Overview

overview

5

Static

static

URLScan

urlscan

https://fc80768cb879...

windows10_x64

5

Analysis

  • max time kernel
    91s
  • max time network
    143s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    22-01-2021 11:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://fc80768cb879e947eb181b6380e187081c993194d69615fe6e2e11020224bd1c

  • Sample

    210122-ynwcagwe4n

Score
5/10
ransomware

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    ransomware
  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://fc80768cb879e947eb181b6380e187081c993194d69615fe6e2e11020224bd1c
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4020
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4020 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:584

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    363ce345dd84ac3a6edb0653e87b62a2

    SHA1

    2925219d92bf0315a2a5c6099c8b63dc6df5a718

    SHA256

    067cabdbae3ce4c23f1e43b5f564d69b41d75ebb0cadeffdedc8bf3f3f959cad

    SHA512

    d324d1f2c59d9b71e80958194a096efcb581c987c566179649a9c0e5beeff4344efac93db77047a3fe1700e266aad3e8170a4f7fd1340ee8abe6669d77ea9089

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    e81926d8771cc34ca66b773339a1e86a

    SHA1

    be5e0235f7066a1aa2f5b32e2de6639c96df8371

    SHA256

    dd6d71b7343d848f9dc7a7d2ed8cc4c2bb2619801ee1ae4fc3badb3b7a3e95f7

    SHA512

    03611d4218eb606a469d8afd756cd83f579ca01fb574a1080c2ee8178ff74805348a9e84fbe985e63cfd200cca8b5dd6c92bf17db25974616dea3cae41d81e30

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\UYHTE1S6.cookie
    MD5

    1e3ac150c39bf3ec20e4cbcf8e1a55fe

    SHA1

    d1a2ad75abcf816b0e3c4dfd22401e5795726ba8

    SHA256

    2e352da9e2acb0bb9aa8620a775af7eeb3385527db0416a8069562a28af20732

    SHA512

    0f4cce664520af9a1b4df5511dbb2f829f655a02df1272ea6473d77035f4a69c40f069a72dd14d057676d68ced2b9bc364bcaab33c87204ee8f3488043c79194

    Download Submit
  • memory/584-2-0x0000000000000000-mapping.dmp
    Download