Overview

overview

10

Static

static

URLScan

urlscan

10

https://mail.signin0...

windows10_x64

1

Analysis

  • max time kernel
    81s
  • max time network
    143s
  • platform
    windows10_x64
  • resource
    win10-en
  • submitted
    02-09-2021 01:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://mail.signin0001.cloudns.ph/session/index.php?email=brem_hill@data3.com.au

  • Sample

    210902-ydgb6xxccj

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://mail.signin0001.cloudns.ph/session/index.php?email=brem_hill@data3.com.au
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:716
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:716 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1956

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    d80eff43ed1461dd2288f795fdf26fb9

    SHA1

    3073b07fa26d6ef6eb2324fa9df4cc88232a6664

    SHA256

    3a1d94cfd99f350f9bec8b0f2e98c6e21b87c66739bbf5cd0acb4af576737bd2

    SHA512

    1da2b2c8069890744757a6a964fa1a9dd5c77b0b74a97602ff6dc09ee6dd10b582e5f0445956439c85fbc146903f96f880c1cf321067d4a585efbd2278adf190

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    61db831e2115622fded86de79c59748f

    SHA1

    203777754da2fada6606983bb2767573e3253055

    SHA256

    e7f6b73a2ce0c291e5768505d26c6c50d865269491d3cc66dfcdf112bc30c3ab

    SHA512

    1d39054c1c10ce3f298148c876b42c6b9d3e86f0e43474ebe28a303b9bc732a482e41695cfde39c829524fb4ba1dd83991e57ab044077c97259326a913f60e02

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KN67CPK5\favicons[1].png
    MD5

    c2d1fe109dc1945530cdd390bb613dc1

    SHA1

    af15fca1a033c4569a0b68fa8878f256251305e6

    SHA256

    56a8b082808e9b01158770164e853dd20f31623c476ff4a03fd99508a7dbe035

    SHA512

    061fdebd50514617278a6d114c314ed2f49d042064a2bcb3772b05294a44dc78f2c3e89fb563af7d645f9fff4590ddeedc62c47de3516123ee5bf0135c3c7be1

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\2XEI56KI.cookie
    MD5

    9a14d1e5f07a9677252d3bc1ed14bf75

    SHA1

    d7fc0a1b4bfa0f134ac4cbdba40bd50450cff626

    SHA256

    d2678a8fadb6f5e99d32e79727bd8ea13798190755a5d4ea3f4db8fa80ec95b5

    SHA512

    0283d663d5758313746770cb359cd3c2fcee2f0132784a80ef62e67eb5588185029481bfae27215cc28b23543f0f23ffd0f39d6366ace0161199582fb2be18ad

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\FVFCGHHY.cookie
    MD5

    d35fd71f77857875fc9a919485ca6ff7

    SHA1

    b9ad2bfad5fee314ddcef2e75e42addbca405f55

    SHA256

    1151b683e4a2b09f8bb0cd7efc267786c09ef4f7fab9d4f21f54a7984ad62a14

    SHA512

    db77070f07b5ff0527eab319c20bc252281b42a0221254f84676094ec8aac856a25e86171374a10fccc063dc9b7a714d321819454be9929542506c657ff96e3d

    Download Submit
  • memory/716-115-0x00007FFBE0810000-0x00007FFBE087B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1956-116-0x0000000000000000-mapping.dmp
    Download