Overview

overview

10

Static

static

URLScan

urlscan

10

http://8ui0lafgkj.on...

windows10_x64

6

Analysis

  • max time kernel
    72s
  • max time network
    74s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    30-09-2021 15:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://8ui0lafgkj.online/

  • Sample

    210930-sn192aaac6

Score
6/10
microsoftphishing

Malware Config

Signatures

  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Detected potential entity reuse from brand microsoft.
    phishingmicrosoft
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://8ui0lafgkj.online/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1832
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1832 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4076

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA
    MD5

    a82ea341b092497dcd9ca799d103e663

    SHA1

    5ef4d50ecee035c99d5b347f6203d70fe1bb30f3

    SHA256

    016bb12b95c627a4524a2bd5abf18836070f5cd065925e64b8880d37774592bb

    SHA512

    55c202e2bd3640547d226774ef68900a28e00277b3235175d3d462d00b24092320dd738f303a8daec545de9159ea4d69a8d6a68016f981c53b28a0b85b7bd1b4

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    d302a1fb716166b280c2accd4491966e

    SHA1

    9eff2394f8616a4567f3eb895747ddf81fa68207

    SHA256

    ce29369602f384184b8fc7be24fa322fe70da4590f73921eada2cf12774a4afc

    SHA512

    c2b90c30f558518426cd0135a06dfc7d1c986635a9effffa34af80a8adaf566002d17288409b838452510212f774f5b75f2772e4acc20d7b19ad6f99751dc9ea

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691
    MD5

    c2f9315e025039524fd6bd6f4115a730

    SHA1

    49649564167aa881a06f8f1cd3907aeb54a14faf

    SHA256

    81984c7c749b9d1ba9629d0975cd981654ad5b8142d7d73256000603e60b533f

    SHA512

    abbddf769e5c5960b5f35be73d93480e1a3c800b92f7ef49ba024b05e5192fd69101864a2fb17a59d37c4de31a8df1a10ff820d2a7d89b6e05a826f650824ad2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA
    MD5

    998071119a140b519c87feff9c3c75b6

    SHA1

    4cea3dadc7b149130d3ff901037bf6bd15dd12c4

    SHA256

    5852a278e6a254236e696ab53229218952600a624ac4774adaa4767b34a00992

    SHA512

    9e140be7d462aade55917e41195b87b7be80f609ad32e1e7d26487c9278a2dc7601287fe8957414c5c29159c1a84d0d32d692f3d7e41ab819c36dafaf8c3c441

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    6809ce89483e9eb3b98c4528fc8d95fd

    SHA1

    4371f88d74f70f11a2693499a52f23fa1a0834ae

    SHA256

    bc4a68100acca7e4784bab71865b2186812b4a38241c290668624d9573c9c589

    SHA512

    46b13faba2845c2b5beac3cd2344e032053b6f8581148a68796699c630d0eeefa9d1295086ee9c896b346f534bec9b660583013a854b602cbb197236c00ac634

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691
    MD5

    c77be679bf555405d89cd444b019dad9

    SHA1

    d785122e3a0ed5ba5ac109669188692dad86720f

    SHA256

    18b2a6ddbdef685748dd6ca7216c1e274321d65cb3cc0af52911b69865a1129d

    SHA512

    b4ef02278d72ab03144d7b4b4b8a3cea096c86cb1a31d48a796d6e7a984b1834784c3d1ef7ecde261163f2fa3f72b62be2225270a7007f6e5916a38ccf99d95f

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\AYZ1ZD4N.cookie
    MD5

    9802084355c884e61d378eaef66b3545

    SHA1

    b698e89686cd0564e7577cfa46a86503a66d08c6

    SHA256

    bd4a9167d966e8eeafe55424b0e9e9ff5adcbd41e2bb3ebd8d3c8ebe0eb92fe9

    SHA512

    4104edc4668343604e2b66b1a289565351a916af43db820d2f503fe5678dadd7e4452470ca3bf14f1151fc2119156c8031623ec24b5d14c9ae6c9e1102e4de21

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\FMR8O0FE.cookie
    MD5

    a8e0c9b500d709d2ca82e6b36cfb4c15

    SHA1

    67d952d89236f7f76481e6452e61a99b64663196

    SHA256

    5d67b65d24b7435d8dbcca185a5668e5ad19131ca9ddec0900c41c777b7610bc

    SHA512

    b8f7923fbe465dfe1eeb3ba324b8a77cb1926c78e7c5a243491eab66cc15d2a19330dec50c21706cca24550f6f74e97f63588115f448e6e5754824137250bd5c

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\Q2L78LQF.cookie
    MD5

    18f34adcb5193dc9e52f8c047882966f

    SHA1

    bb77a573799b1cfe8b44eb0b568c41a33980b594

    SHA256

    575f9cc2fc017fc44259bea3afb8b98dad462d8aa8cf2f6d3c4e14eebe931c62

    SHA512

    09f15c768577642f510e69668285b5774397bb62bcbb24e7089e4435ffdd1549618f1b79580b45a040f0c16b19ccaa7ef8d26f00b26bb045068b13308b30dc4b

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\TQEBO0MU.cookie
    MD5

    60a21091c25c44ba2d24efa0be0ae523

    SHA1

    88ab82737d128899a7269c5b96283f81abb2a975

    SHA256

    bd03973ae8fd8a014a36e5a648d30a9bd8f564916ed945859b4004e56272f1c1

    SHA512

    371a2b3e3dee71c7dfe4744f8fdc25610066c73965ea2e65c941184b4334b363cd518a01ad2e8c651aca26a4a3f5260ac6915c13321f1829051d22a265ebe0bf

    Download Submit
  • memory/1832-114-0x00007FFE0EAB0000-0x00007FFE0EB1B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4076-115-0x0000000000000000-mapping.dmp
    Download