Overview

overview

1

Static

static

URLScan

urlscan

https://albazai.com....

windows10_x64

1

Analysis

  • max time kernel
    115s
  • max time network
    144s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    26-09-2021 16:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://albazai.com.sa

  • Sample

    210926-tkcmyafacj

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://albazai.com.sa
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2116
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2116 CREDAT:82945 /prefetch:2
      2⤵
      • Checks processor information in registry
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2468

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4
    MD5

    53a7664406b0fe72e2d7b0679222d997

    SHA1

    1e85c1a3e41952ce0801b9aae70bfe589e5048b4

    SHA256

    3318669fa9a75cd9975d2393f042517da43e2f9c5749954dd6db75d83160af6f

    SHA512

    4d1dc4e8fe24f6745c2e0a3c71fd8feed30dc8b7438e7f41d4dd5a4fb41d0ce9e623d955dab846d6a5c54d4f37dd63d89102692e4a70f83d8bb56c2a2211e246

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    ce98c91d236b64b56ca87fc7186af2c5

    SHA1

    ed75a894a924e03763b46178ae1a6842f91b7a24

    SHA256

    d28dc7a774741853733d1e6e385f27c910d0b97eda6f0a1ca47580e85c6e484a

    SHA512

    2787eede0e61b8e938a7fc47534b8d2aa31a01920013752bb4877c81e728931b9042a8ef5304b7e919f2e83bc6b1d1726bb1d34888e82f6a0ed4f34512b881dc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\839D5E02D7EF151D7AA95B26011AA171
    MD5

    6e88e3dcde7ded92ef91cb86bcbe00d0

    SHA1

    dd31be81dc8179d0cd829e4420d7d7cbac37b247

    SHA256

    f8e32e9c0ef4ed6f8ce768b8340965d14b34a8e3a2ed361487c6a0259850f8ae

    SHA512

    2058ff38789b1201c90850525f37d9f18bcfb2b8e1342693983151c4e0568edb28495ed45341899414ee4ca75f69fe100ead0cf4621f6a0f14446321c6a28354

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4
    MD5

    74d6c8e920d376bd0bfcf54f79a4c23f

    SHA1

    009145808fbaf9c7d707aec2fbb352ebc3aa3c85

    SHA256

    6434f03b17533f9d064bb87db9df95c8ebb4e1523060202979d575399ab2217e

    SHA512

    14fe5b8880c364a8529751f9b0879d08648db7784eed41ba0d0f13a27c38dcfdd3c298460befa69fdf03f86a8ac96274e08da65473858a5de9ac52ed1dd2e89a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    a3a167ba869dad1f21541185e0fce44a

    SHA1

    d89d6efb41c504f252154ca8bb6348eb677c1e94

    SHA256

    13f50d115ff42832a118ca83b0962e54bb1844c4b015ee37f43085cdd7c77ef8

    SHA512

    3f53eb6e0fd26746e35f14a561b8df41e857c960115e7ee4e866a33b04d27f78ed9565c07727491cb798f5af82d9dbc2c682034153e331753f4d7c111ac40567

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\839D5E02D7EF151D7AA95B26011AA171
    MD5

    d7f041f133cc752ade2a61ca48ef8647

    SHA1

    01d48529509a262bcc7d846dc00ba0dd0f2aa0fe

    SHA256

    abd033918f4139e2572d886f7cc7521094c565757a5f89da1fff385bd167bcd1

    SHA512

    a9d12ed151af18fadef0abfc1d0522b11b62f5a0b469b7f93bb475bc15b70e683d56a9e12aad7c2341c4618eec56a3bbeb44c33c45060b23e82fdbd359cc377c

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\74I5BBQ9.cookie
    MD5

    2066ca8c53d68b33f0dcf0155ab3ea2f

    SHA1

    72086ea4dfd2d1ab675d22ff7522ddc3d2bf6408

    SHA256

    cdd75c68e9f32dc013e4baac82861e526b19f1077ed9c80c5930646b63a1e162

    SHA512

    e611e13d44f2220215d2c795b207cc6265f71e01cd700b7add2ed95cdbdbb1991410c71321416fdd6620eb035e7c067c469261aa5a2bf01ea91d54b7a5017053

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\BW7U6QRF.cookie
    MD5

    96969ae7b447484a248c94babb89f095

    SHA1

    e676673f47fda1714ae934c7219bd5a9cceda76d

    SHA256

    e5f10f7cfc2f3b98536fe386f06e7d34c3c84481694a840de5a8b1be94015491

    SHA512

    9b27abf3c80fef95290f8c5c4d28fc23c6578a9a9e5a933d195333053fe3f1978fe8b3adb74a0a1c51c18c33d3a07340cc0e92adee793320272ce34a526814a0

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\ODF6T9C0.cookie
    MD5

    893b21d363aeae344a82a3591336eec8

    SHA1

    5a8c43c6783d0930923f47f6e22d903e9ee063c6

    SHA256

    5b03e0153462a81ff4ddeec19484fecfce73e226f4d90f584ec9f476a9ec1d38

    SHA512

    0bdd3a8a6a46fc92a2bd5890b4a3bf8464afc829d3500413c378dee8fde0f6101c58af021eb576eea62105f96f66e8f33dfffd5c2147325f467a291c13c2e904

    Download Submit
  • memory/2116-115-0x00007FF956700000-0x00007FF95676B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2468-116-0x0000000000000000-mapping.dmp
    Download