Overview

overview

1

Static

static

URLScan

urlscan

https://crm.onlinesh...

windows10_x64

1

Analysis

  • max time kernel
    92s
  • max time network
    152s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    22-07-2021 08:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://crm.onlineshoppingindex.info/crm1/index.php/campaigns/lh4966nvx9c00/track-url/tx8539tnqm31f/405a76539ccbd4926aeba0254275ea12e28f89ca

  • Sample

    210722-3cf37ht9qj

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://crm.onlineshoppingindex.info/crm1/index.php/campaigns/lh4966nvx9c00/track-url/tx8539tnqm31f/405a76539ccbd4926aeba0254275ea12e28f89ca
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2116
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2116 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1340

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    4e64ee3a1f4c34f528e8de9b728dbca6

    SHA1

    9b27bb889cc2fe2fbb89c0c7c8aa16a841291499

    SHA256

    ec75d601fb9309c65a60ad6bd10b10c5927c77648d42de670003dc0b2693105b

    SHA512

    e23b06910c9009d254dba06b1fe8910d10fd0c11cf0ad22ebf21cf41765da0f51f9179eeb39ca7317cf3ccfcce01622914171ebb9e7c661373dbc92acf9676bf

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    8ed827591c3bfec83663c540c24fb878

    SHA1

    1e21ca1f3262831fa7b4f7b18451380bf0feef4a

    SHA256

    bb52f76b07ef12d82977cfa7d3a76220a9220a49927d422c331f5067e840ffc7

    SHA512

    15b53a9eb31079c0f1660084300dd5bd5b400df7ecf0b6c85813dbc30cac05ce1c828d5bb85c8fd00dd3a2626a89489d818450faa2597747e66df12cca5c1b8d

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\6EMEJ71G.cookie
    MD5

    303a0854b96513ab4640913150a4d5f6

    SHA1

    29611d963d21af5cfb3c6a81bfcd788897e0ccd3

    SHA256

    29816514a45385a50f366b56174f31afbb63f87749e6ac11b6858a9dfa3e08cb

    SHA512

    e2c3b7dfc7ef90544d1c8067dc578f0ba9f623cf4270d29dab2c108c226092a4a2a5cadc6ddc7e8f1b05d225c722f8b0a0f9ad6cf8a08a364e9d09c85d7a5923

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\XD9QHKOE.cookie
    MD5

    23172036e0dc7d17b7a4240e99dcb755

    SHA1

    742e867a8f885b5d70766c2b78c780608be9f753

    SHA256

    f993f7f57efc44b4ba5c73802b59558a00dd490249685e0d98f690d4ba61b32a

    SHA512

    ebce7f4d3dde66107baebc158ca6e2513f7654b4285a568a381f6c491d381797c8961578c6ba1bc1046122de89ac02835b5fc80e7787db843f55ae2d3d06af0e

    Download Submit
  • memory/1340-115-0x0000000000000000-mapping.dmp
    Download
  • memory/2116-114-0x00007FF86F970000-0x00007FF86F9DB000-memory.dmp
    Filesize

    428KB

    Download