Overview

overview

1

Static

static

URLScan

urlscan

https://www.felipeba...

windows10_x64

1

Analysis

  • max time kernel
    68s
  • max time network
    147s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    22-07-2021 08:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.felipebalestrin.com.br/

  • Sample

    210722-wl3wn2vyza

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://www.felipebalestrin.com.br/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3744
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3744 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1556

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
    MD5

    0675c0d0da9a6eac284a10c2ddda636a

    SHA1

    6c7856ef6be6b6fce283423cf9d48e7d101d7fa7

    SHA256

    7852903b2b3bd59c816aa0a74272a4c51bae13f38bb72a67f3fd04b50d061b50

    SHA512

    09a3f652bd943a7cc3def436c9fe769bf5c30499b78d63598fc2fc23fa15932a08d545354129fc346133efbda456edfe8d4a10bab5a50abe7d132c2228815232

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1E7E1BE729610F7D7261C865BDE45C35
    MD5

    c3d347c15c3d98025b172833f7cf3fc2

    SHA1

    e19041ca19a40aba5265cf6afb02fbacb0128a9b

    SHA256

    c77e71d02f630f5f94b11595191ee8c5861f7786af8d79a94ac9e4ee385b4cbc

    SHA512

    6353a6e2be50a2232c66a8261870585abc3b37d0dff973a487dc4e2a9ec16729058836f0d45105113d8d21c48297eb614452e92d8391dc0cc8673683ea2fbe16

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4
    MD5

    d33394b86db2d590028ae542551b5a67

    SHA1

    200fac7cc75d4da652d0918a6fcbae6f7ca2c5a3

    SHA256

    4d5ff3d32db0d6e78c27f1de69f614c507a0928d24f1de79360cea58096b3859

    SHA512

    114ceb2a930baeb652710387734691cf9d56d2f60d1db94d9095151b1f537b7c89f504c96f4591e863c0c218ad200485e97e77c06ebd4e60c33958ce24acf167

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    4e64ee3a1f4c34f528e8de9b728dbca6

    SHA1

    9b27bb889cc2fe2fbb89c0c7c8aa16a841291499

    SHA256

    ec75d601fb9309c65a60ad6bd10b10c5927c77648d42de670003dc0b2693105b

    SHA512

    e23b06910c9009d254dba06b1fe8910d10fd0c11cf0ad22ebf21cf41765da0f51f9179eeb39ca7317cf3ccfcce01622914171ebb9e7c661373dbc92acf9676bf

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
    MD5

    6cee17bfa85b295c2978d2fecd05d5ff

    SHA1

    a9418ce07f44689e85cdf0d66a771bd22df5a379

    SHA256

    384f27e129e1942f483ec2990acdf5e40394fece9e881d5533cd2b1afee5e772

    SHA512

    83e1e2bea4cd04af00a609b9ea8ed114df84a46709972f58d5e3cfc3ff3167f06f46f365b154533f8f4cc02a339c003eb83e1a405bb4ffa54289f77ffa08cd6d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1E7E1BE729610F7D7261C865BDE45C35
    MD5

    f13d77a4afb716fba682a3c8c452bcaf

    SHA1

    507a2f7a923c4afb9d4a6c6ba7c91aa6ecb0cf1c

    SHA256

    388b89439e4b82e063098c3d5ef2847f2dbf9f9fdabdd263885a57f052714cfa

    SHA512

    28e87e9f177744e5feefe2ae6d9172cd216ad613c5434733dd6bb196bbc86e51dba790f32b97f176a4d571d68fb82d6545201e3273934251467f94d92271eeed

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4
    MD5

    72e4c7da935c12a40c2da41c3d81f59e

    SHA1

    f134337662d34a573aab88034e90e90326e19e9b

    SHA256

    7ec0a7a358917af96b42137ae49dbee886740b05cd1aff02b7a2dbecff6875e6

    SHA512

    c9a84f6c8e574beefa42cc4cfc9b9ffc50497f666c4a3fcc6cba44a5b6d44677a352d72395d8a536b1aaa004e70d656cd18461f19bf3148f7806727ac177bad9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    5ba7bb373b35bf95bf73e20338989012

    SHA1

    b3571ecbde3a7f52423989efb2efc6f4900ee9cc

    SHA256

    88fea29172871c87a245c9d6b323602f475cb8f3b13ac9899fdc0b254bcb6e25

    SHA512

    6c50bae2c5a06c3708ff1456e2086b1541378ca5d03c9317f17a7ab088c36e8c53c423e34157eb9d528dbb9b56ea0282c38bee51867bfc2633e0ee3179c41b31

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\8ITNR39T.cookie
    MD5

    4a2b7aa07eb7d338e0d431f6e3da0650

    SHA1

    38dc6350d1f1127e2be84c224c24eb304d80a77a

    SHA256

    cad16050539ff6b5fd60ebc1042d87477686f71406f4dfa5b62ef50de0b98f44

    SHA512

    4c867ae1d73d896163a06518af03e23d752a6985cca8fc30bbdca6c7e738dec455270152cfaf83eed507acca2fdff7f7e05a8db76fa7a2779a51e17f463d58a1

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\GAACZAAC.cookie
    MD5

    053ebbbc09ba4826cfd765b99010e9f4

    SHA1

    2f37ef6ce31084863a41b830f71ab59050bd890e

    SHA256

    78c00f4f744498724ad13ab8d885a6ac3f13075ab9b0467e565d97e3c8f2aac9

    SHA512

    4e023f15c387dfcad1e2772c3ce4a4647d17a5d980281515a5ac4701d12c0ba7f0ce5b0dbdcfa5aea18bb3dc2335aebb0fd5bd22a4bc16eea3f1c059f5048bd4

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\R659WFOA.cookie
    MD5

    3e00e5c186cb486baf075a2081f77d08

    SHA1

    9a7a8c336023f6bb612a5047b726eb6e0b3e7613

    SHA256

    0dedfdeb912199d75dbc7b34672f30de9ada4a2d213cdd3f4971a7aa72200d38

    SHA512

    610f25cdf55a8ef2d90073be3a8fa5b67d63391e48bfd3d6674417d323548c72057d61da5e33c59c9f9def9f761de99e9eb05b83fb3c5d884909e2a1c5fb5add

    Download Submit
  • memory/1556-115-0x0000000000000000-mapping.dmp
    Download
  • memory/3744-114-0x00007FF9EFC10000-0x00007FF9EFC7B000-memory.dmp
    Filesize

    428KB

    Download