Overview

overview

10

Static

static

URLScan

urlscan

10

https://form.123form...

windows10_x64

1

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    12-10-2021 17:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://form.123formbuilder.com/6006429/form/evolenthealth.com

  • Sample

    211012-vtwb3scgh4

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 46 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://form.123formbuilder.com/6006429/form/evolenthealth.com
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:900
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:900 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3688

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6A2279C2CA42EBEE26F14589F0736E50
    MD5

    8b153254225cf81983baa0400492b53e

    SHA1

    d2c94319c1a6d580325de5bb9921ef6ae85f0b06

    SHA256

    a3eb96967c5f501b5e14cf4e0a2bb4b9dfa8933352c973a1eae89c321804bc25

    SHA512

    8a20f17ddfc5de2aa2c535edecb63e4b6c44c94ab29032f5123cac42e8715e261bf259ff4a801ef65c2b0788bb8df25bbad9cc70c8c527911d6010e7f6e439aa

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F
    MD5

    af44cd8dd1c585c5db388bfd26a5c459

    SHA1

    8376c569aa72eea031ede6e6200ee026c2598f32

    SHA256

    d6fc312a96b1b66d46afb97f542d93211e2f5693f669deba316cd6e009dd03f4

    SHA512

    9f9ca2934b1a3a970ea391e32a9f7fbaed98748e8ec737afb18689d10846a3c305c4a2fb5f1f9481901eebaa3de31a9726d4d8f4f4a29192ffa7a71738312568

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
    MD5

    d1833504d3c397ad944032808c67131b

    SHA1

    318579ff984a030a4d80b130cdeaababc46e88fa

    SHA256

    359bb957616ead279c04ffdec0e805dbe74eed083156fa791a12dc598f604c5b

    SHA512

    03e2671aa37d4b6475546dd276e58be966cf20d5dc998f71fe4a9c615eac339302fffd000abc46f3e07ed47e3878dd46e10db2bbee86432e475beab4deba8f57

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
    MD5

    ff3df694cd51be99c83f966b3c35c2a5

    SHA1

    0d70ca644a89482d0c8f3b5df8d25f4eb41ae87e

    SHA256

    0356dd7ba43921e41616ece0b1337d81361acc86b9f4a9f8ea577450949c2766

    SHA512

    e1946df064fedc28751a6f72e0f43a017e7cc3858ef1c0c75dce03d2b69c632892ba6a0689b6ae5f0fe694ed19228d64b7f49292c475802bbfa49afdcdf247f7

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6A2279C2CA42EBEE26F14589F0736E50
    MD5

    6b9bcfdaf55a86515663e433e26afe38

    SHA1

    f72e154a4cc73fa61e2b801ea3a2c6cc57defedf

    SHA256

    6e736b6eb879e73f6affde96dc4d7728775c459709c45a19d3ca824c0af3424d

    SHA512

    ce84a69b2c8ff38690ec93c0a84001e124983c8bcc2e12e7383033c07feb8d53ca14a0c2d915ebf06722430902d287dfcbbed6d36f3ec22509b4501d6d53c20d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F
    MD5

    59b14f9e4681a66d9e8a6027a3e8e7f8

    SHA1

    69b7333cb0d3f9774cd217ef0504629875cf809f

    SHA256

    b8957a24004fa8cdf4b37809a57069af6d7c9341074cfb8a96499e5cc381c451

    SHA512

    406f83be75a4c7b70f59031ff6bbd5c33b7c0aa0507be33d0cf54370d67487a448938334270a21cebeaac988364567c6e65ba86652999c49a61db0afb37711d0

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
    MD5

    b1da64cdc4fff165335ec707d2518132

    SHA1

    3604c5c9f51340970fbd60841372c3aa52430e0b

    SHA256

    68c95e75eb0be63bb39b7c8ec6de76e069d9eaa1ce514c5207046d4a7d563cb1

    SHA512

    ff214e7db87e4c67a7a15749f0ea3002896e400044e28eeeb7ca52b83d188d9820340485a1a5ee9f567eed0ea7b07f6b4ebe3c48de2c4a946909fa1d6a8db6d8

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
    MD5

    c2547e0c87968ab239298b1120bf6392

    SHA1

    906b8eba7a8747f1ab9f08dbc75bb91158db7b66

    SHA256

    4350c199e23b987cf06a8e1f9e958ff52083f875634358e1b4ab628e8e0e80e4

    SHA512

    d84494921ce0d8e06180fecc54ec04e5801c9daefa2717507c8fb04e87fc9037b0df66762b3ab9a4fa13d8eb1888c81483c77e585034a4741c14dea459be32c3

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\K5JN5SGK.cookie
    MD5

    7fe34a1459aa84886dda9cad5a876a36

    SHA1

    16f84af7f5d147357ae26149dd0687ecf5b11302

    SHA256

    c080b49dd11b11203c64f2fb03b49d8327b05823c28e384967f7c683c830b0e0

    SHA512

    57badcf7844ba26ce5c9517c5181d04f6edfc75e7f288b4659b599beb078f2311d5ac89184dfcd418f3413dca97720b337b1804eab17425bb441d3c433a29c79

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\WOXI7RHF.cookie
    MD5

    214299fdfd014d39343fa16c1a433288

    SHA1

    4d511e8368d9ede700dc37ce053a0710bdebe46b

    SHA256

    30b53d5681971917c76d3f86ea315e22664e0826f160351a684586d7c2126e5c

    SHA512

    75377f5437107360afc97878cb880cc49c098255c870d3a54aefcbc1d6c292481ec384be523fa0eb9b80094560fdd6077df5db8a365bbc30be0f6f01c906be6c

    Download Submit
  • memory/900-143-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-150-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-123-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-124-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-126-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-127-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-128-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-130-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-131-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-133-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-134-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-135-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-136-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-137-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-140-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-141-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-121-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-144-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-146-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-148-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-149-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-122-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-154-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-155-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-156-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-162-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-163-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-164-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-165-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-166-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-167-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-168-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-120-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-119-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-118-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-116-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-115-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-114-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-172-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-174-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-177-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/900-178-0x00007FFADFFA0000-0x00007FFAE000B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3688-139-0x0000000000000000-mapping.dmp
    Download