Overview

overview

1

Static

static

URLScan

urlscan

http://example.zelig...

windows10_x64

1

Resubmissions

20-06-2021 22:55

210620-pbs1aw8d5s 1

20-06-2021 22:51

210620-ab53pr7whs 1

Analysis

  • max time kernel
    91s
  • max time network
    151s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    20-06-2021 22:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://example.zeligz.com

  • Sample

    210620-ab53pr7whs

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://example.zeligz.com
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3876
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3876 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1340

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    a64e2d26dd6f37ed569251d6dfc524ca

    SHA1

    8133be8cb0509b8e3ed907715e8df1785c555c6e

    SHA256

    4ca0b012928887c383bce5a4a38f87e85ff1fc9720b0f5ad0aec0bec982e3cdc

    SHA512

    a00f8a5ea363e36f56a309becc2faa3ccbf1c5c32671da78338b526d634b0f4c074d44a69280f5d6b629ec050a87950b1236ed7c2650abc1d26b9cdbd3cfbfdd

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    6d7a19bbb031aad7df10cb1897bfd37c

    SHA1

    80fce872954f2e5dbd479e2ef32f7c87ae72cdf7

    SHA256

    a8676771de0e4fabf895a7bf11fc2c54b11b4231de4f2afed8fc14576f8e2a1d

    SHA512

    4ae4c9d03aefd82fb3db981a34748dc89d74cc21ec672bd522d820d6efd466236693c905f79a32769ad903e57968a7ca1fa2d6887b7c548c6f243cb3388a0c5b

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\AQ5DL9MZ.cookie
    MD5

    d0883299ccad0991c87b795a7c74bc46

    SHA1

    ccb1e714ce005971f620024ef31da08181a38f61

    SHA256

    750bc04f5b2e9af1bf756e2f958d6c149078334b44497e8c1d516b76919706ae

    SHA512

    849625c55ca6326c828162da26bac742601c9f452db891c5bdb274409492b1b95dcd1f3d73cc62e22cb6f078082fc9adf69593ae88c779a76c643e91f7125d48

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\OWG4579F.cookie
    MD5

    d61dc6b9b510444329e2b7c2996d23fc

    SHA1

    d14cd8c0ea10b2a2759984937db706df3c0928ca

    SHA256

    354a70301bb76ed95f03821c5fdea2a50d8cbe0c094886ea5ab27bf1bc79e53b

    SHA512

    72a18c247e18f431c9e492da334661ada2b1ad41d7ece1624aabbde9dc9ff4a0682128e805055c33fb2d00fc2e4bebeca0f27a838bb4f4c32befd857d4d01446

    Download Submit
  • memory/1340-115-0x0000000000000000-mapping.dmp
    Download
  • memory/3876-114-0x00007FFE136F0000-0x00007FFE1375B000-memory.dmp
    Filesize

    428KB

    Download