Overview

overview

10

Static

static

URLScan

urlscan

10

https://hiddenpayche...

windows10_x64

1

Analysis

  • max time kernel
    38s
  • max time network
    42s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    30-09-2021 09:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://hiddenpaycheque.ca/ekw5p

  • Sample

    210930-k3sbnshae6

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 21 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://hiddenpaycheque.ca/ekw5p
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:808
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:808 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:476

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    d302a1fb716166b280c2accd4491966e

    SHA1

    9eff2394f8616a4567f3eb895747ddf81fa68207

    SHA256

    ce29369602f384184b8fc7be24fa322fe70da4590f73921eada2cf12774a4afc

    SHA512

    c2b90c30f558518426cd0135a06dfc7d1c986635a9effffa34af80a8adaf566002d17288409b838452510212f774f5b75f2772e4acc20d7b19ad6f99751dc9ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    bef935a48740f0eceff2d666c9bf230a

    SHA1

    0ef048a41c1bf5f7aee2f8c6e31097327ab375ae

    SHA256

    50627f2e9a842b0e54e586d116682f542ba9dba7efb6f6863da44a0409cfd583

    SHA512

    377fd547c2033243f097dc8268b6e4f652cf62be21337d3d34e7ce5490c0d68e398125e609dee895b4a8106eb380495501a073681299875a73ae7e2ba6cb4fc1

    Download Submit

  • memory/476-115-0x0000000000000000-mapping.dmp

    Download

  • memory/808-114-0x00007FF91F650000-0x00007FF91F6BB000-memory.dmp

    Filesize

    428KB

    Download