Overview

overview

10

Static

static

8

URLScan

urlscan

10

https://08863299.sso...

windows10_x64

1

Analysis

  • max time kernel
    46s
  • max time network
    35s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    29-09-2021 03:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://08863299.sso-secure-mail0454etr.pages.dev/[email protected]&domain=mobily.com.sa

  • Sample

    210929-d8zjlsdfbm

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://08863299.sso-secure-mail0454etr.pages.dev/[email protected]&domain=mobily.com.sa
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2060 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2424

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
    MD5

    f4b3b7008b0621c6ae9191147cc92e32

    SHA1

    e0505be068610401787b76fd081568d8d40b711a

    SHA256

    509865bccbfb3719690d1b4a3d7acdeced5b4906c67fb2c1ae0d9caec3074d0a

    SHA512

    7eb75cc871fce15f8496d78f9c27541439f2ed5ca1dbf9737d47e0a7a198ef91a21cb666bd2dd26171466abbdd4cef6109fb76d523782e57d382641c1db1b9b1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    7d0c6bc661659858a4aecbf79e7c2c9c

    SHA1

    67e3791ec51fcf1cf7fa8ff3d404266b3f9b4301

    SHA256

    92b4114b5c423fda069592f6675fed5947280306bb67165572926b7cbfb694c6

    SHA512

    9560a8d0f1f1573ddef839bdcea8c5ed8c7b1095fd430cf4915ea1e3a2c916f51c150da5991ec9a99c73a806a4ec2c412699f28e6a8e8d9bd9cc6c0e73ae9228

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
    MD5

    70e071e859956d4aa1071d9bdef4ef49

    SHA1

    3463e035590257c11cb3608b128bf0ed362c64f7

    SHA256

    ed6fac9f862436556ac4971d9e8d03329a946bdfbcea3f6f64a1a1579669ae98

    SHA512

    f2c0914395d115457e0bc2f0f8fd169b68dfd88ef29017b9d2c1a9bf8e5dc3a41436ed1412e198069c61d9dd1aa4c17f05953e6f3e02cd7106f8db7c293f3079

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    80b30d6b85d788fe09704668eb2a7599

    SHA1

    5fd7607c6853ee173149865e92b0159008d20742

    SHA256

    63b788e335c6626c00975cbe6414237762698613a334ad6edc716711f062a3ad

    SHA512

    ead5f7cb4e2c55366ac24a426e29fcfa4761728427084be2a6eb3083ed0bb025e633833f5904a6893f81674f7dd555970184dba4061e09fe4ebb7afef94e5ecd

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QT2UOKDP\KZ5D7YFR.htm
    MD5

    286ec32a447b0ea3404c4c3df32dcd03

    SHA1

    910fba7d799a881ccef82f0656ef07f5f9cd984b

    SHA256

    236c077bc71571633689df6780986079654f1b450c332f5de3d25eb5ef40e9b8

    SHA512

    5f58f5e4d50c2f112b4871b65e221495ab765bd9ab574e178397faa4b555fdabebc877897b31a792279851f0b2814fc2f37180dbcdf4a3a1f3c2988e20661f88

    Download Submit
  • memory/2060-115-0x00007FFEC6500000-0x00007FFEC656B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2424-116-0x0000000000000000-mapping.dmp
    Download