Overview

overview

1

Static

static

URLScan

urlscan

https://evelyndovale...

windows10_x64

1

Analysis

  • max time kernel
    142s
  • max time network
    156s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    22-07-2021 10:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://evelyndovale.com/gp/wealth/images

  • Sample

    210722-n5erw22mfa

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 63 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 22 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://evelyndovale.com/gp/wealth/images
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3904
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3904 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1296
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x3f0
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3796

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
    MD5

    0675c0d0da9a6eac284a10c2ddda636a

    SHA1

    6c7856ef6be6b6fce283423cf9d48e7d101d7fa7

    SHA256

    7852903b2b3bd59c816aa0a74272a4c51bae13f38bb72a67f3fd04b50d061b50

    SHA512

    09a3f652bd943a7cc3def436c9fe769bf5c30499b78d63598fc2fc23fa15932a08d545354129fc346133efbda456edfe8d4a10bab5a50abe7d132c2228815232

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4
    MD5

    d33394b86db2d590028ae542551b5a67

    SHA1

    200fac7cc75d4da652d0918a6fcbae6f7ca2c5a3

    SHA256

    4d5ff3d32db0d6e78c27f1de69f614c507a0928d24f1de79360cea58096b3859

    SHA512

    114ceb2a930baeb652710387734691cf9d56d2f60d1db94d9095151b1f537b7c89f504c96f4591e863c0c218ad200485e97e77c06ebd4e60c33958ce24acf167

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    4b8ffe79016c051a1fa57e4ab8ee0e0b

    SHA1

    a06394b4c74aad7d296327a942729db01486ea26

    SHA256

    75e171759473658cd648f09d099b249f99a7cb139732201576b07c4554a9c4b9

    SHA512

    6a057cc6cc12715d6324e0cb8c22c3d1ff5a8bd20c5ecd10e64ae155a5a5936a972374fa8005d9cf195fdd44deeb24e54f27d3eba78aa0f3a82e03e272e39091

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
    MD5

    c779a041751d938a8ca4fb6de1195bea

    SHA1

    6f628176e7e9a77f8aa905bc0d863cb07de7f2a0

    SHA256

    cc7c206a0c5a052470903251db576c3d4c7efe62e0a272152f6b69cc012089ef

    SHA512

    9c7debe6642a1138b184eb1a4d3fdf31aeda3c8f15d3f0800b3ef0fdb792c1fe3e235549aa0885c204642e5929948bdeb3cd29878ef4d07cdb1b07b6f76c1e8d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4
    MD5

    515a75c078be6d6c5ce48874a5809ca5

    SHA1

    a7a39a3ca2b9ca0a1f3239c00641fdd44d48851e

    SHA256

    c19a238ed541e63dad8906155c8eb3c3630ea697f6a3d714a3c42a9acc5f01b3

    SHA512

    f381ede1a94c54521b97ea3e2f0f4dca44f1220ca7efd3fd20558cf6c20159545704e848894e9cde44ce99714bbcc2192ebac31d0d71a1fc28d8f6a1c797a9b4

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    b7a427b32e6d85ffb9b77e0d0b52179d

    SHA1

    98422e979063405f0a4a9d9f9671adbf5fbbd489

    SHA256

    6273c34c17215a225126647347c414a3ecd126e25c3d41757bad19e8bcfe77b1

    SHA512

    ab342f2f1b78ede7850f72fb50210c064d0275e5decd21f99685e03b1d5421ac16237aeaa9d9043a627c804ad1119533203524d7f8afeef4ffed9d6680cc9699

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\NXQVOB10.cookie
    MD5

    0b2c1a9bdb227dd23b7dfc2bded4cbab

    SHA1

    cc17c14b3651e779f792155b83d5685ade7ea8fc

    SHA256

    6ae0700a8f4a9033b6b1e97e3d6225158c3e4827a3973f190a62f4597ac9528d

    SHA512

    cd536215c203038ba775752d05f4cf8a7514f6d2d5278425cfe407a5364c1bb40b4f2d11b8055f9b0a82829b4adc3abfb511846ed3f85472f3e11107764232a2

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\Z1YKRR23.cookie
    MD5

    577b5a820dd1a044bd62e7d641e4444f

    SHA1

    d87959d35b58a65bf2342a9f1983ead9776f4c67

    SHA256

    27737c7a4dc6cd3cb3bb69ff03e6b439c21295a2b3481bc9ddabe33bb03e3277

    SHA512

    ddc3cfb872a010c88bf8a716dac3db11533954c950d41bca6efcc4662443f126ac959bee1e339ece2fc99f2fbfdfa878fb34cdb178207bfbc1943e3a5dc3df27

    Download Submit
  • memory/1296-115-0x0000000000000000-mapping.dmp
    Download
  • memory/3904-114-0x00007FFA588A0000-0x00007FFA5890B000-memory.dmp
    Filesize

    428KB

    Download