796mkm6n

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://is.gd/SJENdQ
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:656
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:656 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1396

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    7181bb9bc0e18b691a5e0edb9eee8377

    SHA1

    029c1f995ea90ca16a9d131adf2f67a33c904eee

    SHA256

    c350026d937db71fe4bca437a5dc91baf65e3c0826fae0d04a94f9966ca178ba

    SHA512

    bfc242d4457c42f003b2dc8dcff51444c1d55048a1cab0945cd13d51216484f36f6c9240903fa444658b6545b1dc04879a08ef8fdb3b67ce28a3da5daf793680

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    e7e10ed29e7f198ee8a0c987f43bb0b0

    SHA1

    a361d4f45b65cea88ca09ccea2c853f6a584d5d0

    SHA256

    79707b3e2b4d92666324b591bc31c99e2d0da50d15aac4f01e1f6b825289ca6f

    SHA512

    a6c10172efb876d3898a2c89ddaf86bb9b153f35f0efd8c79cf37160c25f99abfca35267967df5b007e92600af17c2f85d53eda02729d18cc0bcfacbfa5e987c

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\C83T5HTC.cookie
    MD5

    8a185302cf5ccff894621924243b8d40

    SHA1

    cb07eec9d9a7a8f4cd81e77347e0eebf65b567a3

    SHA256

    4827f08bd1431c40c6ac1ac79439f162eb77c68244d7e512295b9aca60514593

    SHA512

    72a5193398707a849f476608b1447b2cf3240c10c21bd2f14c43303f78658f8f672ea66f552866a6f444fa5484032498bd07767ad0deab8c5aee5549e768557a

    Download Submit
  • memory/1396-2-0x0000000000000000-mapping.dmp
    Download