Overview

overview

1

Static

static

URLScan

urlscan

https://gpwealthca.g...

windows10_x64

1

Analysis

  • max time kernel
    137s
  • max time network
    147s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    22-07-2021 10:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://gpwealthca.godaddysites.com/

  • Sample

    210722-9txvneyhdn

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 53 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 22 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://gpwealthca.godaddysites.com/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4064
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4064 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1808
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4064 CREDAT:148482 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1524

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0F9490D9F9BD06FCD6FDFF4F73425CB5_1CB8BB112080DD01A59E09C86DBA0BAC
    MD5

    16bb32ce1f213048bcd15a6dccb15027

    SHA1

    a8b8db327ab0a7a34dae8ca0c9a497763bb43277

    SHA256

    cd6cd90d82ef7024c4fc1b717653c05fef6cb352d05b419ab155c435e100b815

    SHA512

    46ca9ac455c1da57b66aae6b3ebd69cbf8855e41bce8e6c2238e07eaf7465d734f65fdca23298c5e57aab7ae08e8a41c3b20867917a35d0f6faf0c0bf9314a5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
    MD5

    0675c0d0da9a6eac284a10c2ddda636a

    SHA1

    6c7856ef6be6b6fce283423cf9d48e7d101d7fa7

    SHA256

    7852903b2b3bd59c816aa0a74272a4c51bae13f38bb72a67f3fd04b50d061b50

    SHA512

    09a3f652bd943a7cc3def436c9fe769bf5c30499b78d63598fc2fc23fa15932a08d545354129fc346133efbda456edfe8d4a10bab5a50abe7d132c2228815232

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
    MD5

    ff5f385510225a3bb2ac0595bcb62b3b

    SHA1

    5894f2849bac3aa352a8a834b8b51999ac8d1b73

    SHA256

    2306ea9735b51ad05b09041ac9505996de50a43637dd09951e90e74d1ff55f4f

    SHA512

    171c991c948388c1c0dd2ed06c27303042d5e03b4cc8c3114b57f05c7b83d14bb8e304a791608867a9768e36cb3b18b74927529d5205630f19d42e4ed047973e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4
    MD5

    d33394b86db2d590028ae542551b5a67

    SHA1

    200fac7cc75d4da652d0918a6fcbae6f7ca2c5a3

    SHA256

    4d5ff3d32db0d6e78c27f1de69f614c507a0928d24f1de79360cea58096b3859

    SHA512

    114ceb2a930baeb652710387734691cf9d56d2f60d1db94d9095151b1f537b7c89f504c96f4591e863c0c218ad200485e97e77c06ebd4e60c33958ce24acf167

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    4b8ffe79016c051a1fa57e4ab8ee0e0b

    SHA1

    a06394b4c74aad7d296327a942729db01486ea26

    SHA256

    75e171759473658cd648f09d099b249f99a7cb139732201576b07c4554a9c4b9

    SHA512

    6a057cc6cc12715d6324e0cb8c22c3d1ff5a8bd20c5ecd10e64ae155a5a5936a972374fa8005d9cf195fdd44deeb24e54f27d3eba78aa0f3a82e03e272e39091

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0F9490D9F9BD06FCD6FDFF4F73425CB5_1CB8BB112080DD01A59E09C86DBA0BAC
    MD5

    07a9cae99d5ae4c56f48ab49eef8de08

    SHA1

    538d9dbe592731fa7953d088ba8be7af34cf1b55

    SHA256

    dc93077e438d4862a712f04730098f9450a7fa6d386fbefdd297f615efd194af

    SHA512

    87d1a4b48624f448eb8eb53b361710a963a87cebbbe51403274968028a54807910f580323596ffa4f451953e8d821290e3575d6588357b59faafd18617fc2071

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
    MD5

    abad80c3c75f53e0b76bf08771db2d6e

    SHA1

    30008c533192b685ca1007f5ec1ba5992f5ee22a

    SHA256

    819acbde83ca88b4adb06c0da12b1960939b5756f0a635ba8ef6a719ef2ea1b9

    SHA512

    7f6e0408e400ed3d81fe599b8164c77a3db720e3e7a589de1170dfc13677018ef7fc50b16b510fbf460d9b07cedae161389421377645c06ea02293f34da9e632

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
    MD5

    1b7d30008f6be51625d55a8bd3fe070f

    SHA1

    933374023ddeba8b13ba853637cd079866894fad

    SHA256

    44146fff28f73e1c0a4efbd94e980adf8402d64a5f19154bf52b0a5f777dd4f2

    SHA512

    853a966d3cff6e22cdcceb945eb29c552a683613a3ce925557d4c1e30d05c4792629ed81f1bd7010643a6b89440ad4f5b0af41d5c34a954abc5bc966824c17e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4
    MD5

    1560391184754faabf876640f103c0e8

    SHA1

    0784109958cb291e25abd68f72f3621f38d5c3d8

    SHA256

    1a7e23a4b009a6abdee5bb797ee6d7e8cdee0039bf97d10b2d7cc9cfd1b3d899

    SHA512

    d912865d5e81e3a9af70ce39c87b77dcb11ddcf0f7d8b43effd0112e7c546d012ec29e718e3bf57f2d55d37a22905c44cea1a3af16dc0da7bd70ff8627ff15d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    53967cadf01b66bc6ea2fbc8c0aec259

    SHA1

    b7114056c8002737792b990e043e51303552780e

    SHA256

    aa42ca9f7e8160c66cbea35a38a89e0bb5ce3d552ecfd09457a7efcb6cf116ab

    SHA512

    615d29117e24335deec1427edaa4731efbb0ae5e4d6fe6dd4d527974d3499efcefb1376473a9e0006dba98fc94c22a7354e4f77ccf53296af049640b2ee452c5

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\0CWM1DRO.cookie
    MD5

    9260343625ac845f29738fe50caefa41

    SHA1

    7890235ea278e9465f7ed1ed71822a989cfabf3a

    SHA256

    5326c08da6b146cbf97955a7f6994ca7c017fccddcb55f6434cf53bb906fe23f

    SHA512

    cc9a61b1a70027c01c75cbd1bf8426ad9d17fb91ac11029bb06ffbbbfce30e8267baa8a15eca226d67afa8a18a94455496a4435aaaeb659f26aa9da08e0d8b2c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\2GJGQYI4.cookie
    MD5

    01d75ab71216a29968db2faefd5833da

    SHA1

    93a301a83a8e34afe001325e885cb1bb9669454d

    SHA256

    7df69d2dbb58e6a0146a3c0fbe450025d155e771ee4aa1227c84f343aa7dae04

    SHA512

    5e4ffa28ded519c3b0ae4b70402631c0040e52cbbd164bd364a175330b502eacca20f3356180056938ea14012bbe7d06270bc478a9dae94b58c8ec5bd006a510

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\LW4Q6JP0.cookie
    MD5

    6b8be2502f78b5af0b1058527c59bd28

    SHA1

    b3869bd13d1ce7703d7ba0d4fea361cc1536cc4e

    SHA256

    e83592a87ecd179da4ec1546a505c0c899f3e82509f1d4b9b25c45cd4156aaff

    SHA512

    840bf5ea4d1c60f95ce4b9467cf0eeece8f1b9aeeab6be140804de6c5af4d21010ca3767a2c703092fcdfad110777b788a85eb9bf3d391b91013f195a6e1be9f

    Download Submit

  • memory/1524-121-0x0000000000000000-mapping.dmp

    Download

  • memory/1808-115-0x0000000000000000-mapping.dmp

    Download

  • memory/4064-114-0x00007FFDD9B40000-0x00007FFDD9BAB000-memory.dmp

    Filesize

    428KB

    Download