Analysis
-
max time kernel
149s -
max time network
147s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
11-06-2021 03:13
Static task
static1
URLScan task
urlscan1
Sample
http://www.getmotivatedbuddies.com
Behavioral task
behavioral1
Sample
http://www.getmotivatedbuddies.com
Resource
win10v20210408
General
-
Target
http://www.getmotivatedbuddies.com
-
Sample
210611-m59felha2j
Malware Config
Signatures
-
Processes:
IEXPLORE.EXEiexplore.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.getmotivatedbuddies.com\ = "1472" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "382050393" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\getmotivatedbuddies.com\Total = "2748" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "4257" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.getmotivatedbuddies.com\ = "4257" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30d9111e805ed701 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.getmotivatedbuddies.com\ = "86" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\getmotivatedbuddies.com\Total = "259" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.getmotivatedbuddies.com\ = "1654" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "4217" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30891648" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.getmotivatedbuddies.com\ = "2376" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.getmotivatedbuddies.com\ = "2748" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "382206462" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\getmotivatedbuddies.com\Total = "94" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.getmotivatedbuddies.com\ = "204" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\getmotivatedbuddies.com\Total = "1615" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.getmotivatedbuddies.com\ = "94" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\getmotivatedbuddies.com\Total = "86" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.getmotivatedbuddies.com\ = "3510" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\getmotivatedbuddies.com\NumberOfSubdomains = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.getmotivatedbuddies.com\ = "102" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007c369e1f7dd80e4a838305ff88bb1ffa00000000020000000000106600000001000020000000ecc4539cc56d137718952bd851e07277ce0531fa8f11bb25f4826dfeb2cad7a9000000000e8000000002000020000000910cc16a1facb45363bfae8073952f6a746e89f7353ce8c728e963482db83c9b2000000051782e1ef43c552529ae1736780b166f669994d476b2311ece36ae3ed4972c1840000000a3aa891eb4f1cf1777baa81d258530fa99782ed5913ed4bb91abe2ebb1509ff48b00cdec36d54c92fedb1a0d07f3e183373af6099ca69e9ddd6580a55cc942b3 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\getmotivatedbuddies.com\Total = "56" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\getmotivatedbuddies.com\Total = "4271" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "991" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.getmotivatedbuddies.com\ = "991" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\getmotivatedbuddies.com\Total = "2788" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\getmotivatedbuddies.com\Total = "323" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\getmotivatedbuddies.com\Total = "4257" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "102" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.getmotivatedbuddies.com\ = "4716" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3510" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "983" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1472" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "56" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "144" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.getmotivatedbuddies.com\ = "387" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\getmotivatedbuddies.com\Total = "4217" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "4716" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\getmotivatedbuddies.com\Total = "1471" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "162" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "387" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.getmotivatedbuddies.com\ = "4217" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "70" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "330201758" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "94" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\getmotivatedbuddies.com\Total = "449" IEXPLORE.EXE -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
iexplore.exepid process 740 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 740 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 740 iexplore.exe 740 iexplore.exe 3984 IEXPLORE.EXE 3984 IEXPLORE.EXE 3984 IEXPLORE.EXE 3984 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
iexplore.exedescription pid process target process PID 740 wrote to memory of 3984 740 iexplore.exe IEXPLORE.EXE PID 740 wrote to memory of 3984 740 iexplore.exe IEXPLORE.EXE PID 740 wrote to memory of 3984 740 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.getmotivatedbuddies.com1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:740 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850DMD5
6c9d7335581aad68a97c8651f474f247
SHA1c85ceebbfc152ee38955e1e677c6c0529383d442
SHA2561ced81b3342e00024e68783e8c12177553655371248312d887410b1069734d37
SHA512db983e883dbe5ac06482f54460d8395fbe11cb7fc22aa78d6cfe239f3c45316f8024655ab7a8dd7fd8f28d881150fe1bb8611a21b36af869b5a1fecdb89538ac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776MD5
6da3f673f86b0160bbc562da296b02e2
SHA14b580ddc267f73832140f32c43c645ed04cbb505
SHA256cea2e743ec6800934ebab7a70c081652434cd3117d2cf0d80c370d224889a889
SHA5123912f054306ba8d69453431644324c79e8846a3f1bed8d459b895cb9097197848a77b20a894540475157be47e5759097860a6d8fb65cee7ba7e3b8d07e4e7fd8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711EMD5
6eec4fd7b63862772cd27236afa8df42
SHA13e88ba24bd67164a7a23b12479bb2240d9bbe396
SHA256c8dbf29a64bd19425d670fa773a0de234fe3af8eac26d1b87e3ac2afa7cd938d
SHA5126a160db1c792e72b3571248d1f0c47f2ebcbc23edb64546b201a2f27655e560532e85c3515b93619062333c261e8fefb40384fb548546f016f2776b3819da940
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850DMD5
f1d75690595d176370b14f8a4150222d
SHA150427c05394c81dd455d4903ae46bbe69c3e2b43
SHA256bc3cab316c988120a9736fc14991c35b53d15e876cbb09c5052c0e6999f0b37a
SHA51214cc1f731ab89c6ad979e4ba2883783e7f56162c8df4e4bcd8dfb56c0d058d96d49091164b674e8d522c68740560a7c6b62d7d03abac65163863f60031d5fa0b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776MD5
3cf1d0a5a69882457352b13fc84000b1
SHA148e4e7f460e393b16532ba9d2d402bf1a270e13a
SHA2564e4c3d579fc112737b74f4cf5323bb21c6bae39ffaf360374f6ac5c64a94d96a
SHA512cde434de851321f0743dedd544cc9debe91b9c9707d8a91199fdab1278ab0d22bd001dfc56f370388188b2bd87cfc5e68cc813e85efd427ecfa26ce759c699b9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711EMD5
6d064ddce01bdd9963b547680b3a6c4b
SHA15802c8b5d19d87476874243bb989de240be0b3a5
SHA2565e43efd7f8ac0772ddeb77577d213cdbbcbc89cfc65b24cf2469f99ebd0cae85
SHA5120586f3f3694967f0d14eb9c1a41e586e95c71d3ba7f10a37a3bf812c51c9df4cdfae26f7928bf14569ed8b6e9b4bd7a3aaaa30395c6cc2d805eb9f3c040f9fcf
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\YW1HX7MR.cookieMD5
1ecbe0b185edd32bb247a887e0b61104
SHA167b7e53842e9017a8f4d466cfb9d5e0fed1b03be
SHA256904483b1d0583956e465af765f5f77e94d9a02e13a9523e8795bac87e454be74
SHA5122690bbcd1883af2c4059af0d06ed30f7b0cb2f43ba5439c8f80e9d17a2ca770c12f85601be4a240001de98e2650c26abd02a3786cf8ade40b59a638a9a854474
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\ZO66U3OC.cookieMD5
0388f8abe47ff5abf9cd8485427de2b9
SHA18c55932b71dbc73e94886ac9ace956539a62da9a
SHA25632bb0aaa78a533675cefa51ee62c6bee7dcef3e07714a6dd7aff4f32eacd7b3c
SHA512ef7d18ac7bfe07b7aeb419940dff09141606baec6330bbd239f9db683adb0331a67aa56287dc579fe4712b7ce3ead372d512fae10c293c58d4d3dcddfd00cb3b
-
memory/740-114-0x00007FFD237E0000-0x00007FFD2384B000-memory.dmpFilesize
428KB
-
memory/3984-115-0x0000000000000000-mapping.dmp