Overview

overview

10

Static

static

URLScan

urlscan

10

https://peshoja-ks.c...

windows10_x64

1

Analysis

  • max time kernel
    119s
  • max time network
    144s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    18-10-2021 09:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://peshoja-ks.com/auth/logon.php#replaceCurrent=1&url=http%3A%2F%2Fmail.email.com%2Fowa%2F

  • Sample

    211018-k26gxadcf2

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://peshoja-ks.com/auth/logon.php#replaceCurrent=1&url=http%3A%2F%2Fmail.email.com%2Fowa%2F
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3556
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3556 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4360

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
    MD5

    1455d22c553b285c8f185634919b1213

    SHA1

    42c08ceb4015831f59913382277b1d8049e6429b

    SHA256

    1352ef5ad9f7d586e3f3e87f3d18520ed4387c92ae32162f6507410d47c3dbe0

    SHA512

    ea9231f6723e8f76b6d8e1ad9ac9e95710996ab2878d6210a034721e12f88cfea5213325f2659d1cdd7a3181ef286d4aafdf9b0102786755ddcab84f9fab2975

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
    MD5

    5e765e756aad15812044278a95ad05d0

    SHA1

    c77ef6e50f91a47b2fc4df7c4d6fe8e994d48af8

    SHA256

    3a068e431bcedc5f63ec470a5a86d39bb1ff7ffe166a2eacc6de94f66406164a

    SHA512

    b3eff7c0a0869719844cea6721a3cf41b07ac0cab2e6002e24fa26d4aa6d882ecc5ac18f767c11c2a525fac6f021cca4344a62d59b993b37a87674ac4d909e30

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\M8WWZP5L.cookie
    MD5

    25497a680e2d4aeeb8f0d2c37f16e531

    SHA1

    7608a078052c01372206dd19d8f3eaf98d5de37b

    SHA256

    d2ce1d0a2c31c49623c1ce7b6dffdd98f3b0e5e585c9fe98289ec6dd138b7cb7

    SHA512

    ed1def196c4ded044ec7855098227c168cbdb6b0988070113f3b95dc8700ed355e1f190b3fbfae77d24e68668c5c18cde1caabafa83f6da2a8e82ee5edf8a418

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\SRVLBVWB.cookie
    MD5

    defc68456bddf9c0a73f754809b47a3d

    SHA1

    acae47d5c0df45d8b46212cb9d453584f0ff2a06

    SHA256

    b1c544a52915ca434734037a4b0e528992ab6a157f35065d0a983bec7a42cad8

    SHA512

    773d88b03304f27be6e6f517680e01f1e0dcfdff723e0e217f1923dd02e635dbe0e235b747eaae699f0730a261ff771a3c3470be635824a6282f2b293132341e

    Download Submit
  • memory/3556-142-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-123-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-120-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-147-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-124-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-125-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-127-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-128-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-129-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-131-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-132-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-133-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-135-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-136-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-137-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-149-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-116-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-141-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-115-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-145-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-117-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-122-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-138-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-150-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-151-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-155-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-156-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-157-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-163-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-164-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-165-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-166-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-167-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-168-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-169-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-173-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-175-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-178-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-179-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-121-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-119-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3556-144-0x00007FFB85290000-0x00007FFB852FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4360-140-0x0000000000000000-mapping.dmp
    Download