Overview

overview

10

Static

static

URLScan

urlscan

10

https://www.ayaascen...

windows10_x64

1

Analysis

  • max time kernel
    132s
  • max time network
    152s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    29-09-2021 14:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.ayaascensores.pe/cd/view.php

  • Sample

    210929-r9t76sfbe5

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://www.ayaascensores.pe/cd/view.php
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4648
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4648 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4700

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0E90897EADE112B6D19B599287E9E479
    MD5

    bd487794c5e83ed3c66116bd40b19cea

    SHA1

    0dc655baaecb43827296f9ea511f3af8f8b767e8

    SHA256

    7807ab438ae05d1d800836ef087c6f736e4a2f229eba43a2d33867a91d3591d3

    SHA512

    483d112498fbdce492b4649ebd91841b050378d00f36f3fbfb691e25ba84795e753caa79fa77c336a0c8bbb517d31cdb854d37c4bde5275177d96baa8924de33

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
    MD5

    54e9306f95f32e50ccd58af19753d929

    SHA1

    eab9457321f34d4dcf7d4a0ac83edc9131bf7c57

    SHA256

    45f94dceb18a8f738a26da09ce4558995a4fe02b971882e8116fc9b59813bb72

    SHA512

    8711a4d866f21cdf4d4e6131ec4cfaf6821d0d22b90946be8b5a09ab868af0270a89bc326f03b858f0361a83c11a1531b894dfd1945e4812ba429a7558791f4f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4
    MD5

    53a7664406b0fe72e2d7b0679222d997

    SHA1

    1e85c1a3e41952ce0801b9aae70bfe589e5048b4

    SHA256

    3318669fa9a75cd9975d2393f042517da43e2f9c5749954dd6db75d83160af6f

    SHA512

    4d1dc4e8fe24f6745c2e0a3c71fd8feed30dc8b7438e7f41d4dd5a4fb41d0ce9e623d955dab846d6a5c54d4f37dd63d89102692e4a70f83d8bb56c2a2211e246

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    9f20688c661750ad6dcf06eda97f88ba

    SHA1

    a0c2e5929e9d6ed87ae9d555fd8a1c49cbb984ec

    SHA256

    325486c68075a5858c7fa3bae5e88791eaee7f42546d0436c64d9742d22eae3b

    SHA512

    839b542d80a961ee40effea26f4da8d85e7a1e06e76b5462ad71e853e9554fed9bc1011c3bce03f60a1d5844cd09c194923776507d771a28c8ae47482dfebec2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0E90897EADE112B6D19B599287E9E479
    MD5

    e53873ba2135d925349780f837a5eefe

    SHA1

    93be71f468b9ab78adaaec1dcd29a0f090a95e96

    SHA256

    791ece953c906e64a8c90d2226034223272ad212e48a8464084566d05fe441bb

    SHA512

    05f2406176324b53a790318ffcb7268b4af98f3d09cd3f0bfa58c37c21f92ff7350253b5c8a277b7d111ccf815bdef9227879a3d86d66d9939a2bfe7da087ba2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
    MD5

    21b7cd9245620389fa51d68b8873a07f

    SHA1

    dad345a26b11228f5a07c16d1077940eb182dbb7

    SHA256

    42fe5e65278dbd01cf01d88870914474a36bf148e6028609363a3c1f9f366fbd

    SHA512

    b66da8995c0f658a922f8daecdf533123e279e6ced2b52f90704d48f328cbbffb331d91820e6bdbbb5484bd8ea6b09e5759e2876b5dba52d3824e6a8d7d25e89

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4
    MD5

    72e9c2e1e1e243b8d4f8f3eaea5570c5

    SHA1

    bbf62935cd588148ebb1dcc140fafe25e2d62010

    SHA256

    bb4b93a72f9e566a1d3b10d5e23a5d72a26189726902463cbff812b4f20b8a7f

    SHA512

    6b20bbf97b98814a179cf7a0a5b27880f2c4c8ce9d79c2eaf8ab49a75e44514f19f90060de68d701ae9a11343f4f7661ea798d0897a764d28f70828f2db2fcb6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    e8ec752db56c566091b4e91fd43c8d4f

    SHA1

    5a9a1d2625ead698a606e24a55488b76de10e4b3

    SHA256

    0f7c80a53e7755d6a461628c7221bda8b1ca83657ec5460371b6d3bcc537025e

    SHA512

    73e1678d19c22c7747d0fa1ff26977e45fd14fb013ff0b83ebc0703e9503d80e6f86de899a1239da4f3d14b00c475056e9ef2065a3ec295f2ef21818865cbe0b

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\RJO7LJP5.cookie
    MD5

    8a3f3ffd249d27e8d9715545a098fb92

    SHA1

    716c90825d4d8ebf08f00bc21e620b3a9c110649

    SHA256

    8662cea781bdf36f5e24ac2fe05790587eda3a5654cc55c1ec5f2825f314b571

    SHA512

    0d5e713ac4ce137b085b87f88403e0eafed60adf729ad9e46fbe7409c84cbe71f6ae4e8630e822b4412fc96a4bcd058f9b2a1c7e77b68e40b2d0630005410aaf

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\XVH7MJZ1.cookie
    MD5

    5b4f9f83baedeac8a5b59d66fa7e6a24

    SHA1

    d94f454a5fb6d29fdabba719dff88121e9b9585f

    SHA256

    b0f79797b0811fab377f4ed4feb2036f4b6f1490edfa30f895360c57512e2cb9

    SHA512

    a12e134965f448248eeeabddb20652fe27443d5edd4e3aca5654ca472c715c4a81a8ea76383d784d903d508358bd657b1faadb3e464d8f1bf234d280bd7587a8

    Download Submit
  • memory/4648-114-0x00007FFA6F9B0000-0x00007FFA6FA1B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4700-115-0x0000000000000000-mapping.dmp
    Download