Overview

overview

10

Static

static

URLScan

urlscan

10

https://smartjack.ru...

windows10_x64

5

Analysis

  • max time kernel
    71s
  • max time network
    145s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    22-01-2021 10:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://smartjack.ru.com/cgi-psl/todwll/we798orl4gjynq5hmbuc2a16zxdpskt0if3vl4e1toxrhiyva5gu6f7znqw3d98jmpsc0k2b04if61zjl2sek9wnybtd8ugcxm7o3qarh5pv?data=cmRpcmVuem9AZXZvbGVudGhlYWx0aC5jb20=

  • Sample

    210122-36klftm2x6

Score
5/10
ransomware

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    ransomware
  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://smartjack.ru.com/cgi-psl/todwll/we798orl4gjynq5hmbuc2a16zxdpskt0if3vl4e1toxrhiyva5gu6f7znqw3d98jmpsc0k2b04if61zjl2sek9wnybtd8ugcxm7o3qarh5pv?data=cmRpcmVuem9AZXZvbGVudGhlYWx0aC5jb20=
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:652
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:652 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2936

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA
    MD5

    8bff577f417ebfb33409f678cdd512d7

    SHA1

    e2e561e87dddc04adc7496817c28104e09e79c69

    SHA256

    da17255c28bdbff0849c4913d6307ba840cf89822019e9efe6e7680d2b99eab3

    SHA512

    fa63eca2404dece12fd8635aec294580d1a45327897ad49fface5f9e6c3eb73d2eea9544930e3832e39fda04233fae5bbd5ac8b1f18a4f370284615ac44e19c1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    363ce345dd84ac3a6edb0653e87b62a2

    SHA1

    2925219d92bf0315a2a5c6099c8b63dc6df5a718

    SHA256

    067cabdbae3ce4c23f1e43b5f564d69b41d75ebb0cadeffdedc8bf3f3f959cad

    SHA512

    d324d1f2c59d9b71e80958194a096efcb581c987c566179649a9c0e5beeff4344efac93db77047a3fe1700e266aad3e8170a4f7fd1340ee8abe6669d77ea9089

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691
    MD5

    3c7d8e0c75d454aa04611f40d4d2b83b

    SHA1

    325fbac43c67d772aabc43ea9e1898b45540a1fa

    SHA256

    05d24317f4f2d18cbb4572e508394e19411f3cd5f5f42974d8ae46484fa08978

    SHA512

    39f64dbab85b4f821ae7066723a4be7a00683198e5c60577d7dbf2609282b76658d38f7eb8f7f2edaad14a4592e5c19475c985a86072f4c2bd72aaa380b65f31

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA
    MD5

    5cc93773139fabd72936686d59ca8234

    SHA1

    17f22ae671c40979a73459d525cdd66b05930a4a

    SHA256

    a5802542950450b3603cab9736951ac5bf46b88ae06ee657fb1e73b4c784ab25

    SHA512

    af69105116e7bf5dcaf62cdd8f30392e40c5801eee695a25fdaa61ee0cc978ced93a3d170f953f0fbc8ba68ab0c8421a475ebd7ed733955fa94333d341f480b5

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    4410771dcac33a304c683841f7e91870

    SHA1

    b552e82b3a5cdf9be515f926e313b3f56bb75581

    SHA256

    b4509037a30b83d4029fb4f337a07ac514a2938ed484f9d3b18ad6fa2fa5dc59

    SHA512

    73ebddc2b739743f2f2a847268c4999ef6e8dd1d15b3ffcd599f29390a636c61ac4d73fd79a9c32145640fcde6e45d6768c3233866189f376fcfef6de570c8d6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691
    MD5

    46ed54a439410c79966a6b5b03181013

    SHA1

    fc0dfd12e210626cfee59c38950baf2be0c078bd

    SHA256

    e722b342ca980a55314c27725844e4ea5a22887626ad90d3357a01570f5b297d

    SHA512

    19b08a38aa858c4707b60f1c30054e408528b7839020432871c34ca8a6db649bdcbc2122fd286a0911e74b29bd234cd90b859294343707419d46ab491ab8555a

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\UU92537Y.cookie
    MD5

    8dd4dbe3b34814fe7777c94e9f4ab5c5

    SHA1

    b1cc8648ad4deba5a8d250a988ac76354f20ac4c

    SHA256

    edcab6a8bf1a4a5be96514e4cd3d7d47bc66a883daadde4b501397461b6473c3

    SHA512

    29036e7d741a9f3c0773ced219c799c462762f1211ae2d548bbd6c02c0f1c1febebacfc3500ba21ab0313ed234705777eefbe4c76a898bc8e534ce5c4d31694b

    Download Submit
  • memory/2936-2-0x0000000000000000-mapping.dmp
    Download