Overview

overview

1

Static

static

URLScan

urlscan

http://162-241-165-2...

windows10_x64

1

Analysis

  • max time kernel
    146s
  • max time network
    152s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    21-07-2021 16:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://162-241-165-206.unifiedlayer.com/wp-content/plugins/newsup.pl

  • Sample

    210721-mpj61wncmj

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://162-241-165-206.unifiedlayer.com/wp-content/plugins/newsup.pl
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3560
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3560 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2180

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    4e64ee3a1f4c34f528e8de9b728dbca6

    SHA1

    9b27bb889cc2fe2fbb89c0c7c8aa16a841291499

    SHA256

    ec75d601fb9309c65a60ad6bd10b10c5927c77648d42de670003dc0b2693105b

    SHA512

    e23b06910c9009d254dba06b1fe8910d10fd0c11cf0ad22ebf21cf41765da0f51f9179eeb39ca7317cf3ccfcce01622914171ebb9e7c661373dbc92acf9676bf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    486207d4db663cbcd854bff263c6a512

    SHA1

    8c1234bc7b314077a314008aeed1d6a09f5f4927

    SHA256

    373b871aa073f33b0790661d6cb2ba77356153a8853f8608431509cbaa6f08f7

    SHA512

    650388f09cf5adb2d9ae7b867c267e323c4de848f7cf109a503902255973b91a78a1e9c77855b4a648e7d5f0667a7f7ec1f38f8381828710a97a7ea94a7b96a6

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\0BPYLFH5.cookie
    MD5

    fa3e819040a9d0e43a929215437e97aa

    SHA1

    671e7ef4afa83752a5b4cdeaecbb94518be1768d

    SHA256

    6ac2494e01141cafe6de5d07b99893c88635122c00479fd3849a808433ea0ea2

    SHA512

    7bf647f541beda700eb727d2be40ec350d78b41a9851e59c3dad8563c73d5f0cccf34a9f1e69ee91e0b3f9c778829a136811db2e7767aa4ef22d6d9a7fc7fb96

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\ZYHJMV0I.cookie
    MD5

    3cd08e3ae32f63d885e6f375fed5ccb6

    SHA1

    d007a0ffc7e33522ad2414125a6cadc0319ce534

    SHA256

    74193e833937399d38b66d5322341b2393125b4df8ceafc89cef896d525923ed

    SHA512

    9a6311554c2b8772c28f390a9c476305c6c716d6b46c2887d0c0177f652f8943c462328a6aa9b908256132850b5c8595c49ad6b05c6b0b9a6c581d787c95cb6c

    Download Submit

  • memory/2180-115-0x0000000000000000-mapping.dmp

    Download

  • memory/3560-114-0x00007FF901450000-0x00007FF9014BB000-memory.dmp

    Filesize

    428KB

    Download