Overview

overview

5

Static

static

URLScan

urlscan

http:/afev...h.com)

windows10_x64

5

Analysis

  • max time kernel
    91s
  • max time network
    140s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    22-01-2021 07:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http:/afevolenthealth.com.elitemodel.ru.com/?tty=(rdirenzo@evolenthealth.com)

  • Sample

    210122-yj91kahwae

Score
5/10
ransomware

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    ransomware
  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http:/afevolenthealth.com.elitemodel.ru.com/?tty=(rdirenzo@evolenthealth.com)
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1308
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1308 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3840

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    0f097952ad186b9b054af45d0634fac4

    SHA1

    b5e22459f08bed323b3c95e6b9c07afc8f5471c6

    SHA256

    fea64d18b821d18ce99223d538a4a944c5b371da4a20d5389ec81afd10bea34a

    SHA512

    43a74a8f2b66b36aef91c114566ac23c9a7720f04dc0695aff3ea1cec0a3caf75dbdedc1a0cac899fc1172b46119536f81bdb0f1e03df46129da79f2e8fea42c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    883b58bb7ebb77a3bd17b77425d22768

    SHA1

    bd2fbe1b8eb2b99aff054b3491ab5058c08e65e6

    SHA256

    6604df40417af87cc5fc25f34e0af91b2fc5416a7057f405f9d76afa507ae315

    SHA512

    132fd95e301496d582f7ea6e853915f16e3c40e6b910ff2fc0654e5250ac144a2962dafcd69e039cf757e04f6289005062182acd6d30b1f9b3ff90add1f1189b

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\P3ILND96.cookie
    MD5

    d1fb123aa742dfd26119d8c5e6f66af1

    SHA1

    b97e4eec502f08f1d9a252bfbb984870470ff853

    SHA256

    b62a92780cdf535654cf7b8c04f57f1d5af0b1500e61a83079ab4d28a0d7be21

    SHA512

    83df48004bc91223f4bb76d7d3c963af9722db24ed34c5a2f328ba99e459cd658afe2c58abad54bf8c965ba65a5934e75b85665fbbe6efdd4fce13ecc53d60fe

    Download Submit
  • memory/3840-2-0x0000000000000000-mapping.dmp
    Download