Overview

overview

8

Static

static

URLScan

urlscan

http://cando--china....

windows10_x64

8

Analysis

  • max time kernel
    120s
  • max time network
    145s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    04-05-2021 14:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://cando--china.net

  • Sample

    210504-dmkcn4qyns

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 53 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://cando--china.net
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:800
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:800 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3276
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZIIA2USJ\4HwMTLRFvpnRf2a.exe
      "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZIIA2USJ\4HwMTLRFvpnRf2a.exe"
      2⤵
      • Executes dropped EXE
      PID:3456

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    10987a1d727697d22e9613985bf39eba

    SHA1

    d92fa559cdea14bdc068eb5388f4a8725d9d290c

    SHA256

    8c026af272e0d8eae1ec8978047926e4bbdb2a7ebe0207a738307150e2ed0063

    SHA512

    31910362ff1a6afe47a6abe7d77d1056eb1a1531cc027ae33bb34e1b4b788cd7efe2292278b02548e72b1441c86f85a3376ed46edf4c58a247febf4da91dfb87

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    fbaec4ab0631e878b4e14258bd189495

    SHA1

    82781543099992fd8183304723f0b3599debbe9f

    SHA256

    c4698d1c3d5c5806a9a42e4816dde887c42a8ad5ac936b4cbd14ba107f9efc8c

    SHA512

    1950ddcb82a7f9ab71b5cf15fe311ba3112ee8bf676a2f22de570a67c826ccec8ccdc01120395539d162b69d16c991d6073a8d6ef6913f4c6bcb6a47048ff682

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZIIA2USJ\4HwMTLRFvpnRf2a.exe
    MD5

    ec835ba0c96c625b726e90871fa4408e

    SHA1

    f4f79d8c5d99dd6435f72bcf9c1d90aab96e47ab

    SHA256

    6a156918ff4ace56113e28bfc878aab413d3021fc89f0e6dad59744ac25874fe

    SHA512

    eb40160fc4e8911920e8f0537c38d665eaa644b3d48159e8143b0e6cae076ca3c81aab59c28e3440c052280d5664798db37399e4855a5c82649f0a4c8fd1ee6b

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZIIA2USJ\4HwMTLRFvpnRf2a.exe.pf4f47g.partial
    MD5

    ec835ba0c96c625b726e90871fa4408e

    SHA1

    f4f79d8c5d99dd6435f72bcf9c1d90aab96e47ab

    SHA256

    6a156918ff4ace56113e28bfc878aab413d3021fc89f0e6dad59744ac25874fe

    SHA512

    eb40160fc4e8911920e8f0537c38d665eaa644b3d48159e8143b0e6cae076ca3c81aab59c28e3440c052280d5664798db37399e4855a5c82649f0a4c8fd1ee6b

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\218UGETV.cookie
    MD5

    945cc773e9eb59f4df488cf76a3d5453

    SHA1

    06ff5c4225edc8ba9f512dc12e4a2a26d62eac03

    SHA256

    dc28403422a26115ebcb1f8cf30d7832d17f3f7d316631e7ff7bac541a3a6c85

    SHA512

    23ae0086aa86875b95a95c0c2bed55d9bd348d59e2526eca7f32e010713d2c1dc239665da9cf4d080b87d78441e9ff4130d1e4149ba6fe1aecfa52b597c98ef6

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\2D0WXPKT.cookie
    MD5

    ac40d716001eb28707e8ad8f80263675

    SHA1

    49e77c6368266ceaeb1b3cce4bef5b60dc6633da

    SHA256

    19f9fc90a7e7c27a60f75adfa83dd82ea945b684862afc539410ec23503d3ae5

    SHA512

    70e7ed7ce4e32cea24a9c9253d309d4febc8e454489cea34fe1ccc499394aa81262806ca77d1444f62aa0f1ec950a61468110809efe8702bbb3e23793005db11

    Download Submit
  • memory/800-114-0x00007FFBAF470000-0x00007FFBAF4DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3276-115-0x0000000000000000-mapping.dmp
    Download
  • memory/3456-123-0x0000000005470000-0x0000000005471000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3456-124-0x0000000005A10000-0x0000000005A11000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3456-125-0x0000000005510000-0x0000000005511000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3456-126-0x0000000005370000-0x0000000005371000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3456-127-0x0000000005670000-0x0000000005671000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3456-128-0x0000000005510000-0x0000000005A0E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/3456-129-0x0000000005760000-0x000000000576E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/3456-121-0x0000000000910000-0x0000000000911000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3456-119-0x0000000000000000-mapping.dmp
    Download