Overview

overview

1

Static

static

URLScan

urlscan

https://vendormail.s...

windows10_x64

1

Analysis

  • max time kernel
    67s
  • max time network
    142s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    21-07-2021 15:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://vendormail.sitey.me/

  • Sample

    210721-e9nvbzgass

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://vendormail.sitey.me/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4020
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4020 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1488

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
    MD5

    ec76fcef338403dea1b5f66eb03e9526

    SHA1

    b72d78e82de4543278f82362de24a1cfff2f5f38

    SHA256

    a59f0d8e16508f65ac9f5e1bf609d5558ece705459a6bfc7119cf0dae64e76d6

    SHA512

    9601645ec3bbb17dbd1a72ae1ad8432548a810d28772018f2f67827e88acef398671dde09ec0e413b292a3d77bde21bbefc54f7fa8c2b59a89164475e13af57a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    4e64ee3a1f4c34f528e8de9b728dbca6

    SHA1

    9b27bb889cc2fe2fbb89c0c7c8aa16a841291499

    SHA256

    ec75d601fb9309c65a60ad6bd10b10c5927c77648d42de670003dc0b2693105b

    SHA512

    e23b06910c9009d254dba06b1fe8910d10fd0c11cf0ad22ebf21cf41765da0f51f9179eeb39ca7317cf3ccfcce01622914171ebb9e7c661373dbc92acf9676bf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AF3BA1CDD96BBC740C9CE3754F348BED_2659791305AE0F4014B3BA6B28DFD0BD
    MD5

    4a578957f2a192ae924db791796be3ed

    SHA1

    c90ab2785f5e699c4ac20cd93723079f8e966468

    SHA256

    43b050f3c3eda1c0aff6cfb9a567a92fb7c0dfc59cbed9538f8b1fd5bba62d38

    SHA512

    710052d4a67cd08e45852182a60fa1acef402dc3c8ffeadc08fd4d7f8ded8869106de74f7b72cb24f006a56aa59b8aa71a36ca3af87d7e8793037e343060de73

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
    MD5

    9aa88047a31cbe915c77e1c3fc397333

    SHA1

    b003507d3b792bfb62ee56d9a4f4e4eb81112739

    SHA256

    f38765437607e3e723533dd4869435719d3d923735208d8be17744841ee57a24

    SHA512

    4ae074c0d9d04215f37a0ef278d6923da590e14127fa24c4fdf69c35c594a96746a8bab137fbc50a9f3c093c2d5134b0c85d420158aac22ba4d5761eac50fb75

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
    MD5

    8c4c33558162be3a56e50c74b41cc5e3

    SHA1

    306fa42a8b3215f69f3fc9106485d061149e25dc

    SHA256

    3578c46f6a650c63e54c919c5e584cf21b4ec42958f9f7508ae4293fbe0200f2

    SHA512

    b1c4ac39690529f692cbdda0df4898349d675d9ef05acb075f2b559de562ea7c9f15b7f8f66eb7d1814df4c5bbc082f20a5ba738b4df6c765031008e3bcfb7fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    243eab929c08ac71ee1dd4005af0390c

    SHA1

    561bd07c6034efb664010a73d9233df4226fce68

    SHA256

    007f58754dd390e187b142a55314f521cec08ad8aaabfab07786bddac4ea8a7a

    SHA512

    4e09924a0950169c0b42656836ad3cab925595430caf2954597a7ce704fe5cc4ccb4764b00162b7d41a2d5c36131951b961b1907f7454ca6eca3442e756b0984

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF3BA1CDD96BBC740C9CE3754F348BED_2659791305AE0F4014B3BA6B28DFD0BD
    MD5

    d5f8d7b8fa4fb75cdeb10a6bb4b92104

    SHA1

    7b1cab9ebeab9b28679ea5a35a53b880f6a87d35

    SHA256

    711c2bf29a783a0d428f96f1ab36a68bd8b861e3d451e35d4d9eac5c60e24cdd

    SHA512

    ae1688f764a22c376646a6ff146a6e6144cf1581dbcfa642edc82cf8ce8cf7f6f591917c02121a524ef6cad1075df65594da7bd70575321f1ac85186a498bab3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_CCF564BE5A3C924B17DDEBDEB5236E12
    MD5

    81784a177409633ae26237c9e32f0804

    SHA1

    d0c47675ead9cc0b1be1dde73feaaf47e069a3ee

    SHA256

    de1ce0c60d9e3279c7b962c7c3348336000ac154a60b9182194be19c9d42a2c8

    SHA512

    3c41318454069d0018e47e704c1f7da9229adc6633b0d0bd087c5bdd7d7561a14d2124d2af7345bcbec71c00b35739c5432db95864bed03b7cca84482e4dee9a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\BB1KSPPK.cookie
    MD5

    8a4972bc79da09d5cb7fc4dc8dffcffe

    SHA1

    56f745fb5b555ba46e9931c5c1eaac0c90586850

    SHA256

    04e6147d46b897f4ea710cfabba795706b4814943b98e0584d40b34a2ac29181

    SHA512

    a65fd63b069d053a2bf54990298e0b930686ef7754d7294aaa71843567808bbb5aef9dcba3a2df21cbb477ff95e861d3bb0437b503e110c9bfa36364756c15ab

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\P0V5UFZO.cookie
    MD5

    fc0c9979d9c4d748b42590e879a27373

    SHA1

    5b38e09a311884d37e5d951a19a584d0739d4605

    SHA256

    33cdde54cd4f06ac1e7a1e96802db3005ff387ad85337daafa8c1d12110b56fc

    SHA512

    c6a6f8a56f775609ab4a20b59be3c97274a6441fca221a2ebd4de5d2c7625abce57db1d853516195201161bf180b6ddbc483b6fc04f81b27fb63692f14a814fe

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\WRZT8O69.cookie
    MD5

    26fabd439ea6efc875e19dcf781e7857

    SHA1

    dca57cf2b4c6f4f3c47483f9b10862d5450883c1

    SHA256

    7b4cc9fd83bb58d04ba568d140076650205fe6237a68e828728d3119c75f6406

    SHA512

    987729aedca5704a92447b16644c8d6589bd5cad63f49e5879b5c686999538fc3892c1cb2778cae15aa1c2d5197acde63066545a3434326ce6711675cda2473f

    Download Submit

  • memory/1488-115-0x0000000000000000-mapping.dmp

    Download

  • memory/4020-114-0x00007FFFD22B0000-0x00007FFFD231B000-memory.dmp

    Filesize

    428KB

    Download