Overview

overview

8

Static

static

URLScan

urlscan

http://192.3.26.118/...

windows10_x64

8

Resubmissions

21-04-2021 07:08

210421-tvszcna2rn 10

20-04-2021 15:45

210420-ltq5yewapn 8

20-04-2021 15:36

210420-agthzw54hx 8

Analysis

  • max time kernel
    91s
  • max time network
    140s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    20-04-2021 15:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://192.3.26.118/klok.exe

  • Sample

    210420-ltq5yewapn

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 51 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://192.3.26.118/klok.exe
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3952
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3952 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1536

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    b8c8b0ee955b46a4df1dd71c75753947

    SHA1

    0e023de5f301a023eb9b130dc8c0ee6812b1b77f

    SHA256

    05e68df5ac57af6fef221d1431996178da03315ea5c9fe26d9fc624aa8078ebf

    SHA512

    f844fa669fbf9417cb8c5689957e2981fe40f94e800159656211b170f595aadf563446e6fb0b37ff7d788bde28233591d8d837d16f0e3c80459c4223112c6720

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    849575f2b014f3509701880347823495

    SHA1

    ef441aa0af34a0c4382f53b2628bc359c2d2b5cf

    SHA256

    4b67ef5d87cdb31bf978c287642cec1b4d4768de946647e3b019bd2b45be34c9

    SHA512

    191ac873d4edc0051faad6a1073eb2570b69b4f8f0ac188da0ea14be58cecd2fa418e294126fc6f90c6e3e7e8965f9260ae3ad8ec4df976441000bcebb42d349

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\CAIXTGO2.cookie
    MD5

    480afe5c451a169d5f122ba49b5598ba

    SHA1

    58ce11822feefea8723b48063322187db6618f3c

    SHA256

    137733f5095df6f6e21a0ee0e46772253c944ac0ccb271089b228175c83c8f7f

    SHA512

    f11c32ce1f737d9a956b9aa75c49a3d68c3475e02cfaad0b15f753376ccfb5ebfffa96872046a0eafe98b3be4e42d67ea821c581017d5ddfc3dfdaaef70c3512

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\UMKU93F5.cookie
    MD5

    942cbf77863f82b75ae20928dc8dabca

    SHA1

    904bc3247f3c094f917d855a1771bd303871fa8b

    SHA256

    96cef8e35a3112b67858318251f34ff51972481a6dd482f0051e90966bb4517e

    SHA512

    495a27d224661d37bc674be39f11e5c99d3a917d1f7b8a818d733d0d22455a9d220d1c59cad71f1554047f9fd67638d0abb489f7dbb496497c11d2157761e3b9

    Download Submit

  • memory/1536-115-0x0000000000000000-mapping.dmp

    Download

  • memory/3952-114-0x00007FFA3F320000-0x00007FFA3F38B000-memory.dmp

    Filesize

    428KB

    Download