Overview

overview

10

Static

static

URLScan

urlscan

10

http://8ui0lafgkj.on...

windows10_x64

6

Analysis

  • max time kernel
    74s
  • max time network
    79s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    30-09-2021 15:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://8ui0lafgkj.online/

  • Sample

    210930-sk7mmsaac2

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Modifies Internet Explorer settings 1 TTPs 54 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://8ui0lafgkj.online/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2372 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2660

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA
    MD5

    a82ea341b092497dcd9ca799d103e663

    SHA1

    5ef4d50ecee035c99d5b347f6203d70fe1bb30f3

    SHA256

    016bb12b95c627a4524a2bd5abf18836070f5cd065925e64b8880d37774592bb

    SHA512

    55c202e2bd3640547d226774ef68900a28e00277b3235175d3d462d00b24092320dd738f303a8daec545de9159ea4d69a8d6a68016f981c53b28a0b85b7bd1b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    d302a1fb716166b280c2accd4491966e

    SHA1

    9eff2394f8616a4567f3eb895747ddf81fa68207

    SHA256

    ce29369602f384184b8fc7be24fa322fe70da4590f73921eada2cf12774a4afc

    SHA512

    c2b90c30f558518426cd0135a06dfc7d1c986635a9effffa34af80a8adaf566002d17288409b838452510212f774f5b75f2772e4acc20d7b19ad6f99751dc9ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691
    MD5

    c2f9315e025039524fd6bd6f4115a730

    SHA1

    49649564167aa881a06f8f1cd3907aeb54a14faf

    SHA256

    81984c7c749b9d1ba9629d0975cd981654ad5b8142d7d73256000603e60b533f

    SHA512

    abbddf769e5c5960b5f35be73d93480e1a3c800b92f7ef49ba024b05e5192fd69101864a2fb17a59d37c4de31a8df1a10ff820d2a7d89b6e05a826f650824ad2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA
    MD5

    0ba177be5a1b55f073bdcfc9c330f411

    SHA1

    c017401eb9e1b4bd90f76a166fc97a6f2f42983b

    SHA256

    4015a7fc4d5758658b7ff5625de9ec36abc3e3fe9cf4389ebd57f5398915004b

    SHA512

    90699f2e39b5adb20edfdd92eeb5189e17d055c094f98431ade496104f4337535f1c00f5242412a5d30155fc842f24b3debf46572f1cfdf303458944becbc25e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    f0ca6893bea0fd1fd002e6c8c714fafd

    SHA1

    482759e34a9af3dfdb6c1cb90e176e3d6ecef447

    SHA256

    83e8119b681817d6e9211bdad87ebee907494547908bc68359d130b0c20a4669

    SHA512

    e58b5889d49052dad2241ba04e2b0144261f922e55f9d3198963e4417d42dfef02d43fa06e7122f25665af701fb6b55f72a3cf20ee76b5cf31e8e8824ff3d787

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691
    MD5

    526043119ff501962c7d0af0b5b542d9

    SHA1

    a136ef09250c04471a35ed7aed25edf983ef04be

    SHA256

    5258ca8b42b4ca27bd04e8e7344d27c8acbe4ba83c8a151d086fa5218355d115

    SHA512

    79953a3d6a96af350d5c418d5b7182ab3a98b203c91043bce242d71693b789a51a39c74b1e2f03f28c9bb9a66ba6b6882e21d61ae49ba6d094d9b3d071a5cfe2

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\4N4IOKWB.cookie
    MD5

    b864699759d243306654ffeff909de0d

    SHA1

    aead4353250fed4c0a6915e09aa39af37ff65241

    SHA256

    4926117e97814a98ada28ba44b91e14d1fff9733c6f4e3d63c2b413fdf7fe82f

    SHA512

    24abb888428d23c026bc3cd5b63df916512c0ac8c8d2638e38045363ee97e1a17a27544f8439da5cc325f50bc2544b820fe825af9ee92dbd79ffc26239f57f31

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\FSQFF9J6.cookie
    MD5

    d0b7f2f41df4734b334fb5f50d8ce027

    SHA1

    92604a4fd1e2b2f8c213d2df6726d18cec529ed2

    SHA256

    34c3148a7221ac22d6b0c894ab187455c149e05b97b810d013b0fe4426235574

    SHA512

    e311ccaff4616271f991bdd5e16799b3a3dfb1cf14ca86cc09874d50714adcb3f3f701bfe4ff23b2c1942330058290780d2235dee2c3d175af03a93fa5fa32f3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\MFB3DYRV.cookie
    MD5

    c5f0bfc8dd4ee8e243eb0ba8eeda7d65

    SHA1

    e5466421ac9a70bf3bee16e05f23dd2d68b47718

    SHA256

    03ab7aa0be24abec50bbccdf2f99736c6368e4232258cf7423b0b61b09a064d2

    SHA512

    a38665f49cd26d87c3b34447f1aab8b9a09231943013d8d34ac39a5d254a3b946089597b4aecbf4253e1333167c307245686a7d11ca586edf6960169607e8c21

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\YLES0RFA.cookie
    MD5

    72bbd4b50ee85bdb7eb7fe64634d2c00

    SHA1

    14e72fde86e085ef6ed9c8a9d1ba8652c11a91d3

    SHA256

    f5eb221e3a4b91c3228126043ecad2cb7d46f6d7537477a84933cfed3101582d

    SHA512

    246388952db7b02aa442b57c177a74ccfd361f75e7fdf8f834d1f16f436ec341946809dd108db2886dfd2be37c6a50db91e16f3dad138fdd58ef469c8d33e471

    Download Submit

  • memory/2372-115-0x00007FF96EC00000-0x00007FF96EC6B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/2660-116-0x0000000000000000-mapping.dmp

    Download