Overview

overview

10

Static

static

URLScan

urlscan

10

https://rabobank-aan...

windows10_x64

1

Resubmissions

04-10-2021 15:09

211004-sjnhdagfbm 10

04-10-2021 14:48

211004-r6lrmagehk 10

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    04-10-2021 14:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://rabobank-aanmelden.trusting-bell.155-138-247-52.plesk.page/scanner/

  • Sample

    211004-r6lrmagehk

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://rabobank-aanmelden.trusting-bell.155-138-247-52.plesk.page/scanner/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:672
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:672 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:492

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
    MD5

    54e9306f95f32e50ccd58af19753d929

    SHA1

    eab9457321f34d4dcf7d4a0ac83edc9131bf7c57

    SHA256

    45f94dceb18a8f738a26da09ce4558995a4fe02b971882e8116fc9b59813bb72

    SHA512

    8711a4d866f21cdf4d4e6131ec4cfaf6821d0d22b90946be8b5a09ab868af0270a89bc326f03b858f0361a83c11a1531b894dfd1945e4812ba429a7558791f4f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    46cbd0a3d1e70a49db77aa1a79dea093

    SHA1

    e7ee6492153fcb7477c0512e14e923532940e066

    SHA256

    678c0747c7616857ed9abc64fa182ae2ff649167f322a11299b1119947f2f651

    SHA512

    8e11310cb6ea27c0aed73c29293fc3336e5445391063bc7e5a8b0443784a5a9919786386d950bdfe6f4e9cefb83f44a0ebeb400ddb1ed2ced0e16274f691784b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E5BEE32B2BBBE314C3EDAFDBAF2FF011
    MD5

    0eb9f2a6956e58083ee21b6ab47efdde

    SHA1

    36679cb40136caaae6eaf2e90de453b71a40200c

    SHA256

    34dba407483138a7a215ca70c1b2af319b77493f5ee496478cc7b294de54f829

    SHA512

    398c2042bc02ee0aeb3135f084e5ffc1c2995c634c75a3ecda822b222b101ccbb5cfab78947c91dd7cf6808620a78ddaec45692630ecee7869972699fc511828

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
    MD5

    80cd60fed62be3b8db13d5761c2bbe6b

    SHA1

    598b54b84841dce0ccee982c77afebb719678439

    SHA256

    398953ad1fdb7176f17d2784b571fc87714aa9f3161aa60312f9abe9fb8bcb58

    SHA512

    b7ddd8d247a515c325d26836254285b2ca61a8fe26cb7c804fc4645509cd9be8d3d0c74d367cdebb7a94cc98c6ddf1c67bdbe73e261bef13161c6588e37c01b2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    19927c48c38f7c13b4281e0f9a7f1dc0

    SHA1

    089d40d58049bf09e8ab15e984c8fff01ffb7039

    SHA256

    388193385bd3ce1f3aee2f8ad938e2869a2010fdf7dcb8c6e9a81d126764fa03

    SHA512

    b3f4658f276fe6b1b7234336dc363cd2605b00a4c4661e932d1acf22623df82efc99a7d66a3d427a00df75b13590b3bca67c198b665e3380bdedd2dbd60a2d4f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E5BEE32B2BBBE314C3EDAFDBAF2FF011
    MD5

    650df9a1ba886fe46d5db620b9e8f082

    SHA1

    4559bcdcb94e4f189704b82521c37932722713a0

    SHA256

    bf63ab7d84c5b3dc2465c132356d048f464efe119e7d7ad3a3a2fa26f38c4107

    SHA512

    6bb5e1347785b21cdd5aa646d52957cc3e6af518d4263a30a61f5e4af0f5edd91d3474b47de20a026b46a9cc7282b424388b330fe556d6a68482ef26b6d55020

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\3ZELDKR6.cookie
    MD5

    c63a2d7f9ba9d667be024b96c17523f6

    SHA1

    006d2ffb2c4f633a78ae0d9a07523e52a006e8ae

    SHA256

    f5fcd8a00148e1b4f7a4039e01c32071f4f910eeb9b714c2e3dae26a99866c58

    SHA512

    908b35acb6805186d497e2a90849288b99c940ecd214d03a0ba4e86664099dea17cc721ca52535318956305fd757eee4294a37b495b9b70ce38f6fee6b68563b

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\PX1M5REJ.cookie
    MD5

    31b867881e2531dbf573562b210956d3

    SHA1

    39770f8db2e6edec8708ba231b5155fee7455968

    SHA256

    6986a6d8b581407ef4f99a87c793a2c0c527807d9168442b318d5bbb42a40505

    SHA512

    6a3d5c867b6696597e9abdfe2c883c53c16110f6254b7d30a9260eafbd14c9b7e6dd4537d0100874610be983983eb62970486265c2db31bf2a06742cd10140ae

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\ZNLUIIOP.cookie
    MD5

    e0ded4d4bb7dcb317e792765dd2f91cb

    SHA1

    da2071f9a0c450e7de0bbef850d38f2634bcad67

    SHA256

    e1f90862e8673788e8f053793097ba9351b5409c2280093e073cb7b25376e0cb

    SHA512

    cec579dcc47077e0baa39c2486fd78a0e1d0c28aa282e98ef12f8f560c6558cd55a109e9dedf427b50ba8a2ee7a8bb4927967dd99f471dda038b7f7743eabc96

    Download Submit
  • memory/492-115-0x0000000000000000-mapping.dmp
    Download
  • memory/672-114-0x00007FFD272D0000-0x00007FFD2733B000-memory.dmp
    Filesize

    428KB

    Download