Overview

overview

8

Static

static

8

URLScan

urlscan

https://koperasimaju...

windows10_x64

1

Analysis

  • max time kernel
    119s
  • max time network
    156s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    14-10-2021 13:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://koperasimaju.com/php file/index.php?i=i&0=user@metrobank.com.ph

  • Sample

    211014-qpyjeshfc3

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "https://koperasimaju.com/php file/index.php?i=i&0=user@metrobank.com.ph"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1684
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1684 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:660

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA
    MD5

    d4717da32cdccb9f544386ba247a214c

    SHA1

    ef50ed02110b66087081ee82f5bcfacddae5dc75

    SHA256

    fae26c0dbf6f66fafb869c8391a54e8947b4abdb8d33a47d81ec2355625ec8b7

    SHA512

    51f1e02d1b2b0ab0cf6c7a1852076d452167ec16514d09ffc6495563d587fe5c0c1563b3381dbaa150a1f888b8160ccab755c96726cbeae61b5b5a3cefe4fff3

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    82fa88e64877afb41dca1c1538103ad6

    SHA1

    0c0b5efc26de2c5459845e1855750aea1a253338

    SHA256

    07bc4a1cb38272dc95952e6173fc9adc1cfea603c8cd5a0c9246564647437a8f

    SHA512

    a3844380c257120275bd30952fdca990327afdca4fcc55828624a57204e36d389a88b63e473eec7382047098565f08c90265563c5bf79e634fc60b2beb3e0e62

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691
    MD5

    a9e3d15836e8084127a102f37d2a4ca8

    SHA1

    c79df1bbc481f1dd21ff7db41effc13ec85f7c19

    SHA256

    44b88cbf5cc4961b384ff8210da89e2d144dc85a288013d58ddb518929088a52

    SHA512

    3fea475728306b2117b6a4ecf6cde5aa308114ac91002fd56be804b3d5ccb6e3b3a785b984a29d4ffb721bd483eead3e122bf92ee265dffc1853802b9929d7a1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA
    MD5

    bff441569abc2dc19ec4e34921e74ad3

    SHA1

    9e99dda4cc2c3fbfcb118072e63422887a1a26f6

    SHA256

    89fb629b9b34ab11a377a4bcbed25b4204856fb0f750d8c96a01566877ea4266

    SHA512

    a79c36fe08172b25ae98c5672666f3bf36ec5a84eec4d420926e6a6cb80cea5c8f6dbf6da04cf642d92cc48a49304fc46b981cb3a9862c8087e2544cbf2ac65c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    2e25b40eb8074e35cd49c40b23ceb8f8

    SHA1

    9f7e5667983c7b65b8a53528c06292e32111a9f1

    SHA256

    9767a6491c56514f73948fa7ea14fe647a0940df52608b85019b7e56d859e046

    SHA512

    920b68ac74008b5cff2567017a55bff60230c41fd0cdd6399787fe5bf4a67534a29bd7a741055be85f9a5d05fb700d9a52e4569b6d0f2a63f1b9e0f575ab9aa0

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691
    MD5

    2cc8613aed5ba6c1f68e493602c486bb

    SHA1

    55b367e6ab9778ed606acaddaaea37c8d4707536

    SHA256

    b93e48fab42632b8310e2245cea35b656fde25e0c4cdb617d0307c85ae8087b9

    SHA512

    c4ec1dc4d1e5f1faac87b7ed14deaf9e5ae9e44aab77cd44aa5ca7d96d140260387d93086b0b1920076646851dd67c04e64f4044dcdf7a40d41176106573f7ae

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\5RG57X76.cookie
    MD5

    edcc20c733e7df8d9e72b951dddb58c3

    SHA1

    98f2fdd4903a64f047977e7766a9d440c9915aae

    SHA256

    431d51b59cb43b1d9a3c4c6a57750a4a419fcae85fa17a8c86a0670875edcab4

    SHA512

    672fefa8469d76ad3974141f3e615c66571b8aadb6cbe74f4f404ef1c092a50ee323916d5ad0c373480cc379ef9784c8ed1df9eb89fda4a10ce0e6bc4fd6b137

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\8SH86MKM.cookie
    MD5

    b70f2b55d6658aaad034b84010c8f249

    SHA1

    12e9488617c2cc467c1e5827b03d4ef8a365e7e2

    SHA256

    56d54977616bf78f87505a6ac9ff65858b681bba2c47d4ff82c171c5540993bf

    SHA512

    623907a6a6b424ffb991de5acf527e008100cfead938d09196dce9afb15700d4ebb32779a5f14c22a874b83ed6ae4f27beacccdc30d26207bdf7e04e1ab1e90b

    Download Submit
  • memory/660-140-0x0000000000000000-mapping.dmp
    Download
  • memory/1684-138-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-149-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-122-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-123-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-125-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-127-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-124-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-128-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-129-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-132-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-131-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-133-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-135-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-136-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-137-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-120-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-141-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-142-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-144-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-145-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-147-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-121-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-150-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-151-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-155-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-156-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-157-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-163-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-165-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-164-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-166-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-167-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-168-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-169-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-119-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-117-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-116-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-115-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-173-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-175-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-179-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1684-178-0x00007FFF144D0000-0x00007FFF1453B000-memory.dmp
    Filesize

    428KB

    Download