Overview

overview

1

Static

static

URLScan

urlscan

https://onlineshoppi...

windows10_x64

1

Analysis

  • max time kernel
    92s
  • max time network
    163s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    22-07-2021 08:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://onlineshoppingindex.info

  • Sample

    210722-l7l2xxy8jx

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://onlineshoppingindex.info
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4448
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4448 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4868

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    4e64ee3a1f4c34f528e8de9b728dbca6

    SHA1

    9b27bb889cc2fe2fbb89c0c7c8aa16a841291499

    SHA256

    ec75d601fb9309c65a60ad6bd10b10c5927c77648d42de670003dc0b2693105b

    SHA512

    e23b06910c9009d254dba06b1fe8910d10fd0c11cf0ad22ebf21cf41765da0f51f9179eeb39ca7317cf3ccfcce01622914171ebb9e7c661373dbc92acf9676bf

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    ad43e5bbe4d1fd8a7cc53964fe3242d1

    SHA1

    9c437b0379ff1b6807950acffb21ebf912d1c626

    SHA256

    af15d6654b5a5f077b5ea9d29b3dd0d8253e1162c83c6f8575ca7ac1679900f7

    SHA512

    f32f151628e34f58b35ed005ce09482582808a435a6aaeeccdc70e3329aa1c442a8d36684933f54ebbcabc30f963ef94762191e7eb398945b313ec7c0b1d3a07

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\MVSVD02O.cookie
    MD5

    736f37997fb289bf3ed934b1b789295a

    SHA1

    6dc8e5208c5597082bfcc30b7036cf4e39a2424b

    SHA256

    c76599be1ffa89b929245e2504b9f5ee4d741ceab2e5bda3c91be5446e4c8c76

    SHA512

    0c27599235b51c70ee27fe65f57abc1f98f074af5cdda94ca470079b27c669d8ca8a4a00406aca265c9512f17cf14480cb1b21977c419188c0f2ac36a83efc17

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\V6RY6C27.cookie
    MD5

    78131e8180008a32dd2ecca3f1235627

    SHA1

    7299764c4e14fce0d8cf962c6a88ca856a4f7983

    SHA256

    d8f22b301171f5a757575e3d890ecae8111caeec0c7b972b525fead30408caf1

    SHA512

    c4548cd5c352047db0605f60a3541f4b0ce58e6092dd4ebbfacaf6b1896063cd3d1cb323d91b2ab7f9f5883607dfcca51f5edcb093400efdfa3d76c0b21d96a4

    Download Submit
  • memory/4448-114-0x00007FF9EB020000-0x00007FF9EB08B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4868-115-0x0000000000000000-mapping.dmp
    Download