Overview

overview

10

Static

static

URLScan

urlscan

10

https://smcglenbrook...

windows10_x64

1

Analysis

  • max time kernel
    104s
  • max time network
    151s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    07-10-2021 09:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://smcglenbrook.org/based/

  • Sample

    211007-k5b3gacbd8

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://smcglenbrook.org/based/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:568
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:568 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2880

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    dc34cc9727d7e94b8e3331515d4c51b9

    SHA1

    76669e23763505f37562efce970397cece194dcb

    SHA256

    4106455d3cc0646e27ff696ac2030db43b8291e06a33d4d5d179ef03425e1bfd

    SHA512

    8e858e38992c3b1b138bf3993ddfdca979bf865b032a878c3123aa232478f2e8bd5c006057387084870b02edb401fb1710d1b3c55db55278c74c548674fd4c5c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    25a37111755b34c2a01fa4eff3ca0105

    SHA1

    338729246fd854b466fed70f2bba72fb84ed355d

    SHA256

    d87f3328585eea00d7476366c4641771c387179de00f88827f25d8e3bf03db32

    SHA512

    5118d74d1b8351615f6fe86f91472ee5057633dafc2da2bb93147cf880f65c2854e9fda171bc3db2aacb261e84f4efee2ad3eacd361c1af43ed769ef4474a778

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\KHZA7KSO.cookie
    MD5

    6abd7dbb2a8c4329b768651aacda1aa3

    SHA1

    5debe31dd08d161ac483246a3b5577b808b8f8ba

    SHA256

    525315f50e9f78f86b1d03e87a3ab30e084df6176f727a26609cf4cf16ebf691

    SHA512

    820a14beb399192a37b946b01d3e82c3028321c96d62ab4392bb3ffc96eb9270fb28cb8ba0f2c90e1f8631bcf2f4555c921161656dff698ab086d2c83b7f8fe1

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\YIWF3IGF.cookie
    MD5

    4fe3ac3148f07e8dabe7f17d22a353f4

    SHA1

    9ca1f7d031f010bf56713144a84f65e789f2890a

    SHA256

    6299256c41f4fa7eb7c238e80c54cb2e2db70ea750393f1fa8607162d6691c98

    SHA512

    bbb1eda3c469e5280973edcd8c5378eb66dfb8831275678c310e756b359c3ade76cd61f09e9f3975fd2a263999ce901a7e212f8a942fe3746a438118f26af2f0

    Download Submit
  • memory/568-114-0x00007FFCC2F10000-0x00007FFCC2F7B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2880-115-0x0000000000000000-mapping.dmp
    Download