Overview

overview

1

Static

static

URLScan

urlscan

https://bit.ly/3t0AF...

windows10_x64

1

Analysis

  • max time kernel
    70s
  • max time network
    140s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    08-04-2021 08:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://bit.ly/3t0AFIo

  • Sample

    210408-2hq5wl4jvx

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://bit.ly/3t0AFIo
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4708
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4708 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:5108

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    722644914c5b4c8b4b1ae98056e80044

    SHA1

    b4cc32760060d999dacd32d124f52e00c3aae058

    SHA256

    3c7b8aeaea4d8ca2d6635b44568bb145a37a6ee9f035f1708867fc1c55aaafd2

    SHA512

    a511e2fddedf3d55c766470ddb9817eedee3dbbaec05ea4f110e6f1796480b26f6931a7a858a3be2e9ab6a4f0c75572f471903d5ff16eac8f85ceaa73f4b3aa6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    725f54f3b42a208ac88bbcfc7d632ef3

    SHA1

    7c1eb84db58d5824a3fd0e5a1743f19bc3114aea

    SHA256

    0fa5547a6bc39e67baef94de9dd321e4a4d79fdc73212127237e4c75836da0bf

    SHA512

    611526d62547423b0d63e1f1e9f959decbf20ad0737b983b9024d7c7ccaee3f04b63ec8b3f69c59cfae34c5339108e704e8f1cd678143396e4520417dcfd9bfd

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\3QGX88LH.cookie
    MD5

    d9fc9e36215374a40910de83c6dbd296

    SHA1

    4d8538b154281533be81e7331d5fbfe63eed4ecb

    SHA256

    06e74060d4e874a90ac30141faf5c283341ca9c6cb0772332821e36a5cecc174

    SHA512

    2d486dfd088bb15b0dc472da99de6e22af2a830b8878e169bbe83ea1b225e6da913644826f588b8e388563b947d6db2248a41b04537ccd5b843a779ecf32ccee

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\ERNLB1RT.cookie
    MD5

    408ce3b92a046a0d8211db24de0da287

    SHA1

    f3cc359234c5cfc97f782c0a0602f11440dcdc90

    SHA256

    0955f9a03e5cdd544bf5327407742dca2dd2bdd43067e7fa175c1777e06ea538

    SHA512

    c2a0bac48199b4b0db666313508cb640ab4e7974514aeae0c4032dfe51307782d5147650887e94c1f271ba90806b7f41510fc04e1544f33bec4f7a205792d775

    Download Submit
  • memory/4708-114-0x00007FF865FB0000-0x00007FF86601B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/5108-115-0x0000000000000000-mapping.dmp
    Download