Analysis
-
max time kernel
71s -
max time network
140s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
08-04-2021 08:17
Static task
static1
URLScan task
urlscan1
Sample
https://go.cloudplatformonline.com/z00X3ok000wJhpYPGag4W00
Behavioral task
behavioral1
Sample
https://go.cloudplatformonline.com/z00X3ok000wJhpYPGag4W00
Resource
win10v20201028
General
-
Target
https://go.cloudplatformonline.com/z00X3ok000wJhpYPGag4W00
-
Sample
210408-w75gx7r65s
Malware Config
Signatures
-
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f7971241b4f76a479b643cf517abaedd00000000020000000000106600000001000020000000be77fb9e218242daa92d19fccdde0dcd8fa4ac1d546fd9dcf8ca077410af74bd000000000e80000000020000200000005760cf926ee21303570e77180748c11c5da6c2048dc91483fa814cac3208bcb9200000007147e4913c4e1ae40651de59e953ba908f8448bd68c1f657ca5e0aeb3804bd8640000000758596e5ddfbc8a6e2a036d192a6556d8bfbb173fe4cdd7ce7b01fc36c0e8afe3f687553564287f02d4412bcfc92f0fce421ed96a555dd9ccacd62cfabec3fdc iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "846455389" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz! iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "324683198" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5DC92B97-9842-11EB-BEBD-5A6C71108AE1} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f07400234f2cd701 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "846455389" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30878799" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "324634613" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/ iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30878799" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "324651207" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30878799" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "859425363" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
iexplore.exepid process 1132 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 1132 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 1132 iexplore.exe 1132 iexplore.exe 3608 IEXPLORE.EXE 3608 IEXPLORE.EXE 3608 IEXPLORE.EXE 3608 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
iexplore.exedescription pid process target process PID 1132 wrote to memory of 3608 1132 iexplore.exe IEXPLORE.EXE PID 1132 wrote to memory of 3608 1132 iexplore.exe IEXPLORE.EXE PID 1132 wrote to memory of 3608 1132 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://go.cloudplatformonline.com/z00X3ok000wJhpYPGag4W001⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1132 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776MD5
722644914c5b4c8b4b1ae98056e80044
SHA1b4cc32760060d999dacd32d124f52e00c3aae058
SHA2563c7b8aeaea4d8ca2d6635b44568bb145a37a6ee9f035f1708867fc1c55aaafd2
SHA512a511e2fddedf3d55c766470ddb9817eedee3dbbaec05ea4f110e6f1796480b26f6931a7a858a3be2e9ab6a4f0c75572f471903d5ff16eac8f85ceaa73f4b3aa6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CC197601BE0898B7B0FCC91FA15D8A69_0030582DDF0EAC5444BD4E96819D0F03MD5
40c6259b158798162661013649ced783
SHA16df75c7353f73989cbaf33a3ef6a6b53785b1c35
SHA256aed5798bfe8113ab88a4d993fb94c4e3979eb3c7e8f1ba5705e85c3f57f19e71
SHA5120e25fe641b71dc1026169c7c166691ee7e6612a88e9996e49b18cd54eef935369f5b1e8c70e3736d79e083815291931a647e9e19f8708189e6123a28d16314ae
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CC197601BE0898B7B0FCC91FA15D8A69_8F478A6BD274FE3753A4E21122FA44DAMD5
21ecc06be4b146d517e858bd96fb0ce0
SHA113af82a77a0e0392e9494790040438531affa4f3
SHA256aeb96702a17773b9ad09ca8c0c421066657c2055d50566d9ed61cb6aa4efc01e
SHA512371a6041b4c881d01d06a3288d0545dd7d2c445e4274dee96b74bee9ac053adeb3e49a95135e4f5f503d776aa96892802bd44d538280e4afc21664941db131f7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CC197601BE0898B7B0FCC91FA15D8A69_F2514AA8E6FB61AC2E3C58BBBC881906MD5
06b6f8bda23ba0f9461b4a13fa45b23d
SHA1b06996719b6a9b16c9e62f34a5b3ef24f233a216
SHA256f64b3f3f10513c545517a744723caba60f5cf4ec58bc3a7a1d3a99c2157edc9a
SHA512b45667f42e17977c05972fe35c450b00f3830e0bc21f2b3883b58db73ff0334df36cd6a0f207aa58439f68827df9ca38fa18f48f0e46d3679ad6887ac29b7aae
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BMD5
4f914d6a12b48374677859978d3def97
SHA1d29a1ff9bc1fbf5c4c0cf3210c9aefe33fc8e5a5
SHA256eb9ac8c88c0857b9588076073491eec79f4725aa32bc7af00c20ef31095d1d68
SHA512ab9cc44820d05b5207d1210e189041f3df258346619f05ae1b058de8b358438095a09b0fed26fcf09d7d08caae353f680936ebe24fdc94c18411463d5ecfbe61
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776MD5
4f2086ff7522ca0937c38894c0dd16fa
SHA19b53ef0239d341b5215e6c15d9d4554fef74e97c
SHA256443c9604e65a539d893f0dfa2be44a9db958cc4c9530495e2e92fddea6f3ec86
SHA51239f1f6ad3cb09406dc1ee5254b42d570f5dbd19cec1a9f12738fe0fcb0eca261d733183de312e971ef906ebcec8aa2fa98443cbba9735010952d2671b7f20589
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_0030582DDF0EAC5444BD4E96819D0F03MD5
b3a0213dcd776604b9ea13e4a352ef28
SHA1b794d2f73c0469c350f23ba4fedd3712ed8159b9
SHA256ce400583d97fc946683abfe57ae1b4f3fc22a4c6a762be3b85d61a750fb20c61
SHA512f299db327e8d2b767a11b0eaae34ebecfbd84a5d36d91f5355dad7a57b3c2d7f7f84252cebf063c9e0e363fef853320c604f3e39a2e9c696ad558bdd7f47d5ec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_8F478A6BD274FE3753A4E21122FA44DAMD5
f964d4bd74873e9b262ea3d04b6466f1
SHA10b613f1b4ef22e9aade253ee1b32f23f539aa1a6
SHA256740c91a08b2cd05fd78a2706968a0edffb794068e2631c6aec0c385f3acb3da3
SHA512a328776d86d0f1d195a14ab0a79e060ee5c69f9ee73fe5e0cf0fa9195c90b9217e2f6bd9599a746d0af8e1a6b8c24bfa46a3fada403fdc2a2f01f377ee449f67
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_F2514AA8E6FB61AC2E3C58BBBC881906MD5
274f4cfd1c0f74cbbe25952c89084c0a
SHA1cb181fd7257516ed61497f22ebbbb76e0534d8e5
SHA2563f4027ccd04a97a22b1983e10a68f3779fb56c2e07e1a70c4c393a549e295c64
SHA5123603d8f7203dcf9f56e6c2d1ebc3b2c68e6b5f26d6b5796ebb96dc91327836dc8afce4b6bf20321d336ffe91bf7db6f791be5c19aef97386aa4308dcd0503b08
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288BMD5
9420dba78523db707d01c29557fa60ae
SHA19f3d48b4127840566ac1f1d822ac0cb35f93b6fe
SHA2566d5885ec50b23fcfa73c8ec6b4913df6f3e88b3aad1969356a4a851818e5df94
SHA512386bb8e9e9aa97d45574a02b0f0b532a71e4670427f1f029df8625a99f685965f83522331090e524587360f9ae165e2ddc871defa643d8e5d3ec3fba669764b5
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\09XG52J2.cookieMD5
9a206574a3b2655a2e46aa4de713f000
SHA19f2ebc6cb30c6506d147f1d7bd5f5a79308d4d2b
SHA25677fa600e85c49b9715daa1a5a6b11dc8b8335e456da49867c7a1e87df8f70d64
SHA512e718029f0ecae9cae8cb17dae7aa3326fadf583263ba262bf289102539c88b8458e731155b2d4fed567706ded44f0a8730b602c4c0c8f36865a14ba800552b86
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\GJ4FZM7F.cookieMD5
4f48b5b9095590260f65403c9945b5a2
SHA10b14d015b026e4264db24360280a3d7b88d4111a
SHA2565f6e0b14f320adfefb5b22e8508147e5d3361954e629a1d98a7456526f6d4535
SHA512041f85403be45bd53411fd04d831ae837d72e073e6fc0d51528a65e7c9d648fe184989ddec1bb1ae628eed6dad0c457521dc43445a4613427c19ae41f67a8a74
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\UYWY8SBG.cookieMD5
7d89a9cfc9b02febbfe972dbe3d73cd6
SHA1e44fcf3bcff9aa1c5faf90a45fd3b2916f22257e
SHA256277ee2c2cc9df60534d9741e721328eb5e4618e0147ee58dd18187a7d9ff86ed
SHA512af2a9828e94ade8cda0238eaa596f11757c8a48bc91f39c6542bff78ac12c8ceb254505f47d0e6744ecb080d08ea7bec6ab1cdda3a5147280aae72123363270c
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\WP4G5N9A.cookieMD5
8d005b89c884ed3627a991de960ccb62
SHA1a42d27050093ee325f6d91f4fed7b3307284197a
SHA2564f85d05ef53088db266f995f223fbf46decf60489246d90fd01be972dab4a82e
SHA51256436b21021f8ad93165ac849456c64add12eceaa363ad1e53bd222927f0b63950949a3ced99fa62477d5fe78d2fa06bbdfbb49d7c7b73d50aed0f3af9ebf9c4
-
memory/1132-114-0x00007FFF3C040000-0x00007FFF3C0AB000-memory.dmpFilesize
428KB
-
memory/3608-115-0x0000000000000000-mapping.dmp