Overview

overview

8

Static

static

8

URLScan

urlscan

https://team.chadkra...

windows10_x64

1

Analysis

  • max time kernel
    74s
  • max time network
    152s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    22-09-2021 14:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://team.chadkrause.com/vendor/phpunit/phpunit/src/Util/PHP/Template/vc/ugi//flcybgpeuexjzv46rfqqx0hk.php?i3i6H3163232003734294144611cd4a19b656e6dc0d7f45634294144611cd4a19b656e6dc0d7f45634294144611cd4a19b656e6dc0d7f45634294144611cd4a19b656e6dc0d7f45634294144611cd4a19b656e6dc0d7f456&[email protected]

  • Sample

    210922-rlt79schg9

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://team.chadkrause.com/vendor/phpunit/phpunit/src/Util/PHP/Template/vc/ugi//flcybgpeuexjzv46rfqqx0hk.php?i3i6H3163232003734294144611cd4a19b656e6dc0d7f45634294144611cd4a19b656e6dc0d7f45634294144611cd4a19b656e6dc0d7f45634294144611cd4a19b656e6dc0d7f45634294144611cd4a19b656e6dc0d7f456&[email protected]
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:640
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:640 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:476

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    6184b0e7016067db51a6ecf5f3fec69c

    SHA1

    d95dc8253b3f7ee8eab391a9933de56929b7b9a8

    SHA256

    f0310616d9b89c76451b430a7849df7d6de967e7be98d4db98b18b13fd0d4c24

    SHA512

    1d5a39ff7c1a9896999b5a571ac198c8c7c667737f9970d1b81c49b6d20925bc800df7b5f2cc890a079646bcf8e7aba25934018e55cf555d1873f0f19dbf05c2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    d665c093f04dc9d115e0f351b0ca365e

    SHA1

    6ad2ec43673a8ca72ec48bf6c79dd4ccad06a2d9

    SHA256

    c9be1819c28f448d8a77dc8c8df7d5329a470a0e2deef710f4d84823e1fd1a13

    SHA512

    8619d1fe5a2dbc2a06f1cff319df22cd4e51922682fa9f8473cc301d0aa104ff730bd2b76b1b148d58c6d404c3327401adc2536116f38c607e1755503ea57a3f

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\O8H5FI86.cookie
    MD5

    a6552a10aa849273afc644cc042f00ca

    SHA1

    023f03501f4bd14bfa91950f5bdd188726627290

    SHA256

    2bd81be20ac4dcaa0762049289a7b31fa4b5b7c61af46009937101d6b97de072

    SHA512

    5ed6e4c7149286507b81f41fd4733d328c8ad0fd9ee07b950e7feec0bfca73362585888aad36c960a0ebe79a57835be0d09eaba4698d73301a35c93ed95d9b65

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\T7CTSXI1.cookie
    MD5

    e64e01d5269e2b4b60f19c6492007f50

    SHA1

    b306ec66243d6f5f20b699b63f359533e35d3fdc

    SHA256

    698467355d7cfd141a7578ad29310a505c162fb999690cf74295ee76792d88f3

    SHA512

    861280ee1fcf5a00b375337efa3765fb4e3b4fb78cf7c9c962e485f7a5a7f88ee8dc991f3027111bb6d0e804f6a57a9c14319efdc249e11649988623a91cbfff

    Download Submit
  • memory/476-115-0x0000000000000000-mapping.dmp
    Download
  • memory/640-114-0x00007FFDD6DA0000-0x00007FFDD6E0B000-memory.dmp
    Filesize

    428KB

    Download