Overview

overview

1

Static

static

URLScan

urlscan

https://www.flash68....

windows10_x64

1

Analysis

  • max time kernel
    71s
  • max time network
    141s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    04-05-2021 15:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.flash68.com/etf/

  • Sample

    210504-tnb85xzg8n

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://www.flash68.com/etf/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4796
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4796 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4208

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6693AFD70CAE6A1C66C83D2A0A553581
    MD5

    9fa60fad43e12bf9213af472ca1bf14c

    SHA1

    1f6cf98617e26fdedefb9a89df0da891c7009911

    SHA256

    b0afdf126c5b4eafc720b95dc5ac75320f36571863aceb38926ecb159cdcd9e8

    SHA512

    701fefd72e7c852c318b6f6247c7e8a1383c5151329266b47be52f51dc3f7d36c96525e0c8f49538a48f7b12c09ee1016510b22a8a44ca6e5d4b9f7ee46fe65e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    10987a1d727697d22e9613985bf39eba

    SHA1

    d92fa559cdea14bdc068eb5388f4a8725d9d290c

    SHA256

    8c026af272e0d8eae1ec8978047926e4bbdb2a7ebe0207a738307150e2ed0063

    SHA512

    31910362ff1a6afe47a6abe7d77d1056eb1a1531cc027ae33bb34e1b4b788cd7efe2292278b02548e72b1441c86f85a3376ed46edf4c58a247febf4da91dfb87

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_28699ABAC9273C08DCF1E93A8F6BFD1D
    MD5

    ce3afa37164e24b6ffd935a075c8291c

    SHA1

    a6367affbdea9e2c4a3d548a8f97103dc51af256

    SHA256

    1cab71fb23d9e1dc39630cc2155830a77804786530a7111463319103b3da1499

    SHA512

    6a1d1485d694aac05c7123a2ee75d0662ec9d01bfd434764f43af4e66ab55fcf87ec536646efa119a656723c8171f966da41b346e1c0461c930210f802162953

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6693AFD70CAE6A1C66C83D2A0A553581
    MD5

    99446f8f045d5aaa8304ef778fbda9d4

    SHA1

    424ce5fdffcc9ff6e69d55a8ed69a0a526f1f987

    SHA256

    a0a1ffaa7b490bbab06c8f6b2468be72b92facfdb90bda7acda950b429305f9b

    SHA512

    accc7c5551be6213c305b9d0fdf112df1323c0e522de5fc67e3259a59498da521c892a7a7ea3a221bec8ebbdc143943662be2bde8024d96002ef20d53929865b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    36986752c38671f0ac7f19710fd90124

    SHA1

    f370e1f89b02590a701ccf1a15f91fddbd6f3609

    SHA256

    a376c6dddd457665473bccfd238b57aa7907d733c6acbbc4f08927f4026077cd

    SHA512

    2f5e892f1c40d3c893bf63c6c7a012ce144b843b676f0e3b02a24e516917b7caa1b0e78d7c73db076ee1441af2f5aab9574ed8d7aedb85656a6753af82de8035

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_28699ABAC9273C08DCF1E93A8F6BFD1D
    MD5

    fd53283caf7b96f02eb63fee485c2ea0

    SHA1

    86b6e75d2b04070689f88d80f910181f35689a18

    SHA256

    a36ecf6a9ef01a696e401bd913c4d2dcf7c955092723e14130710d0462e8835a

    SHA512

    d910a28838c3e0c832c9e954332c3e3d514d1c10eaf8341bb888c90ad4550eb49190904f2f872d3b430ced70d648923720271e1b0c8aad1a6132e2b5abdc882e

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\4KC4ILMS.cookie
    MD5

    6e037794ecd6b6778ad48f5b4f5adabb

    SHA1

    dd7dd8714d291226f44572d223431dccf546439e

    SHA256

    8e143f69520e480f049dff5a265796052cbe60542ff3697d909cdbc3bf914e92

    SHA512

    7d0419ed47d51c3fc803c4e7c34c1752ce5e4b07b8791e96ee59bdacdb4b932115a46886d0a59e0215893adffc66fec79d0a61c9e9b623276b5a2347f3ce093e

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\TTC84SNS.cookie
    MD5

    3fd93e2832c3cb962376073daedb0491

    SHA1

    5b14a6f4b15c0b2ecbaaac6e3d611008ac94a023

    SHA256

    080392f8c4f1b15266ef91223746fb11e83b63ce63fdc5a2396b8f599c8a1259

    SHA512

    0e43e6b053cf39cdd51c3d0d43705fb03830485781a4809c97454ce0bca46b535534a227bd14557c9b4897969e537ec59e91443d9856cbd6faca1c340ba45634

    Download Submit
  • memory/4208-115-0x0000000000000000-mapping.dmp
    Download
  • memory/4796-114-0x00007FFDA2140000-0x00007FFDA21AB000-memory.dmp
    Filesize

    428KB

    Download