Overview

overview

1

Static

static

URLScan

urlscan

https://dynacorp-for...

windows10_x64

1

Analysis

  • max time kernel
    92s
  • max time network
    150s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    20-06-2021 22:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://dynacorp-form.info/plugins/finder/ch/

  • Sample

    210620-z7pgyxahzn

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://dynacorp-form.info/plugins/finder/ch/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:636
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:636 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3704

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    a64e2d26dd6f37ed569251d6dfc524ca

    SHA1

    8133be8cb0509b8e3ed907715e8df1785c555c6e

    SHA256

    4ca0b012928887c383bce5a4a38f87e85ff1fc9720b0f5ad0aec0bec982e3cdc

    SHA512

    a00f8a5ea363e36f56a309becc2faa3ccbf1c5c32671da78338b526d634b0f4c074d44a69280f5d6b629ec050a87950b1236ed7c2650abc1d26b9cdbd3cfbfdd

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    825d71c55a1dfbe5cec36acc5230303c

    SHA1

    78ca6a2cd5cf4e7284689c8af7a09ff8eb5cd0d1

    SHA256

    dca062391d18b9b6fe9184ba6b68db5f4f00721bb23570731e43a975cf0bbc8d

    SHA512

    59c04c495500445b8a0728a244d685853989e5cab98f61b4bc27257377d663ba8a269226beeb9c8f1bd9f9729d60a427a1dc44f932323b293477f458e9420979

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\OF66164I.cookie
    MD5

    045fa3848364c3654b782a92ff2c5f8d

    SHA1

    78a859f726bfcbc808a49c382d862f52820e11c8

    SHA256

    325493ecca4b0feb906c2efdba8145548b7ea57f854ddb133f2fc8db185568b6

    SHA512

    cc7bb04c1875d64cc2fafb4db50d3dc4fd5c2e4df420120e00db2bf44ff1ed6c5aa46551559c8927c0ff03bd70fd12352600c617ef940aecf233c8fd8a3799ad

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\RR8S3MOG.cookie
    MD5

    6089bf8e843a51e0f86321e6ffcb8e92

    SHA1

    89777349990d6cb38e788c7b510a11dc2c1d6dd9

    SHA256

    5d053906d47527653051c50c5970e6ac36b5dab36d25a656a8100103043c5b6c

    SHA512

    9326a471b7f844095b5ef456a9ed0edb6e1d9dc2e64e5e042b078b7b56b07b69d13a82cac4dc1a0eed3594ef6f95f15e09b3d2cc21acd903a1e6a2de8f9390dc

    Download Submit
  • memory/636-114-0x00007FF8E1270000-0x00007FF8E12DB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3704-115-0x0000000000000000-mapping.dmp
    Download