Analysis

  • max time kernel
    71s
  • max time network
    140s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    08-04-2021 08:17

General

  • Target

    https://go.cloudplatformonline.com/z00X3ok000wJhpYPGag4W00

  • Sample

    210408-w75gx7r65s

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://go.cloudplatformonline.com/z00X3ok000wJhpYPGag4W00
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1132
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1132 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3608

Network

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    722644914c5b4c8b4b1ae98056e80044

    SHA1

    b4cc32760060d999dacd32d124f52e00c3aae058

    SHA256

    3c7b8aeaea4d8ca2d6635b44568bb145a37a6ee9f035f1708867fc1c55aaafd2

    SHA512

    a511e2fddedf3d55c766470ddb9817eedee3dbbaec05ea4f110e6f1796480b26f6931a7a858a3be2e9ab6a4f0c75572f471903d5ff16eac8f85ceaa73f4b3aa6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CC197601BE0898B7B0FCC91FA15D8A69_0030582DDF0EAC5444BD4E96819D0F03
    MD5

    40c6259b158798162661013649ced783

    SHA1

    6df75c7353f73989cbaf33a3ef6a6b53785b1c35

    SHA256

    aed5798bfe8113ab88a4d993fb94c4e3979eb3c7e8f1ba5705e85c3f57f19e71

    SHA512

    0e25fe641b71dc1026169c7c166691ee7e6612a88e9996e49b18cd54eef935369f5b1e8c70e3736d79e083815291931a647e9e19f8708189e6123a28d16314ae

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CC197601BE0898B7B0FCC91FA15D8A69_8F478A6BD274FE3753A4E21122FA44DA
    MD5

    21ecc06be4b146d517e858bd96fb0ce0

    SHA1

    13af82a77a0e0392e9494790040438531affa4f3

    SHA256

    aeb96702a17773b9ad09ca8c0c421066657c2055d50566d9ed61cb6aa4efc01e

    SHA512

    371a6041b4c881d01d06a3288d0545dd7d2c445e4274dee96b74bee9ac053adeb3e49a95135e4f5f503d776aa96892802bd44d538280e4afc21664941db131f7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CC197601BE0898B7B0FCC91FA15D8A69_F2514AA8E6FB61AC2E3C58BBBC881906
    MD5

    06b6f8bda23ba0f9461b4a13fa45b23d

    SHA1

    b06996719b6a9b16c9e62f34a5b3ef24f233a216

    SHA256

    f64b3f3f10513c545517a744723caba60f5cf4ec58bc3a7a1d3a99c2157edc9a

    SHA512

    b45667f42e17977c05972fe35c450b00f3830e0bc21f2b3883b58db73ff0334df36cd6a0f207aa58439f68827df9ca38fa18f48f0e46d3679ad6887ac29b7aae

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
    MD5

    4f914d6a12b48374677859978d3def97

    SHA1

    d29a1ff9bc1fbf5c4c0cf3210c9aefe33fc8e5a5

    SHA256

    eb9ac8c88c0857b9588076073491eec79f4725aa32bc7af00c20ef31095d1d68

    SHA512

    ab9cc44820d05b5207d1210e189041f3df258346619f05ae1b058de8b358438095a09b0fed26fcf09d7d08caae353f680936ebe24fdc94c18411463d5ecfbe61

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    4f2086ff7522ca0937c38894c0dd16fa

    SHA1

    9b53ef0239d341b5215e6c15d9d4554fef74e97c

    SHA256

    443c9604e65a539d893f0dfa2be44a9db958cc4c9530495e2e92fddea6f3ec86

    SHA512

    39f1f6ad3cb09406dc1ee5254b42d570f5dbd19cec1a9f12738fe0fcb0eca261d733183de312e971ef906ebcec8aa2fa98443cbba9735010952d2671b7f20589

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_0030582DDF0EAC5444BD4E96819D0F03
    MD5

    b3a0213dcd776604b9ea13e4a352ef28

    SHA1

    b794d2f73c0469c350f23ba4fedd3712ed8159b9

    SHA256

    ce400583d97fc946683abfe57ae1b4f3fc22a4c6a762be3b85d61a750fb20c61

    SHA512

    f299db327e8d2b767a11b0eaae34ebecfbd84a5d36d91f5355dad7a57b3c2d7f7f84252cebf063c9e0e363fef853320c604f3e39a2e9c696ad558bdd7f47d5ec

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_8F478A6BD274FE3753A4E21122FA44DA
    MD5

    f964d4bd74873e9b262ea3d04b6466f1

    SHA1

    0b613f1b4ef22e9aade253ee1b32f23f539aa1a6

    SHA256

    740c91a08b2cd05fd78a2706968a0edffb794068e2631c6aec0c385f3acb3da3

    SHA512

    a328776d86d0f1d195a14ab0a79e060ee5c69f9ee73fe5e0cf0fa9195c90b9217e2f6bd9599a746d0af8e1a6b8c24bfa46a3fada403fdc2a2f01f377ee449f67

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_F2514AA8E6FB61AC2E3C58BBBC881906
    MD5

    274f4cfd1c0f74cbbe25952c89084c0a

    SHA1

    cb181fd7257516ed61497f22ebbbb76e0534d8e5

    SHA256

    3f4027ccd04a97a22b1983e10a68f3779fb56c2e07e1a70c4c393a549e295c64

    SHA512

    3603d8f7203dcf9f56e6c2d1ebc3b2c68e6b5f26d6b5796ebb96dc91327836dc8afce4b6bf20321d336ffe91bf7db6f791be5c19aef97386aa4308dcd0503b08

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
    MD5

    9420dba78523db707d01c29557fa60ae

    SHA1

    9f3d48b4127840566ac1f1d822ac0cb35f93b6fe

    SHA256

    6d5885ec50b23fcfa73c8ec6b4913df6f3e88b3aad1969356a4a851818e5df94

    SHA512

    386bb8e9e9aa97d45574a02b0f0b532a71e4670427f1f029df8625a99f685965f83522331090e524587360f9ae165e2ddc871defa643d8e5d3ec3fba669764b5

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\09XG52J2.cookie
    MD5

    9a206574a3b2655a2e46aa4de713f000

    SHA1

    9f2ebc6cb30c6506d147f1d7bd5f5a79308d4d2b

    SHA256

    77fa600e85c49b9715daa1a5a6b11dc8b8335e456da49867c7a1e87df8f70d64

    SHA512

    e718029f0ecae9cae8cb17dae7aa3326fadf583263ba262bf289102539c88b8458e731155b2d4fed567706ded44f0a8730b602c4c0c8f36865a14ba800552b86

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\GJ4FZM7F.cookie
    MD5

    4f48b5b9095590260f65403c9945b5a2

    SHA1

    0b14d015b026e4264db24360280a3d7b88d4111a

    SHA256

    5f6e0b14f320adfefb5b22e8508147e5d3361954e629a1d98a7456526f6d4535

    SHA512

    041f85403be45bd53411fd04d831ae837d72e073e6fc0d51528a65e7c9d648fe184989ddec1bb1ae628eed6dad0c457521dc43445a4613427c19ae41f67a8a74

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\UYWY8SBG.cookie
    MD5

    7d89a9cfc9b02febbfe972dbe3d73cd6

    SHA1

    e44fcf3bcff9aa1c5faf90a45fd3b2916f22257e

    SHA256

    277ee2c2cc9df60534d9741e721328eb5e4618e0147ee58dd18187a7d9ff86ed

    SHA512

    af2a9828e94ade8cda0238eaa596f11757c8a48bc91f39c6542bff78ac12c8ceb254505f47d0e6744ecb080d08ea7bec6ab1cdda3a5147280aae72123363270c

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\WP4G5N9A.cookie
    MD5

    8d005b89c884ed3627a991de960ccb62

    SHA1

    a42d27050093ee325f6d91f4fed7b3307284197a

    SHA256

    4f85d05ef53088db266f995f223fbf46decf60489246d90fd01be972dab4a82e

    SHA512

    56436b21021f8ad93165ac849456c64add12eceaa363ad1e53bd222927f0b63950949a3ced99fa62477d5fe78d2fa06bbdfbb49d7c7b73d50aed0f3af9ebf9c4

  • memory/1132-114-0x00007FFF3C040000-0x00007FFF3C0AB000-memory.dmp
    Filesize

    428KB

  • memory/3608-115-0x0000000000000000-mapping.dmp