Overview

overview

10

Static

static

URLScan

urlscan

10

https://informationd...

windows10_x64

1

Analysis

  • max time kernel
    267s
  • max time network
    277s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    12-08-2021 21:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://informationdeliveryshipping-8f3c3e.ingress-baronn.easywp.com/wp-users/

  • Sample

    210812-xgjb5jt84e

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://informationdeliveryshipping-8f3c3e.ingress-baronn.easywp.com/wp-users/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:688
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:688 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2400

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
    MD5

    9e51a98dcfb61f6bdab7819a587c98ad

    SHA1

    e5abfb2df6288f4294d1ac4f54142b0877c13a0c

    SHA256

    1b0da08626b5078280ac8ffc5210735914a0efeb84fa78a29e0b4f52500706fc

    SHA512

    af91f920809dcc03eb3b368e567a5a7712eb7bf3bce8f7a6d188401bf05fade4c199062573064ce11927bef9d363368d4653f07908e417146e3ad0a4aaef81ad

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    3902d3f36dbbe6507d1ca44b60d9e888

    SHA1

    3d19803efd00a3f75a5ef84b1497cdbf0a738adb

    SHA256

    6a8e80f06a7941fff1b4ddef4ed3ea534ed06a9f36e79e4fa546dc62231c0f11

    SHA512

    ac46b2321da4925cbe4293560713d7273c85cd2727a935b7d0d7736e4e25399d34f937b417d3ae3d84ab59d40f9efc2ba94c10fc064aff1a10329fb3a212c755

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
    MD5

    3e9f22cc690a8f0a85c77641e868fa63

    SHA1

    fe20510f5f24bdcf66183653b9b8b4f12581530c

    SHA256

    8f71c8b1d3dfc7997d945b8ffa1331874246cb0fc64f56eb2a25c9fa0b978ef9

    SHA512

    a96110ee91309ab8a15df7e5ecef220cfc2289180c54c789ceb148cc6a74c2c1339a3271267611ee963556d2c8c824d3274bcdb92c7476bb10a7553ade121e62

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
    MD5

    c5e23ea82bd767d79bc5529b5a1fcece

    SHA1

    fe0eef779fec50de6f0256ba75017a9e242c9636

    SHA256

    dcda5eb321c4a0eb12e46a04e364a411ee5d6ccfcbd854d3dcb73324e76da70a

    SHA512

    63188af4baaa61c7eda67d3d4f73534fb8e062d4904c893b3a6ed7063c8a6101d196da96f419adaaf5ffd4e23f971601d3ccba9e84e0f0ec1bfd58edb2af108e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    32e088f1209675ac7fd9bc7bc6688c98

    SHA1

    33ef88e1fb3b401e5cf4ed90dd27f9c40120b320

    SHA256

    4754cba529853cedfef58456e9f569438899390295874333ef9047f2046bcb32

    SHA512

    8b1dd19f18c7c7d2d3293c182c157bd32a308ce5144dda3bc1f5b159ffbd4675197e952b9daae7eae432b78abb8a9d95d95d9838a8a552cfc24ffa62f375b088

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
    MD5

    451bb3a33d934e58a8c7b59e73255d06

    SHA1

    8a6c4328a92ff91c866aac1b3550fa4f0262f0a0

    SHA256

    fbfda29cdc74673979a60cbea8ddb47129e026bd120d79ee4a2f8e6049494d4b

    SHA512

    62eae75ce87ca67005d07f0bda256bc73cc3deb27751b8619ea9c74c9358074c3bec2404aa6cc41ffec30cb1a28b44408e72c8b375f044e93fe318bd413729c5

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\1GV5S3IB.cookie
    MD5

    cafdad3b0fabebf0a744c45106376118

    SHA1

    9dc0c678c1464c5b816336d5d7ac70400b9f8a2f

    SHA256

    b3b4c39ab8bca00307df1a8d94654e6cbe35ddaac5ae2e0de0680dcf81bbb38d

    SHA512

    399bca8d54e1b4d4e43f069e0b626318bb0783f036e0ba92253842043553aae994a64de809568161c06d6ca99b02f54ca9061c6fe0cc5db148907622e23ea432

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\93ZHEN7Z.cookie
    MD5

    7d9934778c798318365ed7fe93e93c08

    SHA1

    f3328da5dbb0a61b338806657329bb7eedc92d43

    SHA256

    2cdaabd423db69544e92b2196d8f1231778ed58d9e7e0f050223a7a9162504a8

    SHA512

    8a0d4be4235b785994e372bdb1b26166ffb6c18f2957cb36d946a17e14390577f85d202c818fefb4a7c7b2e8e53871f95bf5418fe2368b283c2d22cf97713fc0

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\FLFQTDC6.cookie
    MD5

    48dfe5b4745be8d43b8120cfc68c9f78

    SHA1

    3d0aae2d274b84b34fe626938e8f6f23e7d5afb0

    SHA256

    48cbb40f742b2f09bffa65c5f92651ed6cd971970fcd69d5ca00341c4a3c624f

    SHA512

    cd89e3e2d9bacb253ab20029cb11fae189ea431aba66fe31de48cf4eae5580c3e7b03aa7c938b689958bd1dfd7c403307495359643bf13a6b28607e19401bc4d

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\OHYGJ36K.cookie
    MD5

    5c81e7f2e5eea516e59cb93192687959

    SHA1

    46cf857f846ce5f36122e78b0ae857eeb0e806fc

    SHA256

    664dd78cab4abafe728c0ead5a252752e5ad8fb368c146a5f9763e565667e9a4

    SHA512

    aaf22b2bf62143e70953c543fc1a4a7e732354efd4e5da61495786edd5182e52aa609e7b7ddad3fefd1d7365dc4fca60615bb043421901f12496d778633fb01f

    Download Submit
  • memory/688-114-0x00007FF96F290000-0x00007FF96F2FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2400-115-0x0000000000000000-mapping.dmp
    Download