Overview

overview

1

Static

static

URLScan

urlscan

http://www.redcap.li...

windows10_x64

1

Resubmissions

11-06-2021 04:37

210611-g9m62eth5a 1

11-06-2021 03:24

210611-nwwtnpxkcj 1

Analysis

  • max time kernel
    71s
  • max time network
    143s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    11-06-2021 03:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://www.redcap.link/ghma8ndc

  • Sample

    210611-nwwtnpxkcj

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.redcap.link/ghma8ndc
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:604
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:604 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:404

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA
    MD5

    150dda2eb57bd8be69cfa5ce9cd3e441

    SHA1

    2298d1a63a477f66513803f3f3b07cf4252a4fc3

    SHA256

    90418cd3025b164625ff7d2ba42fa99cba396642cc600a9c100870d5d0e15749

    SHA512

    4042809184efa8279aa228f2b3c4e7b16b7f7546962e46852c9f48324e0a8d9e51a6ac9a64edf0367860f0f18d5f7da052455bd49e4a0cab4f0cfee0e3b3286b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    6da3f673f86b0160bbc562da296b02e2

    SHA1

    4b580ddc267f73832140f32c43c645ed04cbb505

    SHA256

    cea2e743ec6800934ebab7a70c081652434cd3117d2cf0d80c370d224889a889

    SHA512

    3912f054306ba8d69453431644324c79e8846a3f1bed8d459b895cb9097197848a77b20a894540475157be47e5759097860a6d8fb65cee7ba7e3b8d07e4e7fd8

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691
    MD5

    54922379e617ff0afda858ec1c3c1c83

    SHA1

    9017f2ad1ac536a8c046db6e5f45762ed4c5c2b9

    SHA256

    5aa0c11160c2e9ed20bc38fa3738a81b27f277d6af1d617ab32a8a9340874c06

    SHA512

    0ba336eda38bcb0550ef31e22c262fd03c19b4847ac868951c238b748a7f69343a6820a524cb7650280b409d26c6094ed7b66f7df20947db3b10af5376a45b96

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA
    MD5

    46977facc1013402faa4a05bb0e7f395

    SHA1

    8859b5ede14ac5fe29d8cf0c6fec85a77fadb551

    SHA256

    ad63321be3db2bfaca87a119807d5d74bdba8db11638eebbf052051a02abe0d5

    SHA512

    1e1be68cfcd45a0800613490a1982a82ce2ca75e7542047c0feaecca875649c208f64ed255c5af21614e313b9a86a598aa4d5cfbaf9b6c57f5cbdad598b5bdbb

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    45294a85b8ee34ab54a3ddd915330f87

    SHA1

    e606063e50b63646a9bbc39223f1d59005fb3b3f

    SHA256

    2622a9eb75efd12dc106e99d118757a9f18f028bacdd788585f2a4c7ac16f473

    SHA512

    b106c0dceac7a9914c76c5663b35c8b2558631f0cb263b16577ffc2121919846232fdae02282e656cfa220aab44821de5751000d3a01e6fdf26db452bd4b7f95

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691
    MD5

    2290ed037f6531a55df33cb871345689

    SHA1

    c40ceb638a3afce0fac30ec01f269b651fa20225

    SHA256

    7159d45d15327ec8d7cd7cf9bce74ec3e0febdc0390b946f8d792bafbc46416b

    SHA512

    f96c3f770f94d59aa331a143403a68f6352573f3ab132c3a5794ab518240c0a1ea70b9a8cb526a3c115ae6705ad4e3af033c7d837c0cbd63852d8cb0aac21be6

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\1QJGO3FO.cookie
    MD5

    e28dfa1142c4dde2e94523a37c05d6ab

    SHA1

    68da7b06eceb31b697870497271a5e6437e4c3e3

    SHA256

    facb2944ec6af77dd7fcd1486f648aaee7755ea9335ecc4afb5deef284963c88

    SHA512

    889a8512e161fc32685dd69e70bcb351ee8d4a83909598439ffa1f8370a96549312655474d7ae42bcc9dda60b99f3a1b50b58356a3486baa8f33f99b8aa3e711

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\SPSL02G0.cookie
    MD5

    c80c0c92e284770ed59d189ca3b8a2e7

    SHA1

    5aaee4ba9b344ae66ff2150774712b45d50cf282

    SHA256

    63d2b206e822858808a26f96896e48d908f79614dbf318f5808cf4e1795f05e3

    SHA512

    bf305893234585a138b183ab431b9b501fef929b277f3d6db480d2f9b36bd48b587bff41ae7ae33841b27b7df924755891432cfdb66f1cdfa0e4f07ca3fcba82

    Download Submit
  • memory/404-115-0x0000000000000000-mapping.dmp
    Download
  • memory/604-114-0x00007FF842E20000-0x00007FF842E8B000-memory.dmp
    Filesize

    428KB

    Download