Overview

overview

1

Static

static

URLScan

urlscan

http://cando--china....

windows10_x64

1

Analysis

  • max time kernel
    112s
  • max time network
    143s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    04-05-2021 15:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://cando--china.net

  • Sample

    210504-gcdtplw5d6

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Modifies registry class 33 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://cando--china.net
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4024
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4024 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1916
  • C:\Windows\system32\notepad.exe
    "C:\Windows\system32\notepad.exe"
    1⤵
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:2140

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    10987a1d727697d22e9613985bf39eba

    SHA1

    d92fa559cdea14bdc068eb5388f4a8725d9d290c

    SHA256

    8c026af272e0d8eae1ec8978047926e4bbdb2a7ebe0207a738307150e2ed0063

    SHA512

    31910362ff1a6afe47a6abe7d77d1056eb1a1531cc027ae33bb34e1b4b788cd7efe2292278b02548e72b1441c86f85a3376ed46edf4c58a247febf4da91dfb87

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    2be25d81c325f35dc2f9060261d6c9e4

    SHA1

    c66a8fe072ddd308f00e44d6882db398c34bf83f

    SHA256

    8b35bdf0af28db9fc0e5d8979e4413c9e62565706698dfe2c6841b861bd7fd6a

    SHA512

    14a8ff5b7c9ef57ba27f13dcb9c488b94414c65f414bae6f22a443772459c2385525e47b93476db4e410d161cbe2d8450711887ed3fc8e5a25f3478a101581fd

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\214F24WO.cookie
    MD5

    c81dfce7ef59c92686ac16e1022b3bfb

    SHA1

    252e24c1bd73ed08bc0fab1e8a674f5ed86564ef

    SHA256

    09daf525bf3ca7b3f6a1e93d772949e141f6bf14d90f62a613deba0846418e11

    SHA512

    aa4ed90611791605025bb94c20dd7f85c4665d4512e0af34a09c713504146bc3a958bdfe5b6b0f5143c09b7289f53185026201fbd551f27a280af6168bf20cc8

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\J0EYX875.cookie
    MD5

    a56dfb6632a76d47366cace757304951

    SHA1

    8375ce716928b519b59ae1ebe0e389902a49464e

    SHA256

    98d1525616f8390114244639be2582d2f883aa7e13f1722f148a13bc1cc69ce0

    SHA512

    91a8cb651777036b4f3535451904cec115c09d917c6a31766becc71fdbb4ad6a90ec775612393c1a20f427977da7413f6d1afdacf470f4e348ca5b9f95f3e529

    Download Submit
  • memory/1916-115-0x0000000000000000-mapping.dmp
    Download
  • memory/4024-114-0x00007FFABCA30000-0x00007FFABCA9B000-memory.dmp
    Filesize

    428KB

    Download