Analysis
-
max time kernel
119s -
max time network
144s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
14-10-2021 23:50
General
-
Target
https://6207096785619137190813056382554851545916.page.link/NXWoVeUVL4ypeWJr7
-
Sample
211014-3vw9rsbbbn
Malware Config
Signatures
-
Modifies Internet Explorer settings 1 TTPs 37 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://6207096785619137190813056382554851545916.page.link/NXWoVeUVL4ypeWJr71⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2432 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAMD5
06f9941ca26951e04e120cdc2852d6d0
SHA110e87d65a83d2bd278d589bfabf5e58cd77c3b98
SHA256ff7015381806fb12a7820ebd293c575d74c7793ee32624e77221f3b79465ee9b
SHA512056e10517e46df75d894dcb933fa6f97c8b8407d9854897007038c4118f2fd06412e38ca6cbe8a39adc465bf34f543517c109d44c8d6248cdbb4330d2ba87abb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAMD5
64e9b8bb98e2303717538ce259bec57d
SHA12b07bf8e0d831da42760c54feff484635009c172
SHA25676bd459ec8e467efc3e3fb94cb21b9c77a2aa73c9d4c0f3faf823677be756331
SHA5128980af4a87a009f1ae165182d1edd4ccbd12b40a5890de5dbaea4dbf3aeb86edffd58b088b1e35e12d6b1197cc0db658a9392283583b3cb24a516ebc1f736c56
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_3674EE7A36D4FCEB1723FF65E35B9E6FMD5
c63f0f2390d546b83ab57f363ea54c34
SHA1af48a89986f6d2ab037d636624dfd1dd5a32cbe0
SHA256d8bd9554c71d97afd7c660f4465e4782cc8225b946b1b635010f6ca63cddebb1
SHA512bc059e9aef62528a41349df8d9e216c0662151b956b3694e4f02ec6d99c823b5896f7f7b7735d01427810f37f9492618f15149af2dbd2dff3e38ccd0112863e0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAMD5
12c8fd8739b27e33f24ba5520ae1c98a
SHA17404cdc2e0bc0610a8a8990d3b639559214c6fe6
SHA256792ab98b983cba498fffbe423199c9a6b4d5c4c1e70db6327d5cb886fc70e8e8
SHA512cdd755515592bfb319158bdc98b96eb71089c8d14d76d1f054aadf7f9ca4bd01d4dd95618b7347679d55b9d5ecde50c83fb31ebbffb590c01c9d03455b9be4ec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAMD5
0289eee6f3ce35cc1b8a31a36a55173c
SHA1bccae013c2c3a6404830bb7d8ac34a1522c6b7fb
SHA2563f224fd9454b871f54218ffa8e873adf851619cc755fad462baa1ac5d584686b
SHA5127e1aec5077dd97d7d4642486bceb5c985c135cfdaaa12d36c78773e71e0a63b18f2f0264fd6e1e833463d069ee2a8174186f9a23bd1e59274aa49770f94708fa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_3674EE7A36D4FCEB1723FF65E35B9E6FMD5
8157fe6e801d73e26e49b6490c5c149f
SHA1ee5697e57eafdd6dc8211f3038e07956abfc79e9
SHA256f6cf07e47996aad0f15cf315c9c6ab6cbbd091983a72492fe9b029504ac792e6
SHA51251901dc4f89d543787857e8aedb95ea0a0cdb94b9d457e50caad9b89f774f46e31d11fa5266155b7cf330fe892140df60035a91161bc16bb60a95fbf5543cb07
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\0526WURP.cookieMD5
9e986289f8f2f75d10eddf0474f94a48
SHA1218958459dc60587bca6b5dd775bc6660e4c094e
SHA256f298be29c6c6020ea3b7b5762e8717734aa09a7ec17035f4e0e9ad4b54d8be9b
SHA512c113e7d368f2054ce9950bb59ceae768d7f4635e9566a459dfdf2ad9142c932acea9b570baf22bec4acec05353ed7e398a9e5133168123810baafd8ce93cf493
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\7N4H019S.cookieMD5
24535d2f67e2ec1b34fbbfc281d72bfa
SHA1f04da5ae21b820b205db3fec2581669d0ce8d686
SHA25610beddfe867626752c93d0c138a2b711ebf162a95574bf5ab9f0c692e0ef94e4
SHA5121307672d22d7361aa8ae6a93d6e110d0ce8eb9cfa061435fc0b124e592878ea4b3a967e96894bdb21be3f484c51fc40d278cb027ca1693ad37103a36b78948c3
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\TOKDRYE7.cookieMD5
89d79a24a32d2e3bcdb60f4445728458
SHA1b467a1792277f9674d0e50c3c5ea065c9ea9835f
SHA256b3b0e97f4699bb06b224c6302763437388f3ef4fe8f1547d044f11e4535b9532
SHA5125c94c45c7ec20cad7431a8cdecf580b8669ae0c896f6fb062235b957849996d4966f7961ce83072bd615fc9751e582bcc0ba4245cc500322dc1ad1d7461e4e2e
-
memory/1292-140-0x0000000000000000-mapping.dmp
-
memory/2432-149-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-157-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-129-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-131-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-132-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-133-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-135-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-136-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-137-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-138-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-127-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-141-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-142-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-144-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-145-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-147-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-115-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-150-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-151-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-155-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-156-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-128-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-163-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-164-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-165-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-166-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-167-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-168-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-169-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-125-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-171-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-172-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-175-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-176-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-124-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-123-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-183-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-122-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-121-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-120-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-119-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-117-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB
-
memory/2432-116-0x00007FF939B60000-0x00007FF939BCB000-memory.dmpFilesize
428KB