Overview

overview

10

Static

static

8

URLScan

urlscan

10

https://e4ff557e.sso...

windows10_x64

1

Analysis

  • max time kernel
    31s
  • max time network
    34s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    30-09-2021 01:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://e4ff557e.sso-secure-mail04wtwdw4.pages.dev/[email protected]&domain=redacted.com

  • Sample

    210930-by1mtagbbm

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://e4ff557e.sso-secure-mail04wtwdw4.pages.dev/[email protected]&domain=redacted.com
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3572
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3572 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3828

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
    MD5

    37dbaf0c1c892f266bb47e267169e6bf

    SHA1

    186be5e010bb3b45cdcd2d3a44333f4f3af44b7c

    SHA256

    102fc92235beec91291f0daaa2c554c5159e5f87b51d4fe1d58446409de87a41

    SHA512

    b205b73477a02933260ffe313b6bbcf57c1f7971fbeaa8d08f0a67f73fb6c01204dc6954595f0ae629e31d0c8f2722c2f4bf7ceb9753730771999200c2f186b4

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    9f20688c661750ad6dcf06eda97f88ba

    SHA1

    a0c2e5929e9d6ed87ae9d555fd8a1c49cbb984ec

    SHA256

    325486c68075a5858c7fa3bae5e88791eaee7f42546d0436c64d9742d22eae3b

    SHA512

    839b542d80a961ee40effea26f4da8d85e7a1e06e76b5462ad71e853e9554fed9bc1011c3bce03f60a1d5844cd09c194923776507d771a28c8ae47482dfebec2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
    MD5

    9cc2e6fd60d309e12eaa8010906e6457

    SHA1

    0d0bbb2ab8a4ca72e404df2ae248c062c8a18837

    SHA256

    7fde1d271b5c7041b9eaf8cc84b8514def47650b29cf065b0ca419faac14c099

    SHA512

    5d03e6d4eb7e5a5dca61524cca22d1ebc5ac03102973b5ee500965bd7b15a020b32396bfb4435b01529eb1db8672a4067fd4099a2adc12e90b261f727c0d3d5b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    5c918812e55f0220292b7d22e262db2e

    SHA1

    00dabb67a66a2ba47cac05e00c34788838dbd627

    SHA256

    a8b544517ae665627d0d33df0fa5e8534736dbac16b75eb0907cf2df5203e20a

    SHA512

    be180fa630b8bf9d2740ab8f3a03c43f1e2ee6ca3ad41c11cfe9690fab9345476c207d88730dde53e19ec954177a110809453e947d6477a150b45b15a79c9ebf

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QT2UOKDP\QEO691KK.htm
    MD5

    286ec32a447b0ea3404c4c3df32dcd03

    SHA1

    910fba7d799a881ccef82f0656ef07f5f9cd984b

    SHA256

    236c077bc71571633689df6780986079654f1b450c332f5de3d25eb5ef40e9b8

    SHA512

    5f58f5e4d50c2f112b4871b65e221495ab765bd9ab574e178397faa4b555fdabebc877897b31a792279851f0b2814fc2f37180dbcdf4a3a1f3c2988e20661f88

    Download Submit
  • memory/3572-115-0x00007FF9961A0000-0x00007FF99620B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3828-116-0x0000000000000000-mapping.dmp
    Download