Overview

overview

10

Static

static

URLScan

urlscan

ﱞﱞﱞï...ﱞﱞ

windows10_x64

10

ﱞﱞﱞï...ﱞﱞ

windows7_x64

1

win100

windows10_x64

10

win101

windows10_x64

1

win102

windows10_x64

10

win103

windows10_x64

10

win104

windows10_x64

10

win105

windows10_x64

10

win106

windows10_x64

10

Resubmissions

06-10-2022 21:06

221006-zxrwaaaga6 10

13-04-2021 12:47

210413-myxlaxh4ta 10

12-04-2021 13:54

210412-6sz4v79f2x 10

Analysis

  • max time kernel
    1744s
  • max time network
    1744s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    13-04-2021 12:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://keygenit.com/d/3e16ccf432109nspn247.html

  • Sample

    210413-myxlaxh4ta

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 51 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://keygenit.com/d/3e16ccf432109nspn247.html
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:668
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:668 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2168
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3212

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    2
    T1112

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\59D1C89B35882FB67B19C498B4BDBDE0
      MD5

      bd5a6a2d0c9328b5f14da28d995d2899

      SHA1

      857ce8657c508207fa4e7abd11c770654c52ed24

      SHA256

      d319f5b42825ea80a24f371ee6081a9454e655c5738fde7c89a199da23cb4644

      SHA512

      8597622f6a63bedab2b409834e6ae1e6c3068692baad0794b5205f476a94c783f1bcef9aed50945fc9491487e3e363ca9efaf41dbb46af43abeba8b0c7827bb4

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4
      MD5

      d1b1f562e42dd37c408c0a3c7ccfe189

      SHA1

      c01e61a5c5f44fb038228b7e542f6a8d7c8c283d

      SHA256

      7f468f04fe5a1b0616685f157a4285090b6ed3858d4cd9efe915aaeed83c158e

      SHA512

      404d279fabd4886008e47e9138f799cf398f0aa4c8556192d6e45dbcde99eac2cd65c47b9e0b88bd6d3a6529818f6048a23a197a913fb917b19dffbbd5d75850

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      MD5

      92b990209682cc77ed43cd2e3b0dbb61

      SHA1

      be61b32b4ee38fd6754286fb9018ba1a06259534

      SHA256

      0c899d7123343b133b33441e4bfc3a07136680755e8d5177da56df74f3ade6d7

      SHA512

      43f0a15f76f88d3c51cac576543b2725bd41e8a456ac5ef928ceb068560ce5c9297b5f4af7d99e82d25e59123f066bc3d1c0602372c4f4e090f4e6c173329355

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\59D1C89B35882FB67B19C498B4BDBDE0
      MD5

      326665bbda1477df1ec90aa1c8868915

      SHA1

      14fbd191a977bfdedcbb2b7a26b19a78a11507f2

      SHA256

      3a2ad536434d5a6def8aedce8da6e32c64fd982cc4659a986176be440badffe8

      SHA512

      0710e6772e50737686e68a996946cb7422a31f485ed459034d10f3518a3e41edef8ddecf0c2c4956e44a2178823321b6f08ded30331109c28653c716f511a6c5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4
      MD5

      9dd6ee67c7371e7153f100d64df7daeb

      SHA1

      2861ca44b3120f024f3547dc1900e10274743f4a

      SHA256

      dfae28bdf209543ecaedca20b53e1cb81aaedeb82c67fed49e9853d71a00651b

      SHA512

      41f687ad2f9a22bb7f168e245d386b9edcb42616a118d71e72180ef162ef059875377311e7d8949da8af6ba3cae7d23109c9e708b1af75ac69e47d285708afd8

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      MD5

      870683f79a79944545910a13116340a3

      SHA1

      d422b2af6e3226a2c1a1828c1130b2ca2f574e87

      SHA256

      1ce479fc862fd109441c379859d66767b4032a64a58f14bfae4604cce49e7b47

      SHA512

      97c41a992f2cee4bc1f4abaa390b9d292398c1ccc90e68becd2cab1e77b42579790a2e24d45c9e9c260ed3fbd8a5f70a49b5438db642398c8de522ee1bd8a86a

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DRMDU4BX\R_wipe_clean_11_serial_key_gen.zip.n9yxmxl.partial
      MD5

      19666eb40bc21505beadbfb2c2f70c46

      SHA1

      832948f602398b5700ecc8e9eff6f3301f34278c

      SHA256

      da08a353d0996d7c3f4007ba7900dd2b5515c06e126d04b4e79cbbbdcf5c4c90

      SHA512

      e8d2defff2592b3b5987b67daa6f911e156401cc8839095c79588ee1d4642ea09c3d8c4357d591160ed4be378da064932c455a06b38df1f31b68567f34591eaa

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\5PYT6DUL.cookie
      MD5

      dd4cc5c726970ff6d66ed4412ff51af3

      SHA1

      8b2f0c96513e19e4d1fe20065227b27f00c1caed

      SHA256

      a79deaa74d43373a2d0f9f016bcbce9e3361649d6dc6c95adc9659dce4de0860

      SHA512

      ce5b2cd2637767d3db9c93d973ae9454b20914dfdd9a9ba0f08821afcc419380d24ce6ef23cc7f06270f40271e479722266147a60b1d3e12c85ce7f3ea8d46b5

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\QODJYHPO.cookie
      MD5

      095ba42e019998ebf71872225485080e

      SHA1

      3b12fc7ee84b732aa4968f39e30ddf89eeb40006

      SHA256

      18ebb9be9e1a65b711fd729762230816ec4d84e466058a5e702226b5a641c1ba

      SHA512

      efb3560b95468302b8bf7c62bacca2f0b35a9191115c1799f1a26bddbc175f9d83c07b32dfdad5c0e7fc2bf353ca24ecf28facd47a9aacbcdaceb2458858a8eb

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\VS47S93G.cookie
      MD5

      4c5ae1a4071550b9e98379e0b9b7d08d

      SHA1

      9ccb668e706b1a698cc7629bc055d43e8fc486a5

      SHA256

      56e38eebacb35dca580636faa747ef350544b8f330a678f6ce4d829e1cc917be

      SHA512

      a34a0cf3e011cd5048eab9daa961be518d80ff9bca0acf6427759c46eb90b49c30f3ba726d33bb0fb446f2168e8c0882ba906c712e2d0d970421873c8ea74b11

      Download Submit
    • memory/668-114-0x00007FFDE9FC0000-0x00007FFDEA02B000-memory.dmp
      Filesize

      428KB

      Download
    • memory/2168-115-0x0000000000000000-mapping.dmp
      Download