Overview

overview

1

Static

static

URLScan

urlscan

https://contatornew3...

windows10_x64

1

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    21-07-2021 21:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://contatornew3.3utilities.com/p1.php

  • Sample

    210721-8gegcs23j2

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://contatornew3.3utilities.com/p1.php
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4796
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4796 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3392
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1672
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2292
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2292.0.2055034711\786400611" -parentBuildID 20200403170909 -prefsHandle 1508 -prefMapHandle 1500 -prefsLen 1 -prefMapSize 219680 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2292 "\\.\pipe\gecko-crash-server-pipe.2292" 1592 gpu
        3⤵
          PID:396

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      MD5

      4e64ee3a1f4c34f528e8de9b728dbca6

      SHA1

      9b27bb889cc2fe2fbb89c0c7c8aa16a841291499

      SHA256

      ec75d601fb9309c65a60ad6bd10b10c5927c77648d42de670003dc0b2693105b

      SHA512

      e23b06910c9009d254dba06b1fe8910d10fd0c11cf0ad22ebf21cf41765da0f51f9179eeb39ca7317cf3ccfcce01622914171ebb9e7c661373dbc92acf9676bf

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      MD5

      3175246e6a694746934380e8b13dbaf5

      SHA1

      f3ee7a3da469bc0b02cbecdbfc7b30551e292abd

      SHA256

      8aaed3407514abf926e62bb1a869f05add46a72019f868d12aecc8ed4de45362

      SHA512

      b1e0140453f238ac845b9c2222225c5552950b7c0a779cf15cea72eef1e571004a2810c09e037ddeeeee7c01041c02b11e3f64e5c9262b398dee2196bea52161

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\F7APRRHA.cookie
      MD5

      08a7155e4bf2d3f4b37381b520a37732

      SHA1

      6fc5647a9828dbf7be9af3034c558e670853675b

      SHA256

      e347035ede40f61b4364503c282ffd587643e4e724202fffaaef0a4ffb356066

      SHA512

      2bf2cacf91bd06a362219023ad0aad351a74ee408e55898b6e0562c4cdae8b96a1f99b9aad86ebbe10d9226a4835adeba9f18a961cba3b72cbe90ad8f361c52b

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\X81A2QRJ.cookie
      MD5

      2c7ad1b5c4166a2f919d39c1721e63b7

      SHA1

      acff578a489e6cee185d67027afebbea50d7dcff

      SHA256

      58c616d4af106490bfca0f0e365503a9adac10c40c85f8a90501d72a9b07602e

      SHA512

      a5ee65dfd5d8986c000999e966231fca62d51bd703fe72fefd53752168f53dad4d4492048b462dd76738211fc04542c990412cc94278be4c4e8a7b65f6e17320

      Download Submit

    • memory/396-348-0x0000000000000000-mapping.dmp

      Download

    • memory/2292-118-0x0000000000000000-mapping.dmp

      Download

    • memory/3392-115-0x0000000000000000-mapping.dmp

      Download

    • memory/4796-114-0x00007FFDA1F80000-0x00007FFDA1FEB000-memory.dmp

      Filesize

      428KB

      Download