Overview

overview

10

Static

static

URLScan

urlscan

10

http://ms0th9yf6.k16...

windows10_x64

1

Analysis

  • max time kernel
    149s
  • max time network
    141s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    11-10-2021 00:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://ms0th9yf6.k16fq3x.shop/zhzc.php?anli=amagc&v=us1633892322006

  • Sample

    211011-azntzagccr

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://ms0th9yf6.k16fq3x.shop/zhzc.php?anli=amagc&v=us1633892322006
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3472
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3472 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4248

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    41b85f0adfa6468be25fb8da8d7b90c4

    SHA1

    2422a6d0392ab6a44eccdcec48498fbfaa89b2f2

    SHA256

    fb1d497525779f9141e7e442c9a5561914a015f4d26fe5f9bd6625d21cf075f5

    SHA512

    1870e8c19d3c2e7aea19ac0922a8f1d4a2963eb2869158ca67003097fb45934bf2738df77a4568763e2e6d985da517d45a96d3db4429283790bc979c5d71d805

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    f94378b1df641fb390c2e87c65a288f0

    SHA1

    a1954c50b361671017f6b65670c83fcf6588b2b6

    SHA256

    d707d4dd9274a1cf0336eb5dbd39c3e60fe28b72c709dbc1b883ddad864c403a

    SHA512

    03aa6b18450355d73f87f32b792fb96775abf0f822adc92bfa00dc9f281cff0c83042075854daaf0584d8aff80696b28a1797833500bac35eb1cba6b622efdda

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\0W8CWDO3.cookie
    MD5

    e4f62f017ebefccc59af7107815769ba

    SHA1

    b90405e6140160c84fa0a8217d2c16a33356d6a0

    SHA256

    c6fd31b22ad5d7fa907248e107e92410e6a2766e50335868de508b6c4c44262d

    SHA512

    90941387760209474071b961b4309f11e9ad5afdc6a99884bbf9f5dcf30722fd2e7c3288c83c1ab82b53906220e09364e25f7c537d08d3ce14b6fcdb0a1a518a

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\KP33O4GJ.cookie
    MD5

    d4bc7c37d8e54f6ece3dd8e04876d5fb

    SHA1

    f19d4b05f9deb6a341983aa7981cde4d3a973156

    SHA256

    62122ee772dc2e93dbd1c13e31cbdbe785aa969ba11680901999554653fa48c8

    SHA512

    f6b5ccba86271cb9c725a91a37051209431554c4e5db3a803a267685a9682eadac46f535c104fdd067c7ed5dcc72cf86091297b16972affabfd19f13b3771be7

    Download Submit
  • memory/3472-145-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-121-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-123-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-147-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-124-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-125-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-127-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-128-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-129-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-131-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-115-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-133-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-149-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-136-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-137-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-138-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-116-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-142-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-141-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-144-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-132-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-122-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-135-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-150-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-151-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-155-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-156-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-157-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-163-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-164-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-165-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-166-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-167-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-168-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-169-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-173-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-174-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-177-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-178-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-179-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-120-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-119-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3472-117-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4248-140-0x0000000000000000-mapping.dmp
    Download