Overview

overview

1

Static

static

URLScan

urlscan

http://feedproxy.goo...

windows10_x64

1

Analysis

  • max time kernel
    92s
  • max time network
    153s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    22-07-2021 08:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://feedproxy.google.com/~r/dnroptydmc/~3/h9JI_iczrMM/amiably.php

  • Sample

    210722-5k54mw9arx

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 51 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://feedproxy.google.com/~r/dnroptydmc/~3/h9JI_iczrMM/amiably.php
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:584
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:584 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2420

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    4e64ee3a1f4c34f528e8de9b728dbca6

    SHA1

    9b27bb889cc2fe2fbb89c0c7c8aa16a841291499

    SHA256

    ec75d601fb9309c65a60ad6bd10b10c5927c77648d42de670003dc0b2693105b

    SHA512

    e23b06910c9009d254dba06b1fe8910d10fd0c11cf0ad22ebf21cf41765da0f51f9179eeb39ca7317cf3ccfcce01622914171ebb9e7c661373dbc92acf9676bf

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    419b70b6e64f3905fc4ec2393af3c5d5

    SHA1

    5ee316a54e23f53cbf25fa88231570742faab40f

    SHA256

    ffabfd7857977889dc53d9f3f72f711ab5ff720885866e6f7da6b86ad6ebd250

    SHA512

    8fb2fc3a74cec01c72f8ebb709b07c960b2f5617964b78944830d41cc0ed19e7489596250b919320457b146997872900973848d64320479375e7c6958419f6d5

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\8RA6B90C.cookie
    MD5

    3c5fc5b43e29565c09c8fde4b7b4fa5f

    SHA1

    2ad5e0c9148afa9f55cade040465b3be2bc080a2

    SHA256

    329a9654bc14a844640687e0904a476f1d18de53ea89643a2cb9eccb8529b678

    SHA512

    7703410e2faf143f1e1b435ed2d7cdf71a67857e88a7c97603c51d6a6cca8b05b0a29322d35a92f49fb73e898a486cec96bde8fa7d0c74fcd6acd08b35607cf4

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\QCCUJGAA.cookie
    MD5

    849ee3771eea0fa39904209ea2adde71

    SHA1

    3dca227e67cd11e317fb8bd1e498e6ecd01d3dc0

    SHA256

    78d472541eb645bf34b7715d25271d87cc417f80dfab377dab54d655bf9532fd

    SHA512

    11ed2b9f5d085ddd44a39d0297fa801114d373d9d4b8c5a71391f078e8c7e5c07e8150d9ffec1fc700031b25b84eae92100c8b64b9a6afdce8fa6fd64b1e3bc5

    Download Submit
  • memory/584-114-0x00007FFA21F80000-0x00007FFA21FEB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2420-115-0x0000000000000000-mapping.dmp
    Download