Overview

overview

1

Static

static

URLScan

urlscan

https://apidev.sunwo...

windows10_x64

1

Analysis

  • max time kernel
    71s
  • max time network
    154s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    20-06-2021 23:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://apidev.sunworld.vn/index/

  • Sample

    210620-x2xbl1j552

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://apidev.sunworld.vn/index/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3932
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3932 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1560

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    a64e2d26dd6f37ed569251d6dfc524ca

    SHA1

    8133be8cb0509b8e3ed907715e8df1785c555c6e

    SHA256

    4ca0b012928887c383bce5a4a38f87e85ff1fc9720b0f5ad0aec0bec982e3cdc

    SHA512

    a00f8a5ea363e36f56a309becc2faa3ccbf1c5c32671da78338b526d634b0f4c074d44a69280f5d6b629ec050a87950b1236ed7c2650abc1d26b9cdbd3cfbfdd

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
    MD5

    e12010bb1010b51065552298f00854a6

    SHA1

    03223b30f65b61083473f7c18b16577f841a4a1a

    SHA256

    6c4a6d199fe9d447a4bf351c813ea1c5d23e124fa8884d17b95f1d55e24b3acf

    SHA512

    cd3cdccf430ac56e2415f77946b3bdd6de4ac4023125b12ed3943ac303199ac3cf099b52362bce5f0475c7242919ae5e40b84ab9f793a16fb183491d8adb49e6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    478a1b167e0fd62596174d6fe95b6ac7

    SHA1

    2c761e1bbed6fb62dfcc4a4ba1c7322a577c9a6d

    SHA256

    a649d5653975ef3fd1962a9aace97c6b65573be79e9a51f039ae334d1efbf806

    SHA512

    8a1bb89c70c7dfcec86303da595a3480e08333747f8192eb501e49158cd3eee020d5ee7928083875a60eaa86cfd72d6ec2c3c152bc139bbc379b67c0cee7bafd

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
    MD5

    d87a5d4515904e0ae6367952a6716cc2

    SHA1

    8524381d8543d1b7b61d0001e9c7d92bd411da21

    SHA256

    220558437d7a45230c7c7e760e224237688c13adffa92c719c9b975cbddf05bc

    SHA512

    5809913b30f9fbcad9c0828ee1116e64fa5a5a8af80a088c90cfd52822b5fee16058a6b25d1bbe16c73b64b22ee9f03cfbf31bee681c299f231750c830f26656

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\61QEMSPL.cookie
    MD5

    6ac3753c74f1d30af20b59a2245062a0

    SHA1

    6b20bc6b17044562d751bc1f69fdbb623d00ccad

    SHA256

    81b331625a92c03ae746a457c49f1068c63709437d75f9ec55b1eefaffe38dae

    SHA512

    0f5112124f90b1eaf81956299902a841f0196f252977606bc3ada113997a438cb24b2787383f033da6a00750584b91a9e26c8d4414410b0f535bbf90a030f4b0

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\YZVY1J7G.cookie
    MD5

    360d104e40b601b6f8f8427eba19cf09

    SHA1

    2c200bd1dfa5513837b9d9b0debd2f52665373ad

    SHA256

    5438dc4ef3dc52309b1e23fc33f57dac97c34130a7e0a2c0ced8b91ae8a7ff91

    SHA512

    794033e43b0e2ed893dd9dce7d5fdfaccd52fb2d42907381af77f9ca28f0c66b3384ef2bfc6cad871963cb8e7f67ce8d44ae8fcee9efde90d14e54259f9df1e3

    Download Submit
  • memory/1560-115-0x0000000000000000-mapping.dmp
    Download
  • memory/3932-114-0x00007FFA06AB0000-0x00007FFA06B1B000-memory.dmp
    Filesize

    428KB

    Download