Overview

overview

1

Static

static

URLScan

urlscan

http://voland.link/X...

windows10_x64

1

Resubmissions

24-03-2021 22:59

210324-ek4w44q4b2 1

16-03-2021 10:19

210316-1ad7ax3a3a 10

Analysis

  • max time kernel
    104s
  • max time network
    129s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    24-03-2021 22:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://voland.link/XgHcsrfsm?cost=0.002&currency=USD&external_id=210316043550f299aa48d24b95b3594e0000&ad_campaign_id=1735701&source=clickadu&sub_id_1=1711301

  • Sample

    210324-ek4w44q4b2

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://voland.link/XgHcsrfsm?cost=0.002&currency=USD&external_id=210316043550f299aa48d24b95b3594e0000&ad_campaign_id=1735701&source=clickadu&sub_id_1=1711301
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4032
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4032 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2220

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0BC7B7DBD591BA0B96F4D871D5C576B1
    MD5

    80826b64c766032a8e9de27c5eaa62ca

    SHA1

    181b2ff7214c92039e3f11c4ace7ee136cb3c34c

    SHA256

    d2d31ad1536c2ba079deefc7239e1473f73d18473b0db9211e390cd82d74b48d

    SHA512

    51fc28d274372487af4e18ac9d6b62234666be93098f509616343ba6e14493e5e72935bd30872c41b31da2a51235a8da4248de66c7ebe64473b3c3440e26c641

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4
    MD5

    50d07e64e3238da3764e519781a4c457

    SHA1

    df7812d8516572253185a1a09440450a7719ec1d

    SHA256

    2d6e623cbde0b5632db298f854119721d4974159da4125481674bfb41c61688e

    SHA512

    7628988e2822282b47c3796238bd87aac5b73e596fa4b5bfa57746890bc2cddc0e0fb445ddc27b1431c029bcd5d1787f64adb7f777583e7d097a8095832ceb48

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    2debbfcbfd04662fba4c622e03403009

    SHA1

    ab52c891c5e3960679e8102bd83d82b1879ead9d

    SHA256

    d5669039f9ab288a5fb2b62fa0227b3db4057d6fc30a8c023925aad71330c81c

    SHA512

    ff2a91702d915c340b30b957d7f20f0c203d80c9200fd7be8599f3e5f12c71a2adc1475fbb38588f2e39e9c2fa5a11743e12e228996798cefb28e18739ee0fa9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0BC7B7DBD591BA0B96F4D871D5C576B1
    MD5

    2600f87ab3d769f4f722f266bea4d829

    SHA1

    443bf6a2ec86448de43228fa7d4c243f4e6af98a

    SHA256

    047eb24df53eff68c28694a2c7245d164e5865fa94d1e43c63b980e80093157b

    SHA512

    fe97be877de76d207209e647589e37ef0962f6029dc82e84452720e6f3dd5d2ddc225a758d34514be25a87b0768eb12e15c2604e19804c185be155cc87f27dcf

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4
    MD5

    cbcb45649da340ca12ecd48208121b4a

    SHA1

    0f691b8f47e2205e78d9735c0aeff1f80ce9895e

    SHA256

    526f6febca705ee7d13bf428d7d8b4e3add03cf96125ae9558485f4eaded93bd

    SHA512

    0175d7055360c17ce43b6c1023d480b6d5a3d9eb0b50a380bf2863ee6bc5a97300f99617ce3fefe81b475e4f3c959b0fbbd1d750b368bf3e53d084eb06ee0a8b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    31e35a32dc094e017b846e78722d9d0c

    SHA1

    8642b2ad518f2752b2d49fee18c9b6d9870306cb

    SHA256

    2f403c9e70e6f5d178ed15657d5f4c168d79146dda9225d52a893e146719d3a0

    SHA512

    624eb5db4fb39723a4f8a39a72bf5d8d5b940eafabc916a256b981733b367c714020bb2e5fa97a4558a6cd40a979d4585b7427a153ecb283d0f81cbce756ea49

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\BDYQ6SJY.cookie
    MD5

    ac2d56fb39679042cd614427549fe6c4

    SHA1

    45e8eddf86f390e52b2ea1874e2c59882beb71d4

    SHA256

    3363b0e2908f255afd2adc51106b2014ba3bc4873accd15623fd1dcef200e9b6

    SHA512

    361ab79e756698e76091666f6f9013b29a5ad8b8be140f5b98b8f35428f6b82300471ff369a687ae29433ddddab2232c14cba5bd39e8cf5f455672b80e686720

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\U0Q03QLX.cookie
    MD5

    bcfbd59bee95bdf000d52080e96b6baa

    SHA1

    d192c874f63d2dcdf458523b08825543d5991fd0

    SHA256

    3cd340d8ed99db26a9127d6cbe0634b0fd6cd5ed55efd91c668819b5e93936c1

    SHA512

    a88e2bc07e7bb72a75e8686375e6bc4d342348ee8c3ec288aeac133cd413fb78346b1ac68cce3d34e39b527dc33e41ef236025577e2dc78a095653f628bc2d43

    Download Submit
  • memory/2220-2-0x0000000000000000-mapping.dmp
    Download