Overview

overview

1

Static

static

URLScan

urlscan

https://c.apple.com/...

windows10_x64

1

Analysis

  • max time kernel
    67s
  • max time network
    155s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    20-06-2021 22:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://c.apple.com/r?v=2&la=fr&lc=fra&a=z2%2Bnb8HWCoHziyJtbRYNxEJqOcwA12xbGoofYjHA7%2FqPq1bMmcpaz8ybkO2O6fkLgk1rPlsDBrC%2FcJeorOtwDCAvq5fW4DXoHb35CJYzduWrRF0pI0fBHx5rONlKqoueoRGZ98nz1xLRSaQyPLeapxBDb%2FcJ1k8ZEK2xNACjxAXRWOJa0bahlU8shmTF4j6gqiK3y6S6RnA6SUetH%2B%2FWi4cMhQuvFIhAPiyt911h5R0%3D&ct=ac0t9i8A4P

  • Sample

    210620-esefzgz8tn

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://c.apple.com/r?v=2&la=fr&lc=fra&a=z2%2Bnb8HWCoHziyJtbRYNxEJqOcwA12xbGoofYjHA7%2FqPq1bMmcpaz8ybkO2O6fkLgk1rPlsDBrC%2FcJeorOtwDCAvq5fW4DXoHb35CJYzduWrRF0pI0fBHx5rONlKqoueoRGZ98nz1xLRSaQyPLeapxBDb%2FcJ1k8ZEK2xNACjxAXRWOJa0bahlU8shmTF4j6gqiK3y6S6RnA6SUetH%2B%2FWi4cMhQuvFIhAPiyt911h5R0%3D&ct=ac0t9i8A4P
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3540
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3540 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:684

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    MD5

    1d7dd9e0513f6f1a1159db4bbc210380

    SHA1

    ed848806adc4ac5d79c96a059144565ef4a8595e

    SHA256

    41e8d2b0af9abaee2b8585a5763c7e68c5caa514caef858f6a4cb6acc0b9f2b7

    SHA512

    a6c77fc465c277ddb3df53a6de3ee75125a27d9c169c567e64e96a36abcacde1359c034b62f4ecec7b3b8209cbd7ee5b77ab13868b375cd0fc5baf70b6bf54a1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_4FB9C6A47F4DF08EB3ACA3172E8ACAFE
    MD5

    1caa752ffd2584f90984554a333d302e

    SHA1

    d4150e1afd2a5bc242ac195d55f4103d7771bb34

    SHA256

    0ce01a72210709b3b40dad2c03f13b4201b29ee7e4e68a318df71d0195e2cead

    SHA512

    7805e5ecd268932fab58a5837e176557974cc7fe79e755992a88c7f77e51923f62ced5ff1de740924ffdaab043abe6c935c608efb9dc0c77a0258ecbed3191f9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2A7611428D62805A3E4E5BC4103D82E4_3EA3D776A3A28BD807B9ADC3DDE966CD
    MD5

    4a6244662e4f331b72c8b00900afea97

    SHA1

    7577e7a2fd782d56b2ca7cb9eb56c1f372cffb83

    SHA256

    3e5edd91605f2bc4921a04eac37b8f0cdde7f50f181750e290a50068db36730d

    SHA512

    3e2e612b8461540f002c5d4e682d2a57abb2b8d00efd55946aaf0e47f9781449541baeb989fb5e01311accf5a8e88d053ed0f5f37381f841368a6be053bce7d4

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    a64e2d26dd6f37ed569251d6dfc524ca

    SHA1

    8133be8cb0509b8e3ed907715e8df1785c555c6e

    SHA256

    4ca0b012928887c383bce5a4a38f87e85ff1fc9720b0f5ad0aec0bec982e3cdc

    SHA512

    a00f8a5ea363e36f56a309becc2faa3ccbf1c5c32671da78338b526d634b0f4c074d44a69280f5d6b629ec050a87950b1236ed7c2650abc1d26b9cdbd3cfbfdd

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    MD5

    de27664da1e04c94901fcc3880064613

    SHA1

    aeb52fc87f907dd40ae683c52cf3129d4b27e25a

    SHA256

    7e59ce8a2d7d1e1201e535a3175bfaf239b9f5da7be265c18c5ff1e1bc696282

    SHA512

    2d1e23a6cb1641bb1c393e404950a781cb20e5123c1e85bed129a02cc54b45e84ef49b54bd4a19a0dd48c66693fe119fd4f6b6733c71d34655d4ef67b760fa36

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    MD5

    e3581c62e102c9334087ae5e9e5aba96

    SHA1

    7726ff56ca7db5eb2fe049d2574600ea28900d6b

    SHA256

    c67e68dfe97b6637f1b1522a949d4671dd2230e629a433d902ee4c445390ff3f

    SHA512

    48c77e5391968e67b6504f2a6f4af9d9b9c8790b0878914a7d46cbd97776e4b04377439cce726d723a6a5be5d9a09426df1f1ebc6594ced7575e2c91bf06cdd0

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_4FB9C6A47F4DF08EB3ACA3172E8ACAFE
    MD5

    3a4e09d9a6a3f50a8b3165f3913fd23e

    SHA1

    aadf6e4de29bc7eac407ca4dca088f7f1095489e

    SHA256

    0deef06faf03b81e8ee79b374cb63c2ec915e8a449320e81977904af1cd5f059

    SHA512

    59dd1b70155226ae06b27a2014d89c7d62debab0b54f02a96afafd7bc659f74a400d28fc69168c8d50b9267be5c897575877935d4929f7ecdae10d38f77f0297

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2A7611428D62805A3E4E5BC4103D82E4_3EA3D776A3A28BD807B9ADC3DDE966CD
    MD5

    a05919cf5201af9f85e0ef884603ffe6

    SHA1

    450612918503c3a48a55361d1b546a455442609e

    SHA256

    f32f8710dd17673998f04df9127935531a30e8ecfe47d25172f0043e35b24ce7

    SHA512

    cbbbca8eef4e95634dec202dc20e41bd2e35ee6863fb3358bd781b8e8af727802bdbcd759473e0090e47c6c0181fee39d65c142f5d108470fc55e6b2cdaaf783

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    6c0f4d94c848218a60580e965baf9676

    SHA1

    c03a86c8adf2696a7ba53a52d39b869c2bfa4264

    SHA256

    de00a29ed4133814747eb9358a2edc12b46594ea4d9e5464b88a5134c5919021

    SHA512

    1e767db20822df21cd2610c9f94d3bdd82aa5dddfc3b1f2da095536dcdbc8b1a864b0ae082b335fd9e4fd8451d59c60a827cd430b7165573430e41e81651816f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    MD5

    9f2d3c29d18b5b27b149419f38ef53ea

    SHA1

    933edb4e778efcb53ada1fbb3be45e061f68fa60

    SHA256

    0c51f4c308baa93a32f002ccb0ea811c944a739797fd8914f81d69deefd5f298

    SHA512

    2df9b17d3618333f3b2f87f9a0c3b89a90c980b7574b341869c83deaf629b2c3cb9adede8bd4fceb7be1a555e7f0d0a8098bad20a8912fb339c7af38a193718f

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\F81Z988D.cookie
    MD5

    33cbf771d40b358068da7c073906d0fb

    SHA1

    0147cfb1f8e8af0dc9f9c040e0b93d4e23f5bb73

    SHA256

    387bc391f3e4e811d6f1b551443b055f38e9de89593bfb951926c5dc7b38312d

    SHA512

    dc34a60a51817ca0ddf9bcb7ee696fd65dbdeccb5a84f63d5859b49c422da416bf74a7592933ed11b86586cfe2f0bd4dea7b2aff10c870628bd2aaab279e410f

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\HK3W4ND6.cookie
    MD5

    bfcc1a4825e3ed9485f6f01d969bbd6d

    SHA1

    664680fa1d176f5ca4bc75b7b67876fe192c448e

    SHA256

    9e4a492bf746d2e31cde5c97e56b3a2a6def3e99efff6a9b7f05e24445055211

    SHA512

    701e22ebd40ae9d79e1eb002c9da95866fcb953b5300217e455ac214c52750b8aab0699224c4a4bff9aa977da00bd412858b70172e7e844cde7d0a37f622d05d

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\HLKSY6D0.cookie
    MD5

    66bfdf5b614003260db03ad8e99fe7ed

    SHA1

    71223654ae0835e9803fde4a41a989e527502c9b

    SHA256

    c2fdb342a47aad605cc068ebf97cf7ee138dc9e6bfe343ba189ad949f99ecdec

    SHA512

    726c23cb3ace9ccfcb72eed901edb27907a5e3be9fc3dc12f4b514871712eecdb235293eea62249d37b9ff74df46e5f10bf766e7690e951b52eb9a79f628d742

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\QR1SNBRQ.cookie
    MD5

    c1b3ab13015b62e6ded91a920d4b41fd

    SHA1

    1c6ad296c4cb46c9912af6e4009145dee4c2f8eb

    SHA256

    7d454a73b452a6c6d6e89316becba017f1ea07829609c969e457ede5cc3c8a0d

    SHA512

    1bdce8a0a1d7233958ff8228f90704b71e6b178294f4465938cbdae565a1b608a027e1759e0b41558788751834a6ab0ca5cfd0405a53bb9f71d244fdb9bfb3cb

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\USWRXHCD.cookie
    MD5

    77d7f68bf01de083d05e04b99deb4c66

    SHA1

    5d27fc2a8b05845c6a446f05d7df5ff1f170d982

    SHA256

    9f18290467f38fed9f5625157288b074799a38fc87ab9330ca26688f939ca70e

    SHA512

    7dadab6d3a7146fb2da09042bd5f4eb607d7a291ef31d5b9d71a0edbd1783933b7b8099901cce391da56efac29f52528c56727d2fa8737271c57c9fbd64bdfcf

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\VOJW579X.cookie
    MD5

    a8db249c2e1664b3282e7f4bc7547fcc

    SHA1

    077730166c8d13af2546ed49820ea5225056950b

    SHA256

    c43a6e5066e79b8e6c0130700ae978ddd213ea89ea939a04230683f21948979d

    SHA512

    0f7c9bee2703e4821a2c5a2b0e5332055ca8242382b4118637ba119f9d72d1e1105ffaaa57632f7617fd27b3505d28a50ad2d1d0ed718741fce634120802cbbc

    Download Submit
  • memory/684-115-0x0000000000000000-mapping.dmp
    Download
  • memory/3540-114-0x00007FFA3F320000-0x00007FFA3F38B000-memory.dmp
    Filesize

    428KB

    Download