Overview

overview

1

Static

static

URLScan

urlscan

https://leymk.com

windows10_x64

1

Analysis

  • max time kernel
    69s
  • max time network
    147s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    22-07-2021 08:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://leymk.com

  • Sample

    210722-a374vhmg56

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 44 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://leymk.com
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4064
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4064 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1564

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    4e64ee3a1f4c34f528e8de9b728dbca6

    SHA1

    9b27bb889cc2fe2fbb89c0c7c8aa16a841291499

    SHA256

    ec75d601fb9309c65a60ad6bd10b10c5927c77648d42de670003dc0b2693105b

    SHA512

    e23b06910c9009d254dba06b1fe8910d10fd0c11cf0ad22ebf21cf41765da0f51f9179eeb39ca7317cf3ccfcce01622914171ebb9e7c661373dbc92acf9676bf

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AD8A76660D29E4674C979068401F4A5E
    MD5

    2969f8172859e38c84ac1cdd3dee1c27

    SHA1

    9445bbb8c4371189e2e3cf7b8d66b21a51b33622

    SHA256

    c008e5e4eb083461421172c280ee4e3d79658fc8b1859af348247fbea03f010a

    SHA512

    2e8be3275624af93a2accca57de5007ce2cf7309ec1e7c1d5339781aa6b042fcd5f3a09298658356bb916f1afb55f3b38ab2f67c5e62e1c2df228ec52e804147

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_28699ABAC9273C08DCF1E93A8F6BFD1D
    MD5

    ff44b3a52a454952b12137de46469f3f

    SHA1

    290e0c0d536575b6e55cc93b13189c37a5026289

    SHA256

    f04b73eaa2fd17b635cb907bf0d5386b512d66b003926f4de7ceab6d2ef27e27

    SHA512

    260561ce42ffa365405c9c068dd2dbff8a37915344fd5e49673765249c3b1e192ff12cbf6c4d35a1159512c021ff4b07c58b2ddc66f6892a7411e4689084e927

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    319420b062c2b89009d8fa4f9ef85b65

    SHA1

    956c70d42dce4fd83ebe7e57eb405ef634a4733b

    SHA256

    a89da85c2c4ca42a12f75be40f657ed5e4b59b6b15a88e882f2ccb1523f569d3

    SHA512

    1ec72dc45118393dbd23ccf7d4ec1f803f4ef776ab4f31ae694ac3d7dee34a2e3e56d17502649fef116ba8f13d19cd17d53a7b5761567be553eafb8646d35a9f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AD8A76660D29E4674C979068401F4A5E
    MD5

    027eac2937e385a761b8eae5069d1ccc

    SHA1

    dea9017367be5f093e155a00760da83b257a699d

    SHA256

    6b56b0a22020f99bfc2c56093fa4cf879b6cf8d494710a6d0baf11d2df10aba7

    SHA512

    fbdf47c512d406422e1a3d0bc00f084687af42d392f8cde146579f1877cba0b97d18991175e1177d416be9cfdd58b3648fc09bf79384a64caa0ea5b9fba5f5d9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_28699ABAC9273C08DCF1E93A8F6BFD1D
    MD5

    a559d3fa6f6a72e9e10df99bbbc49fe3

    SHA1

    9d3f64b33059344e0087ff89ce87d44c71c2a866

    SHA256

    741e30218c0a4b36ee09a2c01dea44e3eb8328b26dd1f385470fe2fe1258ba05

    SHA512

    6f1e582af9f973ee22e599ad057fe8d28c1baa15dc029af5d4ee2ae18ace9d0d37de0b16912fac0af343a312a6b80381eada24b2a09182f817a93b6d02e9ec2e

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\BEI15QNQ.cookie
    MD5

    a0d3e0e088f5f33b096ab713dda83e5e

    SHA1

    00ef5ae21783586a3fc1a2f3c7434dc14b381e98

    SHA256

    1c37387c8b079cb2fef6291edb25e98037861cb361b21fae1bf426c730a8ad7d

    SHA512

    b3940a499bbc137eb1bd6acfbf9045d4ccc2b8b7f335f492111bf6b38a700de19ad949095d88fec77eb79b3f1151616b9282e5fb5f8b90c42700a4c50d3231d2

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\FMWJX2ER.cookie
    MD5

    79bf0865fffc82ea5a96241203150997

    SHA1

    06fa0719e1ae906b134d60cdddc30b958f5f1878

    SHA256

    11391213c74dc8b7da2408274d10dd6cd76fb77e9dec92eb45104f82e7e57557

    SHA512

    62ec75da2c31021b01861a2bce0975ed3e46d96b27a5b1407a165d432340a63d94baf2e5adb4da27a6d6952691ca1d9db84a50d29f691b96ad5debc2e896d8c7

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\LQOUU18S.cookie
    MD5

    acd72e7ebfc8f7c142a4aaf6ae6c484f

    SHA1

    99573e9ff7fa1c19d0f2f5b895fd3b1f9a1238d4

    SHA256

    f6b8b1b17629fc79b18b58ca146457e2048af16e93474c274b8ac583fa892081

    SHA512

    d0eb9bcce4bd9f6406aa06c7357c56d2589a241ca25352f3ff873186eb0578a08fd27a6a7e6fec49d6f23eaae3b16f98fd9d6d06dd8863ab6dc662b9f100d5b6

    Download Submit
  • memory/1564-115-0x0000000000000000-mapping.dmp
    Download
  • memory/4064-114-0x00007FFDD9AB0000-0x00007FFDD9B1B000-memory.dmp
    Filesize

    428KB

    Download