Overview

overview

1

Static

static

URLScan

urlscan

http://example.zelig...

windows10_x64

1

Resubmissions

20-06-2021 22:55

210620-pbs1aw8d5s 1

20-06-2021 22:51

210620-ab53pr7whs 1

Analysis

  • max time kernel
    91s
  • max time network
    143s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    20-06-2021 22:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://example.zeligz.com

  • Sample

    210620-pbs1aw8d5s

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://example.zeligz.com
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4012
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4012 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1216

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    a64e2d26dd6f37ed569251d6dfc524ca

    SHA1

    8133be8cb0509b8e3ed907715e8df1785c555c6e

    SHA256

    4ca0b012928887c383bce5a4a38f87e85ff1fc9720b0f5ad0aec0bec982e3cdc

    SHA512

    a00f8a5ea363e36f56a309becc2faa3ccbf1c5c32671da78338b526d634b0f4c074d44a69280f5d6b629ec050a87950b1236ed7c2650abc1d26b9cdbd3cfbfdd

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    ce24512ca7d3e500afdc8565fb5f1658

    SHA1

    72e9243c701bc281666a95e6e9577bfe7800a3c6

    SHA256

    0b4d5cb8f8ec24d75aeaa7c361ab71902ee1265f67da190fc313d96fca475527

    SHA512

    db1014880ce2385b93db667160062b64efc0dbc8ab855ee76c2032968d235ee13103cf9a21db4e195947617668513626d656fdbd0f02b942e6b50f6ac759d421

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\9OVTWNJY.cookie
    MD5

    b73b01ad0280558c7b15c9af28b46474

    SHA1

    97b3f54e9442270b1827e3b3ad04619dd64cac07

    SHA256

    e55a87de182df31a743683260cd09371920de68d467960fb7ee1417a20499b6f

    SHA512

    dbc223be442c3554db354044f59ab27294789842f5127cb40ee3ed102a8e39198df6a1b83639b1341174d0c454ca3fc89d3921b6743b4996dd21e31c7e687daa

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\IFJT3ZKB.cookie
    MD5

    71be4908d8b2a412b9bce56cf23b2668

    SHA1

    d81a3034abda7209dc1cbdec1ccff0d8734d8741

    SHA256

    6b666a771ba318f2ab76664ad700a7083593389037c516a60231063e40a6d660

    SHA512

    85aeb81b14567644fdc7158ea4234a62595e2e0cf64f1b55341ae0a5fb76a8bd65f6ef70c62e3eebad8586632b001a9d85d8f052b16536289e7b6c154bbd1f61

    Download Submit
  • memory/1216-115-0x0000000000000000-mapping.dmp
    Download
  • memory/4012-114-0x00007FFFAE710000-0x00007FFFAE77B000-memory.dmp
    Filesize

    428KB

    Download