Analysis
-
max time kernel
135s -
max time network
156s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
11-10-2021 09:39
General
-
Target
https://www.dzmailer.in/agent_impression/action?email_id=jkwarcinski@evolenthealth.com&camp_id=2785&last_id=11965867&url=https%3A%2F%2Fwww.observability.splunk.com%2F
-
Sample
211011-lmyzysggcl
Malware Config
Signatures
-
Modifies Internet Explorer settings 1 TTPs 49 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.dzmailer.in/agent_impression/action?email_id=jkwarcinski@evolenthealth.com&camp_id=2785&last_id=11965867&url=https%3A%2F%2Fwww.observability.splunk.com%2F1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3128 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- NTFS ADS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751MD5
54e9306f95f32e50ccd58af19753d929
SHA1eab9457321f34d4dcf7d4a0ac83edc9131bf7c57
SHA25645f94dceb18a8f738a26da09ce4558995a4fe02b971882e8116fc9b59813bb72
SHA5128711a4d866f21cdf4d4e6131ec4cfaf6821d0d22b90946be8b5a09ab868af0270a89bc326f03b858f0361a83c11a1531b894dfd1945e4812ba429a7558791f4f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3169B1AB3118F8C2C2217A500343EFDDMD5
bf32402292772a950ac72aea22772dd4
SHA1dfbca34ab4078391f406a5b7fd03a8f1a4eca277
SHA2562eb961c548bbfcc6aabe30ea2b674753de7bfc22dc9d58e6b4a9f9f140fc8ae8
SHA51228afb3728150f1a65ccefeac758bd00e554baaefb97fbe40b8b7490d812db46c668d4821261163106b82b57c1c8ec638744bba6e21011a5c400b5397a7fb88da
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776MD5
1cd35e473acad1cf72d4adf5eca86075
SHA1071be7020570efc371f52776d0e20771fb229f09
SHA25626e692ff7d9df36d18f29f144fff24d3be82c41e1bef06659acf3b4fc98ee7c5
SHA51290976845cccb568bd25a8c8df0d85d7d81f08700e62f1f1b8fb55078dce2f12d29887969276d7acc29b48e84f07e8e523c1c70f29b0cf0fbef469b19ba638459
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751MD5
77033217c67375db65e1835660e7b5bc
SHA18bfe25bd91d87809846943fb51b965866aff5bbe
SHA256ef2072a24b12cb69d0c1c670dbc4297c9b48139cc90f5e7070794886aa071a88
SHA512ea0c1d5aab555279a8035e3247b29b7053b5106efb1a8d1e2e5e25ef7d5ca0605683d3816ecd8b9b32835a2af34842b956446078a853cfcbc85a750d9b1801c8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3169B1AB3118F8C2C2217A500343EFDDMD5
6c135548fc136b5788b3f6059787fac1
SHA1304d93d3879e2c77a279a03efb5efd453f805cf7
SHA25636ae14dc1425de8c67bb8ba97ae95f6dc28bf98a93b4810a6474d6d8cadb37df
SHA512714ea6c27f0273b5721f0b38da06795a03600d95de01feaf3c74564dbe77d739026d33c478da777717f867848f048bf4d04780f0d149f656bb589000b4168d63
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776MD5
e81d1650fe79095c9b5fccf3d57fa4ce
SHA129e8dd2788714face7452c449912d763f71a86b2
SHA2569b2dba76bee30137a32fb7cb5734e36f868e898e94ea1d690da69065565607fd
SHA51212f27b7869ce64357709c3e263a994535c42eb0506f6e06ade89b65aced8762e24774cdd9ed199f048c84c8f18dc8bc07f8c684038d26ad7f09d45de64600c34
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\EUUWN5MH.cookieMD5
511c427ddf8bbccf004324ade1791cbc
SHA1533c8e122d6ccfbc92a451c8b7793eaa47633b0a
SHA256dfdfc36c1d6e7e10f1f52232462c61f700fe3d93672573ad874a093367be39d5
SHA512e64ea56c8f7530b4423164839ba8cec9d15edf4e21c76ba745f00056f798754b54558ab5a7f632ad6ddcce11dfbb4b2245aa596ab3eafb77f5d14c5f6ff26c87
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\HD258G7T.cookieMD5
699097eb193794963c36bb80883dc73b
SHA1a023e28b15cbeaec200b1049fb3b2089b5571ecf
SHA256d68a265ac575baaf806a151662ad0ab4bfa611136a18c4acf46a160a4a3f1da5
SHA512bb3fa8361464b9f4e2cccffc42becbd3c2b90b44f255e2deb7a408660c4d697ebd860091e10cdae8540696b0ad3de4ac43fb90e0583bf8a84eab2e668d15d0ed
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\RODOF1YE.cookieMD5
c2a503ff393628bf2cde4a95c7ba65a9
SHA159c2999fa85ee0e127dfa0d9d33be7788ee09264
SHA256720bbced929522385cb4deaa7535f9d06f752e8ae8a87d23fc9af6b4610b6935
SHA512eae8603141b6e1fbbfb5fe02a5747cdad7604a6a95a01979dd3705d576ab1e2c71f26babd8598a0cf04d9b11973b2e5ba9c49d6fac8098293aa72bffd0c99d0c
-
memory/2456-139-0x0000000000000000-mapping.dmp
-
memory/3128-141-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-149-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-122-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-123-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-124-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-126-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-127-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-128-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-130-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-131-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-132-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-134-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-135-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-136-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-137-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-140-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-120-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-143-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-144-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-146-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-148-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-121-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-150-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-154-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-155-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-156-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-162-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-163-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-164-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-165-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-166-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-167-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-168-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-169-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-170-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-119-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-118-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-116-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-115-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-114-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-175-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-176-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB
-
memory/3128-179-0x00007FFAA49B0000-0x00007FFAA4A1B000-memory.dmpFilesize
428KB