Overview

overview

1

Static

static

URLScan

urlscan

http://ntv-play.com/...

windows10_x64

1

Resubmissions

24-08-2021 14:49

210824-aq597d398e 1

16-08-2021 19:12

210816-ehaj4hbq12 10

Analysis

  • max time kernel
    303s
  • max time network
    383s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    24-08-2021 14:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://ntv-play.com/video/04169823/tls/console-play.exe

  • Sample

    210824-aq597d398e

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://ntv-play.com/video/04169823/tls/console-play.exe
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3904
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3904 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1288

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    5b840cab2bb3e8cd4ace68e0ec72b345

    SHA1

    3f4cd7f77d7265b470a95333aee0ac07dd15d8e4

    SHA256

    6cf506a2c3664038549a88ab016bf602ef5ed264a749ca0583126fe241efebdf

    SHA512

    3ac7a7e94290f49154792572cc0850ac5fc5594f052c72d9c5a434fa34ce413d53e4ced220dbb08299f681d140e41ec5272aa864ba90513549871bda4f721ea9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    7ea817a9fa324435854a2f160a60bbc5

    SHA1

    08d66f0ad23ab6115f3dbb02d595f757a173c2c7

    SHA256

    1584b69860a189c2bfa32193dd65baa1bfa29c08adffa64ac2d75a7f4844a96a

    SHA512

    c90b3368783cd00a20128489e5ef6830ac86a6a5b588cd6d84d36a95184e62b33bac3607298af742276eb0a4e8086455737e65179903d18f1e07eb33be3dfd9a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\P7QKKF8M.cookie
    MD5

    f796795eab6b75d15265fa5b57a27fda

    SHA1

    95feda1f4058d29602b17ee901732f9f1bceab92

    SHA256

    cf5ad410b74db0ec3b11917e6ff091a7dcf9b36fd18bcea182b65eb78c748d03

    SHA512

    4609b857d602b7080da5cf271f7281ea9c9dfa8454ff92cfc535404e23a94210c6036898f6c3c8800db2ef8507594349c2da769d4de5d31624dbc7364d4ae4f6

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\YRRQFP45.cookie
    MD5

    72362be6b9a8a7201f07b6c9930ee661

    SHA1

    2ed350e425d7cce60d862c0d5fc64b1fb8b71fe4

    SHA256

    62c6131982c329c6a3da41ea9e5e2ad358e568103a286df090cda76cd96f9c3f

    SHA512

    5dc3fd603bf27afee78f6adbe72a35bf2b1703570af801373a1027ac59b9615c7a41e8c40b38690179acd0887834871a50fc42bfec12d5d442e9d59a6a9add81

    Download Submit

  • memory/1288-115-0x0000000000000000-mapping.dmp

    Download

  • memory/3904-114-0x00007FF85B690000-0x00007FF85B6FB000-memory.dmp

    Filesize

    428KB

    Download