Overview

overview

1

Static

static

URLScan

urlscan

http://sra.appspot.c...

windows10_x64

1

Analysis

  • max time kernel
    93s
  • max time network
    142s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    26-09-2021 14:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://sra.appspot.com

  • Sample

    210926-rcb1bsehak

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://sra.appspot.com
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3704
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3704 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4312

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    ce98c91d236b64b56ca87fc7186af2c5

    SHA1

    ed75a894a924e03763b46178ae1a6842f91b7a24

    SHA256

    d28dc7a774741853733d1e6e385f27c910d0b97eda6f0a1ca47580e85c6e484a

    SHA512

    2787eede0e61b8e938a7fc47534b8d2aa31a01920013752bb4877c81e728931b9042a8ef5304b7e919f2e83bc6b1d1726bb1d34888e82f6a0ed4f34512b881dc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    e9816be40a8ad293d84ba126031705b1

    SHA1

    dc1249025fb6a9c048f4dc1a2fc166449bd227fd

    SHA256

    e694916250d314c08fbe178a31c2d41fa99f4f0f491ee239f80856fbbb7e30d9

    SHA512

    50fb060471f86fbc1e2ea130c9a6f4a4d0bd618a9e2af73b5eac5986ea87ffe424418bfaae916a1736c6118a22a78941347a0116741ffbbc42a4399bd320db83

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\8FT6NFSC.cookie
    MD5

    eb491d913e2958e8d93864022b03b9c5

    SHA1

    f02e3436306611292ac823161ccbf96079a0c33e

    SHA256

    6db0dc238b0841cedc5206761c66f0dc51f1942c95ebc67a71da8826a67a47f7

    SHA512

    35cf7f6f17194b14e27c1b392709dbd49f1e1bdd1f595a25d8feb3b6cdd1fe1c2cc9694790a4630a9e65c44e4e3908b7bc565b169f22e66d8babbd9cf425aa8e

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\JBX0VIVK.cookie
    MD5

    64131cc3de5229b08b4ec9c4abdfb9f2

    SHA1

    e92b6d6df5e7b057954410fb55cd777a41a8b542

    SHA256

    68c79122314382b0cb341c2e591bedf697f7728f90de59ca2225b9fa04bb2cae

    SHA512

    063834288c72bf716885bb739951ed417455500a721642f108880f1802e41273ceff9d3379d1f04a407b6b7bdf5bb8239f3458b4b4e2cdce73f30ec26481ec5e

    Download Submit
  • memory/3704-115-0x00007FFC06750000-0x00007FFC067BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4312-116-0x0000000000000000-mapping.dmp
    Download