Overview

overview

1

Static

static

URLScan

urlscan

http://inanojorro.tk...

windows10_x64

1

Analysis

  • max time kernel
    68s
  • max time network
    141s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    04-05-2021 14:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://inanojorro.tk/index/?8001593090904

  • Sample

    210504-rtkpcna1p6

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://inanojorro.tk/index/?8001593090904
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1892
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1892 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1792

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    10987a1d727697d22e9613985bf39eba

    SHA1

    d92fa559cdea14bdc068eb5388f4a8725d9d290c

    SHA256

    8c026af272e0d8eae1ec8978047926e4bbdb2a7ebe0207a738307150e2ed0063

    SHA512

    31910362ff1a6afe47a6abe7d77d1056eb1a1531cc027ae33bb34e1b4b788cd7efe2292278b02548e72b1441c86f85a3376ed46edf4c58a247febf4da91dfb87

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    cc3cc0532a642c775ba22257910f227b

    SHA1

    500331918aa864c5e77e52ba643a9ef11e9ed640

    SHA256

    1e9c79ab635d8916b62e78b128ec178df5729b5a70ee30219612185dfa43f2da

    SHA512

    03a62f4b0a88112a581527918ae1d7841b7586fb64ddad835428be6f3a20bae463ab75af849de5b77bc3466401c3eaa568d5c7f21a03155d308faed4243943d0

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\HTSEGB0A.cookie
    MD5

    4c7ad35f4c9a70efdfe7628a1c76708c

    SHA1

    995b5aba65009a9f263edc67634f66fa454dde0d

    SHA256

    12fa10e207022215144ffa9619b9465a1591fef57b5c33ddae7ed99f1453497b

    SHA512

    dcfd77c747d02af02fd437de0cd6c78d3bb8486c7b221257f27e98a477b57db1172e81164ec7645b8a669a0b5c9352f04974aa1885bc5225df5e8d96e7dc7d79

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\NTWYCXOZ.cookie
    MD5

    243ed61c7e63f53ea739a8718270ac61

    SHA1

    baf5ff22164037bb7c0fc8f8115264ed5092f59d

    SHA256

    f1f91ee7ee1ab4a0ee7e18b6237aad14011011580a7cc6d3ef478905ea97da4f

    SHA512

    2f76f6ea966a5c1d8045b7abdf033204bf05ee8e12bc851af1cee37341cae5bc48d78d8b7b935c300be81fe3cdb07f333e76bcdb5ade9db05af10a5e3d1f28a9

    Download Submit
  • memory/1792-115-0x0000000000000000-mapping.dmp
    Download
  • memory/1892-114-0x00007FFFAA1D0000-0x00007FFFAA23B000-memory.dmp
    Filesize

    428KB

    Download