Overview

overview

10

Static

static

URLScan

urlscan

10

https://bitly.com/3k...

windows10_x64

1

Analysis

  • max time kernel
    104s
  • max time network
    143s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    04-10-2021 23:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://bitly.com/3kVVLq3

  • Sample

    211004-3xpygahdbl

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://bitly.com/3kVVLq3
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:568
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:568 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:988

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
    MD5

    54e9306f95f32e50ccd58af19753d929

    SHA1

    eab9457321f34d4dcf7d4a0ac83edc9131bf7c57

    SHA256

    45f94dceb18a8f738a26da09ce4558995a4fe02b971882e8116fc9b59813bb72

    SHA512

    8711a4d866f21cdf4d4e6131ec4cfaf6821d0d22b90946be8b5a09ab868af0270a89bc326f03b858f0361a83c11a1531b894dfd1945e4812ba429a7558791f4f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    46cbd0a3d1e70a49db77aa1a79dea093

    SHA1

    e7ee6492153fcb7477c0512e14e923532940e066

    SHA256

    678c0747c7616857ed9abc64fa182ae2ff649167f322a11299b1119947f2f651

    SHA512

    8e11310cb6ea27c0aed73c29293fc3336e5445391063bc7e5a8b0443784a5a9919786386d950bdfe6f4e9cefb83f44a0ebeb400ddb1ed2ced0e16274f691784b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CB3321BCEA8CA517A12D95467643AF57
    MD5

    16ad1966820b8910891e560d7d374765

    SHA1

    00bd58e777815ced2b25400dd3cd1769b46bb97d

    SHA256

    9514777bdad21939059a60e276fd9e833a9bff2fe9484c3e7d442f69232c62aa

    SHA512

    bb9231038377e8812f5f9e411bcf25260a154ddbd62d10588b048f6e71767ca8b40e3ed955b48938549ad0684fb4bccc6779214e3c4fff950aa2466b9b7ef6ce

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
    MD5

    e6e8ada3d5c616c30f9233f3e68e377b

    SHA1

    84c51ff956be0adc1081a1c51b119020c7389d21

    SHA256

    9fe1d1e50679ce5f331cd50f959e13a99e534b9e1b6375821a6b9cf6a6003edf

    SHA512

    4a54ec2e8178b0b52badc447aa54c02d2ad97289eb7aa8d3ab0b36ebfafb999db7f24c22ded41e22cb4f44a12a53ab35c86ba1312b799cbb5ac322fe16866fd3

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    0040938a18b97ebbb74fcebc88011dee

    SHA1

    ce60e18f2f9259c0f1a278458929a9f3979be6ff

    SHA256

    e199b426550e678c2363fa32c75002f554894c32113cc6cc885b5ceb3d219ecd

    SHA512

    65211372f5ef562bbc4e0abf8a1216c12115213dd0c7150f2d3103f312592582b3329899c39e55af010c4facd885be558d8144798fb607d9393bfb1af19396df

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CB3321BCEA8CA517A12D95467643AF57
    MD5

    f6b9da2cd5946515be95ea8007315e0a

    SHA1

    96de1ea5f788530ccd6ffe36742296c59245d99d

    SHA256

    e0152600fc7ff918f6ef2a0ae42c86c9e858d8d2a6cac84cfc9d23caafe38fdd

    SHA512

    b0f7e89260609be8480025fa3524efb63e87f9a6736647a8541a95a34c9ec19059cc6fea80219deaa95c8330cc24f1eee77e3f3e556d1073d0c355758a72979b

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\3IU1HACY.cookie
    MD5

    e8b21fbe15107742c14d0fda9a6e7247

    SHA1

    13904af6db2521acae6bcc07b1d742b6af80c84c

    SHA256

    959bd0937dae8bf93951748a24c3967e1dbba6ac7806fca944724c92f9126a77

    SHA512

    abe4dd953e240fe1b86847431066727d0648b96fb86bd7a8aadb27f7e8e58350f4034c291f8ecc78462a009828787fd8457e281b2ec2c760c6648f3fec2e35c4

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\F9LL55BI.cookie
    MD5

    ba6c3a81bbeb47ac3d8a821969b3c044

    SHA1

    69b56396c7831296ca1b24a6dfb29bafc11ad32f

    SHA256

    be4b7f26e469903e55cee9a46aa63d47986b97a10e64f5a2d5ecdfe6a9d2bae8

    SHA512

    f3b308f39110abaa8609f37203c9a0109cb9109f04a6cf68b047019570b14eb5a46d5f91b64bd08b3b787d68d6fff6cfe6a60912d155d5e2d5a4023102894eda

    Download Submit
  • memory/568-114-0x00007FFCC2F10000-0x00007FFCC2F7B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/988-115-0x0000000000000000-mapping.dmp
    Download