Overview

overview

10

Static

static

URLScan

urlscan

10

https://rabobank-aan...

windows10_x64

1

Resubmissions

04-10-2021 15:09

211004-sjnhdagfbm 10

04-10-2021 14:48

211004-r6lrmagehk 10

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    04-10-2021 15:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://rabobank-aanmelden.trusting-bell.155-138-247-52.plesk.page/scanner/

  • Sample

    211004-sjnhdagfbm

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://rabobank-aanmelden.trusting-bell.155-138-247-52.plesk.page/scanner/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1832
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1832 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3088

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
    MD5

    54e9306f95f32e50ccd58af19753d929

    SHA1

    eab9457321f34d4dcf7d4a0ac83edc9131bf7c57

    SHA256

    45f94dceb18a8f738a26da09ce4558995a4fe02b971882e8116fc9b59813bb72

    SHA512

    8711a4d866f21cdf4d4e6131ec4cfaf6821d0d22b90946be8b5a09ab868af0270a89bc326f03b858f0361a83c11a1531b894dfd1945e4812ba429a7558791f4f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    46cbd0a3d1e70a49db77aa1a79dea093

    SHA1

    e7ee6492153fcb7477c0512e14e923532940e066

    SHA256

    678c0747c7616857ed9abc64fa182ae2ff649167f322a11299b1119947f2f651

    SHA512

    8e11310cb6ea27c0aed73c29293fc3336e5445391063bc7e5a8b0443784a5a9919786386d950bdfe6f4e9cefb83f44a0ebeb400ddb1ed2ced0e16274f691784b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E5BEE32B2BBBE314C3EDAFDBAF2FF011
    MD5

    0eb9f2a6956e58083ee21b6ab47efdde

    SHA1

    36679cb40136caaae6eaf2e90de453b71a40200c

    SHA256

    34dba407483138a7a215ca70c1b2af319b77493f5ee496478cc7b294de54f829

    SHA512

    398c2042bc02ee0aeb3135f084e5ffc1c2995c634c75a3ecda822b222b101ccbb5cfab78947c91dd7cf6808620a78ddaec45692630ecee7869972699fc511828

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
    MD5

    fd313e7ff94dd134d1ca9d7818734ed8

    SHA1

    0b351967ccf727a89d0bcd80086fe5363c2cfe81

    SHA256

    7cfebcec2fc467b38641a0ce3aba750a68694ab4ce8561c0491a0cf453123878

    SHA512

    1de26bcf56f6b69f2f5bd6cab49fd002c3977c700655fe5502c818fadee73b3645ae0b0ed51546803d5de8805bfdb3293c37982c3f710f77b6ac8606192f1d59

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    2511da13f7d834a1e2b061d53e71075c

    SHA1

    a503dfa3425bcf9c43982f5cbf932b1ea890150e

    SHA256

    8d332df445d2839fe1ae3a664895da1ea6f7a3cf1f1be0873942eb12d80d06c4

    SHA512

    90d7a5e950e333211faf757b840e3728385b26d839964e7614f3f16912de255b4ad6df80c1f01a0e370e7a5ad9bc7de65bcd2be01c9fbca3ff5f851fb83edc6b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E5BEE32B2BBBE314C3EDAFDBAF2FF011
    MD5

    bbe3392103eeee5ed02175af328b45dc

    SHA1

    6c41579e6ddce4cf50f01a38038ab081dce46bc8

    SHA256

    c3289af9c324847167c3009a0a445b6e0cff68ad29a4ea18b75c9a49bb51d16d

    SHA512

    1bb356f03894a9e7786d54edf8d7374a4b129bf71b8f61f47afc77fff8e8df612aca405126cee7956211b25ae3d1634ce476d0bc669134808ff84bbfc766834a

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\BDXQ9855.cookie
    MD5

    724d8afb3f7da8298fb6cac1de08ffd9

    SHA1

    331853e334c308ed69bd9096a6b576ca47fa4064

    SHA256

    2ffca35b9493f220642f5cef0cc6b120da0cf9a7c5c64ae18895ea4a61aca978

    SHA512

    e99942c854900d60b8e769564fca64c78a83fb6e41088b53df394b93ee431106bb8539d4e07f1e4aa0999d3ab792fc07ac09d0176297a284802fa8b740a40e83

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\NAU0YMYT.cookie
    MD5

    2940f65dcc59b3c2457b8a9a2e8b4e40

    SHA1

    d5b52dffa242cd23ba53cdb5278ba9a7939a69c5

    SHA256

    c148a317575a094483d3967e0fa25d7094e3a0f8b5bd7aa6739c542d9dde249c

    SHA512

    9dde5252cd1584845cf22762ecf93e4381a8359733adc8a4576cc9ed863f2a3f904b0e2a0d490642da7c337de80a310d4e2d965b76a061b2f9acff64ac405279

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\Y2XCE3WE.cookie
    MD5

    19d3640924b1477f4542163bfec7e68f

    SHA1

    d8739f52e153c3de6281ad523a8de4b535974b1e

    SHA256

    12e092a974498999de8191daf320c50fdc19bc0d5739ed33d19dffe328cc821e

    SHA512

    ce37bdf192d79905e409824ac55682578454c73b75da7b4ff3d887cbba2f0a666798dd42b5b25e7bf2a9d6fc0e3bb029fd77b1ba84c9d5a01b4f9003e690d254

    Download Submit
  • memory/1832-114-0x00007FFE0EAB0000-0x00007FFE0EB1B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3088-115-0x0000000000000000-mapping.dmp
    Download