Overview

overview

1

Static

static

URLScan

urlscan

https://proxyen.com/

windows10_x64

1

Analysis

  • max time kernel
    210s
  • max time network
    201s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    27-09-2021 01:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://proxyen.com/

  • Sample

    210927-b1f17afddl

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 57 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://proxyen.com/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:672
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:672 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:392
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2016
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2488
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2488.0.1603590810\1872021167" -parentBuildID 20200403170909 -prefsHandle 1476 -prefMapHandle 1464 -prefsLen 1 -prefMapSize 219680 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2488 "\\.\pipe\gecko-crash-server-pipe.2488" 1608 gpu
        3⤵
          PID:1416
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2488.3.1120011318\1733217078" -childID 1 -isForBrowser -prefsHandle 1100 -prefMapHandle 2040 -prefsLen 534 -prefMapSize 219680 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2488 "\\.\pipe\gecko-crash-server-pipe.2488" 2268 tab
          3⤵
            PID:3868

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
        MD5

        480e93666bd6483858e479a1e3b128ee

        SHA1

        a90da9fa61ec5ebfb9fb4f38460d8b6ffea07294

        SHA256

        d0062e71da6d3299a397304f1432891e5e6110c01a6f9d759ccee35cd5720e38

        SHA512

        e5eb5906abe3613876704fd267f5ed80c9f7ac1f3de1b51a2edb049fcec17903c46cb372a7172c91167f66420c296fc672cd1fc95285ee837209634cf4916aaa

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        MD5

        ce98c91d236b64b56ca87fc7186af2c5

        SHA1

        ed75a894a924e03763b46178ae1a6842f91b7a24

        SHA256

        d28dc7a774741853733d1e6e385f27c910d0b97eda6f0a1ca47580e85c6e484a

        SHA512

        2787eede0e61b8e938a7fc47534b8d2aa31a01920013752bb4877c81e728931b9042a8ef5304b7e919f2e83bc6b1d1726bb1d34888e82f6a0ed4f34512b881dc

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
        MD5

        77d24a5165bd1cf27135b9795222f7a6

        SHA1

        ec35228651df186e119b1e42b60580adab83aba5

        SHA256

        d728d1cdcd9c4be7a25421adcc442d10140b9786d7710abf8f7279913f2d02c6

        SHA512

        dbd1c9cebf8ddf11752d6a430f0d4d1934a176c7a05916b6563158115c96bc10f7fff130ddac75056733cbdd4c32bd3b32c9c6efb02d23c3ffad1f3c318f6d4c

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        MD5

        93e5465fe3d3985a5d7a7bd1f863ab87

        SHA1

        57a5d5b9d991b142b8a152d51bc2665836e307ec

        SHA256

        30cdbd076bc2dedeb7804462551d0040ecbd3916715d7029ffc13839d6bb56ab

        SHA512

        acf44ff0a7b622b82b64541b062abcc8008f11568de88bd4ecc0614ba4bdd523da25a972afd9cbc86a38456cf7afb6b3598cbd3e65284f4217683026ed7b6179

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\O2QPHZW1.cookie
        MD5

        482a56ded889ac72d4f018b032619818

        SHA1

        f2a0b1f33244bb5ec9bd6a71183f07eedb8846f8

        SHA256

        4518aee14bc063d9b7aaa0e46ed31c742f33a48183705b01dae5f6d8e65e06fe

        SHA512

        28196ad76754571bff34a7a7e607e27f3edd4b0dcf84bd26ac48e037c72aeedda8ff1de0aa37be52289056456e59baf84511657b223444baed072a7ddf4c3b2f

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\QZ45HZER.cookie
        MD5

        e4fff1f6ec068b47d099b34f0bb14678

        SHA1

        d5329b228b19d7e9d0987f971df594be6997cacb

        SHA256

        1441005d20037910b3d2cc19e6fed931e15fc3bde9aee7c3f40c2fcc93e3933e

        SHA512

        02dec6d2851264577b6c69910a3cdca619f0539ec789b176d656c1a303314983e9898daf044a6628dcff902508b6742ce2ee486cc8a2bdad1a6ffa2889831cdf

        Download Submit

      • memory/392-115-0x0000000000000000-mapping.dmp

        Download

      • memory/672-114-0x00007FFD272D0000-0x00007FFD2733B000-memory.dmp

        Filesize

        428KB

        Download

      • memory/1416-349-0x0000000000000000-mapping.dmp

        Download

      • memory/2488-118-0x0000000000000000-mapping.dmp

        Download

      • memory/3868-661-0x0000000000000000-mapping.dmp

        Download