Overview

overview

10

Static

static

URLScan

urlscan

10

https://samahluarpij...

windows10_x64

1

Analysis

  • max time kernel
    134s
  • max time network
    145s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    05-10-2021 13:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://samahluarpijamas.com.br/BDO/.=www.online.bdo.com.ph/sso/login.php

  • Sample

    211005-qpz29aabgq

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 53 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://samahluarpijamas.com.br/BDO/.=www.online.bdo.com.ph/sso/login.php
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:652
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:652 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:996

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
    MD5

    54e9306f95f32e50ccd58af19753d929

    SHA1

    eab9457321f34d4dcf7d4a0ac83edc9131bf7c57

    SHA256

    45f94dceb18a8f738a26da09ce4558995a4fe02b971882e8116fc9b59813bb72

    SHA512

    8711a4d866f21cdf4d4e6131ec4cfaf6821d0d22b90946be8b5a09ab868af0270a89bc326f03b858f0361a83c11a1531b894dfd1945e4812ba429a7558791f4f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    e64027b6bd9cb0655f7ac4d9354d78a1

    SHA1

    3a423294dc15027e91a97aa64ef63da18b5a3ae5

    SHA256

    22b8344fe9220b65a322c4700f62235d9d355d010e67c5bfadc141b715c607fe

    SHA512

    211987792895e0410985d59ba60e0c0fa41d031fb36061123da14480c5008685596ca15104d68d5ec7ae0363e21a02db51b2ec0d37fee9f2a7219d60cd095c24

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F3C6C7E8B179283545ABDBBD0E815F32
    MD5

    773067866d6d8be51590869d46847d01

    SHA1

    aae27d9f398f85edacb6437f11eb237c4f032568

    SHA256

    8c9786a647400f230645c78a7a37e32551c593d0e0ec7d0545256a3f59b6c535

    SHA512

    0aba971c7fdc18c20603986db35908c783e491721d7078573fa4badd3c7c246d064bcc47522f564728dcb9b45ba18081742dbfc6cb9dcc44adc8b6652a72a8b3

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
    MD5

    dc4371b3e09456a8d09040dba4f5ee61

    SHA1

    55783ad806442a929ac54d877a443d01cabd8352

    SHA256

    ae3b5618fb84987fb105407fd2b17b21f7348babdaffd53a4a67f48fe200f37e

    SHA512

    aaf66361b9133bf98679e67b54e71d91e59aab7bde03e3a5612789ece7e434ad4aafbfeabecb3d429d6019b014ada580fc15f204cdf0b86d5a00771c7f6eaac6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    2048388227f74b496730350bab859492

    SHA1

    1e35a29b2b5021fc18894169997ff95d24c47157

    SHA256

    1cc8e1259d10ced5d5578629f7431804d5e6fbce0e055d7a8a3070a67d3a0765

    SHA512

    36c2d7aa4af25265cf0f84435a0f4fbfe342696d0c143396b7c9171a4d15475d02ff6c945c91bedcba93cf109e72c16a33dbc5a62f20e969c44f28518770399c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F3C6C7E8B179283545ABDBBD0E815F32
    MD5

    76a2958471c873cdd4d1917a1ca70163

    SHA1

    66946c338a7048e13094dfcbcb9c5f42cd5cae63

    SHA256

    f32f75d67da8a1dc2d0af250850bfaabf83f1caec068276eff57456061529738

    SHA512

    1039c990273b2a4d024985521d69c2ec72c72c42c9baf22541a9c1d4ec19f46009dde26827496a927341255c46eac64ceddfefe1ec76eed1027b4f24bc44fe89

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\WU0YCW67.cookie
    MD5

    935161996a3ec0485dc537e0610ea05e

    SHA1

    44e5d3ca2d633fa3e4bf3f05992d0367dec61656

    SHA256

    184f5e122afd0dea89c6ddaf55f08155a577a8bd733b84851cbe022da75ee3eb

    SHA512

    f87b1afcef83455b98ea89651bbe5dd47cfa937f746a54f67bf5bb129982b0d13d34bb18c53865fce5780f9ff97bb733e23a9f271a99ec6072de2a1f7cbf4d34

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\ZQVEXNJH.cookie
    MD5

    d215aeca6a8527dcbacd894ec7631df5

    SHA1

    913c0fbeb6f36f5ac4f5fa2fa058fd520ff27ef1

    SHA256

    14d11e6fa1b68da7d91fd848b301b77a0acd0b776d167934091089bdcb1cecbe

    SHA512

    92c4a0eb51011e3166e77133b051776736668d390b86468edbe730d9fe7443b6b911d1fe38c2eb7727472ef83843ae0f4fbd54ca83fb9c76b7fdf312ae7b1925

    Download Submit
  • memory/652-114-0x00007FFD272D0000-0x00007FFD2733B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/996-115-0x0000000000000000-mapping.dmp
    Download