Overview

overview

8

Static

static

8

URLScan

urlscan

https://smclt.imas-v...

windows10_x64

1

Analysis

  • max time kernel
    116s
  • max time network
    144s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    27-09-2021 06:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://smclt.imas-vmi.lt/outlookapp/auth/[email protected]

  • Sample

    210927-g5t2hafhd4

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 50 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://smclt.imas-vmi.lt/outlookapp/auth/[email protected]
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2332
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2332 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2708

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    ce98c91d236b64b56ca87fc7186af2c5

    SHA1

    ed75a894a924e03763b46178ae1a6842f91b7a24

    SHA256

    d28dc7a774741853733d1e6e385f27c910d0b97eda6f0a1ca47580e85c6e484a

    SHA512

    2787eede0e61b8e938a7fc47534b8d2aa31a01920013752bb4877c81e728931b9042a8ef5304b7e919f2e83bc6b1d1726bb1d34888e82f6a0ed4f34512b881dc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    9e8e03253b44fe3157d60fe4de46627b

    SHA1

    d60e2484e351e5c9a581e5e356b9a075157385e9

    SHA256

    fa39b5d2beaded910494fac71c6c2b60a74efc20966fc395cf4f1110e2f8cee4

    SHA512

    839e410cad2b381240e0b8f691da9d114c9b6c5b5a8fac1d8f1750d0f1d3b94743c261a80adce918936914b4e3536525e9cde4b267165fc558832b21a9c11f21

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\GHT4NM39.cookie
    MD5

    0b225b576eb76ccbec770ccc057221f3

    SHA1

    8fdce411389177379797071c87ed59119c41b454

    SHA256

    8ae2b7cd794ae81466f4fd49f3aa487099432242706c5f20791bfe2e8375e289

    SHA512

    d79be6d165f3bc2cacb00d4cf29f88ec3cd44e0a56de60e8df027b4e9aa7e793aa2f578101a37e5b871b492a565f99cfbc72851fd49019442a773237cfcbbf6f

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\I3Y2BMDD.cookie
    MD5

    c7036ade1b2a7b6f406b989250ad423f

    SHA1

    64028d5715c8e10b04c8d46f3426c8f7640bcf38

    SHA256

    e277909d8e9b63643d3a0ba0e1f14cb3be71965eb8600b3f846a93aa7d0a7dc7

    SHA512

    40969418ffa26c6d86a7d917cc7b3b31d12b90697191c19a4f63d755f12b1f879de64c9cb3163d06ee30c0ad184d624702c5f8ef5756a0f1042e3fa8a1dca271

    Download Submit
  • memory/2332-115-0x00007FFA803B0000-0x00007FFA8041B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2708-116-0x0000000000000000-mapping.dmp
    Download