Overview

overview

10

Static

static

URLScan

urlscan

10

https://f002.backbla...

windows10_x64

1

Analysis

  • max time kernel
    134s
  • max time network
    139s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    08-10-2021 20:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://f002.backblazeb2.com/file/balaghat-unaugmentative-ureteropyelostomy/index.html

  • Sample

    211008-zahdbsehek

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 45 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://f002.backblazeb2.com/file/balaghat-unaugmentative-ureteropyelostomy/index.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:656
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:656 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3948

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
    MD5

    54e9306f95f32e50ccd58af19753d929

    SHA1

    eab9457321f34d4dcf7d4a0ac83edc9131bf7c57

    SHA256

    45f94dceb18a8f738a26da09ce4558995a4fe02b971882e8116fc9b59813bb72

    SHA512

    8711a4d866f21cdf4d4e6131ec4cfaf6821d0d22b90946be8b5a09ab868af0270a89bc326f03b858f0361a83c11a1531b894dfd1945e4812ba429a7558791f4f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\65D3B76E6D5CD07FD87738B1551F1A53
    MD5

    8fcd3d3d6f6c591fce102be652986c55

    SHA1

    96ea201b688a7ce48c4ee41d6c78d0cb38f2030b

    SHA256

    55ac5bb3b823446f2b08c94a97c17258f1da6db07c004058fa17f6b7d4ab8d8c

    SHA512

    19724bc08931e2ce0dae7871e41f1014de0696f6dcd0f4dff38ef9622c143d3705d4420a131948e3af72e6a4debdd9b209a543e92cfd52c88f5399301e858121

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
    MD5

    8164e94e470b3ca863a2f09e7790e301

    SHA1

    dbcc87a391558dfc9148165c5d3d3713e2f99eea

    SHA256

    3f5866721f37418ce50ad61b99f798e5e600311350e9514b8d0e8d3f6dbc878f

    SHA512

    640ad2e5b36264b3fdd7b9441b28dc824f6a31a2ec7a9cc1deec193fa9a8465559a17ee30ba9072e1657e283162c1e08d21f67a2eed4009966f37b3f7b86f847

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\65D3B76E6D5CD07FD87738B1551F1A53
    MD5

    444989c6e4276c5b1df1c59986740b7e

    SHA1

    0d190f9af2ad29ce4d25a630ab7fcfbbf76a3ed2

    SHA256

    9fcce1a83bec105a99ee0f4ac1d387dda77d850848e3a2f5429db6db46e9eeac

    SHA512

    b73c27b178a97c26d0d9123c917940923c5f21d83682b9c15a462d61a294ecbbf860208bdf9dc87a09d80934f49307458298364fe09e020147e1caa9dd7e4012

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\86IIN05K.cookie
    MD5

    7947b461a860fabb325e14281e1e2d25

    SHA1

    9961c5e432bd105a505aaa942173936312081a7f

    SHA256

    d1420d2aa3efd5aa847ee334a0a69be462f5f7061ee735c9ec470ba2a767a41e

    SHA512

    7acf184dcac21526e54b80a8da851f65c908e20629d16b5df0f7bc188c6bf62750f44227e87d91f109f32a1515a787e50e69a0a1685d7ad041de4e5e2257e9ac

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\ZKXWK2HW.cookie
    MD5

    1f7a3900dd13bc6765277eea6b514852

    SHA1

    c9f5c0a36101160cef2839410a6f925c91ad07e3

    SHA256

    19cbbaa066905a6bcf8dbc35ccb8dd755b2fe63b5456fe95f74638543584768c

    SHA512

    d4157a230997284547c87dac615ef68c5618769e62054f32122622e1b71a539845cffaf954ab2453a2c1b3daa24c8755ed7138ae441e5f9167b22d657d4ad91a

    Download Submit
  • memory/656-140-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-148-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-119-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-120-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-121-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-122-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-123-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-124-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-126-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-127-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-128-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-130-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-131-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-132-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-134-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-135-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-136-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-137-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-116-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-141-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-143-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-144-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-146-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-118-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-149-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-150-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-154-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-155-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-156-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-162-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-163-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-164-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-165-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-166-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-167-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-168-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-169-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-170-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-171-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-114-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-115-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-174-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-175-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/656-177-0x00007FFA908A0000-0x00007FFA9090B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3948-139-0x0000000000000000-mapping.dmp
    Download