Overview

overview

10

Static

static

8

URLScan

urlscan

10

https://08863299.sso...

windows10_x64

1

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    29-09-2021 06:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://08863299.sso-secure-mail0454etr.pages.dev/?emailtoken=emsail@email.ch&domain=email.ch

  • Sample

    210929-gyd2psdhfl

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://08863299.sso-secure-mail0454etr.pages.dev/?emailtoken=emsail@email.ch&domain=email.ch
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:628
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:628 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:876

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    7d0c6bc661659858a4aecbf79e7c2c9c

    SHA1

    67e3791ec51fcf1cf7fa8ff3d404266b3f9b4301

    SHA256

    92b4114b5c423fda069592f6675fed5947280306bb67165572926b7cbfb694c6

    SHA512

    9560a8d0f1f1573ddef839bdcea8c5ed8c7b1095fd430cf4915ea1e3a2c916f51c150da5991ec9a99c73a806a4ec2c412699f28e6a8e8d9bd9cc6c0e73ae9228

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    5798d7e62fe4fc34ce56fa2dcc448b49

    SHA1

    c3d3eaaaef2b52ea95c61efe33789ceb1e17eac7

    SHA256

    dc2c16d31abceb5b0bd39461358b2ba7f34573eee0b3a281a781af595ef130cf

    SHA512

    0f0824dd0f7eb4ea22a27a12e9f5518351a8fc2045c754434124367d85a3b66209d5b526699d4c023f2ea14dc86b872c6e0156f34bfae5ab0ccbd9255ef080e6

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\74AX7LAV\N9805QFN.htm
    MD5

    286ec32a447b0ea3404c4c3df32dcd03

    SHA1

    910fba7d799a881ccef82f0656ef07f5f9cd984b

    SHA256

    236c077bc71571633689df6780986079654f1b450c332f5de3d25eb5ef40e9b8

    SHA512

    5f58f5e4d50c2f112b4871b65e221495ab765bd9ab574e178397faa4b555fdabebc877897b31a792279851f0b2814fc2f37180dbcdf4a3a1f3c2988e20661f88

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\MTHXZ631.cookie
    MD5

    223c3fbd46546dbc24c56b4474aea04d

    SHA1

    0c1ce5f82af743f6f18dc66e184f97961cb31271

    SHA256

    ccab59bb7c99c533eaffb3d35ec49b1bd3a0f8a563eb293dc4859d6a3f87a517

    SHA512

    93d3016197c3a45c7b94a7258050c75a2e94b53a0539d4359533642f0d2d038e170020f424f7f4b53cc9a94c577897769dc56da08d770afe2846583c7cde9c60

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\OT37R8NZ.cookie
    MD5

    182fd9d0884fd22404395ddc7d997419

    SHA1

    e28aa7fbe8cd6188789d6e139182432b79dcc4cd

    SHA256

    0aaabab8e59a41aaa8c5fac641d6ac64fc78d4dfb085419c06e7b34508a2acd1

    SHA512

    94648de0f60a4d4fc28b7448e808c9caeed60af637f069274aa0647d32e711c70ee62677c447330477c97c61c4248b874794b1470706512e7ce94ae6c2675619

    Download Submit
  • memory/628-114-0x00007FFF85150000-0x00007FFF851BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/876-115-0x0000000000000000-mapping.dmp
    Download