Overview

overview

10

Static

static

URLScan

urlscan

10

http://0sgm6.mjt.lu/...

windows10_x64

1

Analysis

  • max time kernel
    118s
  • max time network
    152s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    04-10-2021 16:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://0sgm6.mjt.lu/lnk/AUYAADwj6a8AAAAAAAAAAAAIyIMAAAAAAtoAAAAAABoxEgBhWx_P2lTiF8zmQmOXR8JoQiDkRgAZR5M/1/UNpQ4f0aztsCa8ZSiEeRHg/aHR0cHM6Ly9hcmFic2FvdWRpLXNwbC04ZTVlMzEuaW5ncmVzcy1lYXJ0aC5lYXN5d3AuY29tL3NwbG9naW4vbG9nZmluYWw

  • Sample

    211004-t9j4baggdp

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://0sgm6.mjt.lu/lnk/AUYAADwj6a8AAAAAAAAAAAAIyIMAAAAAAtoAAAAAABoxEgBhWx_P2lTiF8zmQmOXR8JoQiDkRgAZR5M/1/UNpQ4f0aztsCa8ZSiEeRHg/aHR0cHM6Ly9hcmFic2FvdWRpLXNwbC04ZTVlMzEuaW5ncmVzcy1lYXJ0aC5lYXN5d3AuY29tL3NwbG9naW4vbG9nZmluYWw
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2064
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2064 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2352

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    46cbd0a3d1e70a49db77aa1a79dea093

    SHA1

    e7ee6492153fcb7477c0512e14e923532940e066

    SHA256

    678c0747c7616857ed9abc64fa182ae2ff649167f322a11299b1119947f2f651

    SHA512

    8e11310cb6ea27c0aed73c29293fc3336e5445391063bc7e5a8b0443784a5a9919786386d950bdfe6f4e9cefb83f44a0ebeb400ddb1ed2ced0e16274f691784b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    600627cc78bbdd4a3843c7ff991e1a95

    SHA1

    f70504bf106b644ff9221978f78c323a57ffd87d

    SHA256

    66dcb050b3f5c1c122a779ba41211d478acecdb225d6f1c996a082f113113b62

    SHA512

    c0aed44abb0e6a33cca8b0b958b077911ab7bb94590e5de7f82858e13db2eab2819fcb73af86d620040a277d780a2533d40e2d7dfe1cfb614f92834eb82975d6

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\5717QBNQ.cookie
    MD5

    67ce4416eb2ac0aafdd4ff4da0799eca

    SHA1

    815a1e24a0e575bc67565e84603e07ab6904487e

    SHA256

    5027f8779e6c1ee648ece0815c487378a28a287f08b9039999d8a7138322b558

    SHA512

    42e63dc82358bbf5d26b615da264c6c8897e56c88e257fd64a37bc294fb866771cc9f70c299226d1b0fd0f06a68bb789a3dd066ce28d213bd657475922a7b8be

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\EI8T6XOV.cookie
    MD5

    a3c9d1660bef61bb1120697594e72b33

    SHA1

    6a71679e381400894c05543b5de8f5d1aae777cb

    SHA256

    ca9cf3038ea0161f34a2c4102eaaef5818281d8454f8e931420e705f1a5c8883

    SHA512

    634689677eaacffbe87663cf3a1b978f1f908d715440a17b97fe75c0009d9ff80e0db5a1d94181585fe42fa31fb42a64f0582da4b63e993038a2285d0a8a3774

    Download Submit
  • memory/2064-115-0x00007FFBC0580000-0x00007FFBC05EB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2352-116-0x0000000000000000-mapping.dmp
    Download