Overview

overview

10

Static

static

URLScan

urlscan

10

https://twc.blotlima...

windows10_x64

5

Analysis

  • max time kernel
    67s
  • max time network
    141s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    21-01-2021 20:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://twc.blotlima.ga/ZXJpY2EubG96YW5vQHR3Yy5zdGF0ZS50eC51cw==

  • Sample

    210121-99ylfx9xg6

Score
5/10
ransomware

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    ransomware
  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://twc.blotlima.ga/ZXJpY2EubG96YW5vQHR3Yy5zdGF0ZS50eC51cw==
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4000
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4000 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3156

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    0f097952ad186b9b054af45d0634fac4

    SHA1

    b5e22459f08bed323b3c95e6b9c07afc8f5471c6

    SHA256

    fea64d18b821d18ce99223d538a4a944c5b371da4a20d5389ec81afd10bea34a

    SHA512

    43a74a8f2b66b36aef91c114566ac23c9a7720f04dc0695aff3ea1cec0a3caf75dbdedc1a0cac899fc1172b46119536f81bdb0f1e03df46129da79f2e8fea42c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    b521e8961f625b38b6dbbbbb3991b80e

    SHA1

    72be7b26bb98a656c68169b30c506bc58f38bcfb

    SHA256

    83171d0f549c98056129c92c0bf2cab1074ff59bce5a5126e5284fc28ce129d6

    SHA512

    699508a737a54321ed0ebeb28f3e9b36f435f9ab439580669c148cf2313071fdf1fc1e424392d39e43e576c7262f6f3a9fa50093bb840de85f6102f1441a43c8

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\E5LLBIX2.cookie
    MD5

    31e27806487fddc05ccddda0890bed8f

    SHA1

    66fa76b6166a3753b7da5253380813419246c5c2

    SHA256

    77f6f54922001d8a5f5006bf146fee130e2178abcdfda382a44ba5a07ddb2248

    SHA512

    a78194caa99b16ed3f3a6c4b63fa98915726d86e01a42ff89e7234651c1d070a9d4131d1c6afb7d863d4457bbb3bf4342fb0c0f059ffbe2a9660726eaaec3c3d

    Download Submit
  • memory/3156-2-0x0000000000000000-mapping.dmp
    Download