Overview

overview

10

Static

static

URLScan

urlscan

10

https://0sgm6.mjt.lu...

windows10_x64

1

Analysis

  • max time kernel
    144s
  • max time network
    147s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    04-10-2021 23:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://0sgm6.mjt.lu/lnk/AUYAADwj6a8AAAAAAAAAAAAIyIMAAAAAAtoAAAAAABoxEgBhWx_P2lTiF8zmQmOXR8JoQiDkRgAZR5M/1/UNpQ4f0aztsCa8ZSiEeRHg/aHR0cHM6Ly9hcmFic2FvdWRpLXNwbC04ZTVlMzEuaW5ncmVzcy1lYXJ0aC5lYXN5d3AuY29tL3NwbG9naW4vbG9nZmluYWw

  • Sample

    211004-3jqylshba7

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://0sgm6.mjt.lu/lnk/AUYAADwj6a8AAAAAAAAAAAAIyIMAAAAAAtoAAAAAABoxEgBhWx_P2lTiF8zmQmOXR8JoQiDkRgAZR5M/1/UNpQ4f0aztsCa8ZSiEeRHg/aHR0cHM6Ly9hcmFic2FvdWRpLXNwbC04ZTVlMzEuaW5ncmVzcy1lYXJ0aC5lYXN5d3AuY29tL3NwbG9naW4vbG9nZmluYWw
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2384
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2384 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2672

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    46cbd0a3d1e70a49db77aa1a79dea093

    SHA1

    e7ee6492153fcb7477c0512e14e923532940e066

    SHA256

    678c0747c7616857ed9abc64fa182ae2ff649167f322a11299b1119947f2f651

    SHA512

    8e11310cb6ea27c0aed73c29293fc3336e5445391063bc7e5a8b0443784a5a9919786386d950bdfe6f4e9cefb83f44a0ebeb400ddb1ed2ced0e16274f691784b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    d4ecdbd63a27399a5a06dfbca97d2b01

    SHA1

    adbc43202475a25bfb3ed84b646eded81c903984

    SHA256

    62d50da06a9b23cb42603f4dfea9b119fc2a89bd74973ffe2f2e80450bec61be

    SHA512

    affaabc424d3358c40f3cfbae094442b42995747ce3f0da8df6b3eb7537dbc5b64be5cb3d908485401b0ebd4bf470819fab56c336a9b6a4d7f5606a4d8a23ebd

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\3ANK90WW.cookie
    MD5

    25dcc83c61d0bb6efbd62e9ff4985d6c

    SHA1

    aa201cd56f7e0b4ac851bbbb5acb1ebcf500c2ee

    SHA256

    ad684661d45e88cc8190a5061ecc8a9e105b4260dae1b425e7a5290632f13cdc

    SHA512

    2a2dff50d3b5b6ba6d15aebb4b46a98966888baa79d4c79f5415606a439e66fa7951385e2be203b40accde3404beb2c740e14fce742fbbf0067f1e67e535fa1a

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\XUWEAV9A.cookie
    MD5

    4d23facac50190961cbc2efcc8461b8b

    SHA1

    873828e2757d7e72cec1a535ce528d7e36f97278

    SHA256

    442f27099bfed41f0870d56a4369d2f6bca5924f5e729af4298f95e7383e5a42

    SHA512

    89fc15d959b1836c7e3a658426c789d51e40752c8de8b4467bbd323e36eb7dc04d6b3ab12c534a4b5f3c06054d465c31a1883be013438a8926280a6475bbfafb

    Download Submit
  • memory/2384-115-0x00007FF96EC00000-0x00007FF96EC6B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2672-116-0x0000000000000000-mapping.dmp
    Download