Overview

overview

1

Static

static

URLScan

urlscan

http://gandcrabmfe6m...

windows10_x64

1

Resubmissions

12-03-2024 10:08

240312-l6fbysgc74 8

06-03-2024 15:27

240306-sv2t5scb5x 1

11-05-2021 18:11

210511-h2atgnftpe 1

Analysis

  • max time kernel
    128s
  • max time network
    129s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    11-05-2021 18:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://gandcrabmfe6mnef.onion/8b9c14fe8b0c1d15

  • Sample

    210511-h2atgnftpe

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://gandcrabmfe6mnef.onion/8b9c14fe8b0c1d15
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3016
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3016 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1864

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    06165dea77d5d10217992bd74f065006

    SHA1

    964d97611d8050aaf7d8a3a5e641cd20df6afd92

    SHA256

    9b125647f3ede14fa37214fe956f3b906f8bf58510bdc1eecfdf2ca4c827fe8f

    SHA512

    e126e1fdd45d2b08c37724b568a1ee9eef95895f2c31f5626186032293eb7f2a62f907fea96f1f0fca4c7de3cd9bac45df28bb69d42b2cd7ea5468e1aefdfee2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    39549e89659f1e362d67b08dfc2f1b05

    SHA1

    91b232686da0800ef108216bbaaf218d6fe6935d

    SHA256

    d0039d063bb3b0c627ac4b90d7111d7c8dd30378511047d37ce5fad0718bf3fe

    SHA512

    5c805be8cbaf663f5d1604beeb226474f5094023ef006f7a196f6aa91aaec8a4ff39a1439affe8174439d78767094904925d775663a8c3f2dfa93b47d807004e

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\2SMULQ1O.cookie
    MD5

    69e38887a7fb62c469e7c027664fce31

    SHA1

    9b314eb00d6b46b8284d74348ef89d391a27c157

    SHA256

    0ff5453561a7e095e95a4e6891f910ac9257807b944b4a1fc65366fc7c65ac3f

    SHA512

    6a1f0d48a81e43f71c887bdc852b7ce3dcdd56e7a23dcc7e7bb73a2a4eea4ea5895db2c3c37d636c6ffc5583ac0c8c6dac3fb1dec961fec6ee056909f9c2f48e

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\FGHL05MA.cookie
    MD5

    3065a9730ee244dd59ad6404402bc3e8

    SHA1

    7acb658b43cde123c9c083ccbe4006e7d9abe1e4

    SHA256

    46f142069397d508b33e1e7578fc317626b0ae68ff93052d6c0c6e1653d2e107

    SHA512

    83219a279261a940e876256d904ec1184d143ddee39a0dfe0e05954936aedfa0b3d0cb2e7729b5a28990d419ec0f6e2d873bfceac4380de8ae1e361fa5854201

    Download Submit
  • memory/1864-115-0x0000000000000000-mapping.dmp
    Download
  • memory/3016-114-0x00007FFDFDB10000-0x00007FFDFDB7B000-memory.dmp
    Filesize

    428KB

    Download