Overview

overview

10

Static

static

URLScan

urlscan

http://hillmag.xyz/

windows7_x64

1

http://hillmag.xyz/

windows7_x64

6

http://hillmag.xyz/

windows7_x64

1

http://hillmag.xyz/

windows10_x64

10

http://hillmag.xyz/

windows10_x64

10

http://hillmag.xyz/

windows10_x64

10

http://hillmag.xyz/

windows10_x64

10

http://hillmag.xyz/

linux_amd64

Analysis

  • max time kernel
    155s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    30-09-2021 23:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://hillmag.xyz/

  • Sample

    210930-3w5mjaafdj

Score
6/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://hillmag.xyz/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1088
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1088 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1996
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 2352
        3⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1052

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    MD5

    ab5c36d10261c173c5896f3478cdc6b7

    SHA1

    87ac53810ad125663519e944bc87ded3979cbee4

    SHA256

    f8e90fb0557fe49d7702cfb506312ac0b24c97802f9c782696db6d47f434e8e9

    SHA512

    e83e4eae44e7a9cbcd267dbfc25a7f4f68b50591e3bbe267324b1f813c9220d565b284994ded5f7d2d371d50e1ebfa647176ec8de9716f754c6b5785c6e897fa

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    a4cce08b623ecdb77857cdaa1747e70d

    SHA1

    655115d30aab97e0f7c23612b3f3b0d1feafc06e

    SHA256

    05f1fc255f3633b63049bed9652367827c7bf03d4d08d1480be6f4b34dd21c35

    SHA512

    148c7a111f68bab048fa4cb39427cf859cf3656996f710472c5d91f8061d164c88eee2df3259bbe9f050b828ebc44f3301d09ac0138c8264a1432d06e55ba394

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    2d8fc792a9c4656d907dd38a8f0851f5

    SHA1

    2c8d83ac4012244896398993f4598666c9a1c168

    SHA256

    da0353c4d2f4e67e72f66ea82a5c346f6df8db64b96c13b587bdc21fb010cd7a

    SHA512

    684c57ae6a91a5a2bdb2787248b2567ebff9d015d4f14878d84708021a6594f70c71fe92a5cda0bc98906d2eb022eeee57aa254a5b2d8bff44a36fdffaea6ac3

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    MD5

    49e0cf67f5d7bf712d7f2fc46cb8eb23

    SHA1

    6de12f3e6b63c3236678243881bfef1254d6e7ce

    SHA256

    f0f4755ee8b1260515fbd0d5587becde4fe7eaa2bc0ec159bb7b7847f2833afc

    SHA512

    5af5372b4b400c182b0c27af37a92a2e02013e641f770794da5293b0e6a3ea2b0f0145bbc2f7fb2ebe768ef392a04564a8a56bc2c6c6fe92467788a8049f8f25

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\EM1YUI1O.txt
    MD5

    8199a9be51f6772e1be6a6366c4ef5ab

    SHA1

    3eccff44bdd1d786cec88e602316a0dd6eba5ffa

    SHA256

    00581321c7d7d5aa8bb61422d8f471194bbf99a5b1c044e83581c3ed0cbbac2b

    SHA512

    fe2f38039df10b83f3a140fd2667a6577d3e9b57f63ae415f05e94bc6b46776ea2d0bd8a909ce10607533e47cba4fd6c53470c42bba46859790c24bbd353bb5a

    Download Submit
  • memory/1052-68-0x0000000000000000-mapping.dmp
    Download
  • memory/1996-60-0x0000000000000000-mapping.dmp
    Download
  • memory/1996-61-0x0000000075DA1000-0x0000000075DA3000-memory.dmp
    Filesize

    8KB

    Download