Overview

overview

1

Static

static

URLScan

urlscan

http://kcs-tech.com

windows10_x64

1

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    20-06-2021 22:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://kcs-tech.com

  • Sample

    210620-1hhqzcdqjs

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 59 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://kcs-tech.com
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:644
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:644 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2000

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    a64e2d26dd6f37ed569251d6dfc524ca

    SHA1

    8133be8cb0509b8e3ed907715e8df1785c555c6e

    SHA256

    4ca0b012928887c383bce5a4a38f87e85ff1fc9720b0f5ad0aec0bec982e3cdc

    SHA512

    a00f8a5ea363e36f56a309becc2faa3ccbf1c5c32671da78338b526d634b0f4c074d44a69280f5d6b629ec050a87950b1236ed7c2650abc1d26b9cdbd3cfbfdd

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\84AFE219AEC53B0C9251F5E19EF019BD_2C9D5E6D83DF507CBE6C15521D5D3562
    MD5

    5ffd7f276c1058325ea3f24322afd9ce

    SHA1

    0d874e5cae9dbcbe32b61c52fa98d4ab250a41d0

    SHA256

    0e4e985433b88c485d4c8a3746c9f125ca9345c6f2e7eabc8a82d92f613d2d2a

    SHA512

    67d5aee91b53d59dadec77df523dfb91331acb33247f1c1cac273486ecbbbd53665cf189eb459628a133410e3d8f830ad33c56b2e919134d743cfdeac25269c6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BC2602F5489CFE3E69F81C6328A4C17C_849A9AE095E451B9FFDF6A58F3A98E26
    MD5

    5ba5e34cae7a581d1ba72dcbec6d1341

    SHA1

    28c5559bb4a6009eb82f725d25aa795658c32945

    SHA256

    e9f2809bc0cfc18c3c009a0972241152cbfba88c6d9a62ee8c04ac1c207adfb3

    SHA512

    cd5f5248e7456695180e5d9eae4359402bbb925bf6280a7c59f8043cc09062d6969dc311d18bf83dd8dc283dd7383664eb09e21a4554453b54d6fd87ba8cf2f2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    d293ba691214a205fe536bdf5d42bb6b

    SHA1

    94eea1794acfd7fb62497e7dd9f1fa97d3b7ad9c

    SHA256

    485acc8611be283579333fafab51866bc7efd3e8e94435a16d84763b8a611242

    SHA512

    f68ac4af8b2c141ec38788edf6cb3f3e46c7aa4dc5768a1bcd8822542cd114c89631ee18d86252063cd5cc9bc5176e6b5de3cbf6f1b87bbc9e4487c9ab79f90c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\84AFE219AEC53B0C9251F5E19EF019BD_2C9D5E6D83DF507CBE6C15521D5D3562
    MD5

    7e3c1beebc2b3cc0393ac257b9f8eef2

    SHA1

    9040f3f9f9c90af289a60277c59fbb1fb05d1cc8

    SHA256

    2d5de0ef8cde110a91d803447d77e3594f400fb04d7f5176ef3de6ed554721f3

    SHA512

    045422a47eb8e92fb839e8cff4ec53eb6794144540d96f8944a9b35b2aca416ebac39b8896af615cb263a590ccfad9d83f7714b4b641a6eb69562cca06b2d42e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BC2602F5489CFE3E69F81C6328A4C17C_849A9AE095E451B9FFDF6A58F3A98E26
    MD5

    8daa260edca22448a3ee47e6f3309dce

    SHA1

    2550d4fabe291f882a6f96e91b220d894b5cc2a5

    SHA256

    21acd9801446399297c386906e7e72e227bc8d908fa4baa6a6d43f44e544a9a5

    SHA512

    957975fa286a4a5c5810ec193e5456de77972f41aed79e4c23d5994baa58eed41432740069d591985c46e6c0c0a174981b60fe6ee5a70ea882bd7288a556b8ad

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\6JWXB2E4.cookie
    MD5

    9c5723c2a6db1db1871af4751d8b82db

    SHA1

    58a291cff9796dad5fdb0857b99f73499a948a7f

    SHA256

    80860d67e1030b1c688abbc19aa068cbee57839b6a0029b28efa0476b3dbe5a1

    SHA512

    fd8c1f3bdc3e3708bfc829a97d225e77229353d7fef9eeb76a67aba4751b771792e5fb777e10dd934c84b2b190f050ab56ad279c3bba11bce1048541445c4ca9

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\JDL20RTR.cookie
    MD5

    0366f1a9028313e74fd144de85ea6c1c

    SHA1

    ed1980a1e15561fd942ee48fcffde2778f1d9a8a

    SHA256

    daa11130a8b652ae756a9f581b1d9ed7b99c96cc3b309c2cdebb9c5aa943c426

    SHA512

    4b1344d07cab2c77592b62bf082db8788b10a1543b8ff921d0f919b605a9688ad1e04a0806798f56198fdb08f4b2817f2278b83db0510cc59da8d3f982d22c63

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\M15PDPN2.cookie
    MD5

    89e892308c2a57bc457b2ab8d3f80b9c

    SHA1

    a96a8ead433ce736025cf9db1676b9ae96f8c42c

    SHA256

    1505dee60ea6af9805d24d9dafb29e3c3eb73dceb60de1283acaff922bab70e2

    SHA512

    a4bf2eb33b089141149ad8d217397c9dfb476d800d95ce0a8cb1083c710ca82d51a44a485e06736848ab5ea6e71f9ff85646d1274cd34cb38a5d7cd79dc6da93

    Download Submit
  • memory/644-114-0x00007FFDD2F10000-0x00007FFDD2F7B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2000-115-0x0000000000000000-mapping.dmp
    Download