Overview

overview

10

Static

static

URLScan

urlscan

10

https://openmovies.o...

windows10_x64

1

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    01-10-2021 05:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://openmovies.org/cxs3k

  • Sample

    211001-gpk4nabaaq

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://openmovies.org/cxs3k
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2524

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    d302a1fb716166b280c2accd4491966e

    SHA1

    9eff2394f8616a4567f3eb895747ddf81fa68207

    SHA256

    ce29369602f384184b8fc7be24fa322fe70da4590f73921eada2cf12774a4afc

    SHA512

    c2b90c30f558518426cd0135a06dfc7d1c986635a9effffa34af80a8adaf566002d17288409b838452510212f774f5b75f2772e4acc20d7b19ad6f99751dc9ea

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    a3d4e1d822acad40a11ac142631d6915

    SHA1

    761a7a0ff8b8204e370a224b07c0b12c41705ea6

    SHA256

    ae2b9f3ffc878d9311985827fb554ab542779716f6f285deadc9e22b5beda5d7

    SHA512

    e2dc77bab9b4ddab6cd65f82e5ca3f153fd2c4a1afb8b980cbd828594956899178fe2e8f6c897d6191c9071bf1bcd5be7479bd4d738a86eb5ddf2b091b01e3f1

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\9KCVYUON.cookie
    MD5

    f181efa9413f3b8b1b70552c5285b7cd

    SHA1

    4b96116781b3e1e0a0cf19969237e74f92dcd4d9

    SHA256

    30b12ed658d6d7215311c4c238559190f9e3e7f6f776aab39280dcc4494ba6fb

    SHA512

    f8e8ec322c11561d944f76b378b8b6404cc04a17f13dc2e9f8aac3602485ee20f12602df3297991653f5156d36d30061aa29066aff0b71eac275d94820217772

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\JH9RM11R.cookie
    MD5

    6180d47e1dbc97defad3a7b42d089416

    SHA1

    2c00dd22ff6684b9694e702893320cde60d05912

    SHA256

    cf3833e597faf3f15813e53398212e06246da79a49415e6963380399165bffd9

    SHA512

    911abadda4b82cf1cf2f555c22a9df70bbec7a39316e9b4ad2cc6b7b10fbeac0af5afb4316f82ec6a0ad13ab4e4bb8f6c2bdc717f22f6dcd4ebe0b4a4c93b81c

    Download Submit
  • memory/2168-115-0x00007FFBC0580000-0x00007FFBC05EB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2524-116-0x0000000000000000-mapping.dmp
    Download