Overview

overview

10

Static

static

URLScan

urlscan

10

http://etkg.me/95xMIr

windows10_x64

1

Analysis

  • max time kernel
    121s
  • max time network
    134s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    23-10-2021 07:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://etkg.me/95xMIr

  • Sample

    211023-jtjgqsdbdk

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://etkg.me/95xMIr
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2844
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2844 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:912

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
    MD5

    54e9306f95f32e50ccd58af19753d929

    SHA1

    eab9457321f34d4dcf7d4a0ac83edc9131bf7c57

    SHA256

    45f94dceb18a8f738a26da09ce4558995a4fe02b971882e8116fc9b59813bb72

    SHA512

    8711a4d866f21cdf4d4e6131ec4cfaf6821d0d22b90946be8b5a09ab868af0270a89bc326f03b858f0361a83c11a1531b894dfd1945e4812ba429a7558791f4f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0FB8B902ECD4D598D57DDA6A947F6EF
    MD5

    609a8f37deb3558d1793983b45e954cb

    SHA1

    50adf3a55f7afe7e7d6cb979cecc1527fd4f6e4f

    SHA256

    983aa753443de5d291cc8f5de15c5857278124366cb547f51b0117d8d7eac447

    SHA512

    eb503ab783487999d8665319e1689c8c30e6ba687517c6cd4367c4ab1edb802276f42d62d584f5a98bdc5b8d2ea916f5128885b4ae1821374e9c9d884d699703

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
    MD5

    7401597e10d524a75808b2078aad191a

    SHA1

    ba6f054be545e468bccc72b3ac4022746ee53f9a

    SHA256

    598ced8b655c132640be7651eb4476d79c465a671c83970e7672775f77546be5

    SHA512

    8ad688f07f79f9c441f66f342f45e49f48a7ff0ce95b0e4f85774530659ebcaa4ba94346ca112fc65ce9941187d695165094896a9dcf8cd1a61980f2a5e5dcdb

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0FB8B902ECD4D598D57DDA6A947F6EF
    MD5

    2366f4ca9b05fb4464112a3f109c97c0

    SHA1

    54e8447ef041f8ce5c9a79c3421d4cfe397ecdd6

    SHA256

    ee72d6b9b63552d6d1f363480190012c85e8b76f763c2beab0b044b8e1eb904e

    SHA512

    91d5e1da3895b464ab61bc6928bc3b995b1841de4a5166bbf1840f0e3545c1975437f47e275f872c2f213feb8572d242317c0e6bd6bb20b1d91d27170d0c4bcf

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\NAX4YKR1.cookie
    MD5

    4a74b7f97f532095edd58339f510d24f

    SHA1

    f8f925fbe690b6700f333958099abc990be5c43b

    SHA256

    8aa7787e444a9111a3e1ebbf571308ae5e8aeb2e43d8463a50f7844d3e25ab4e

    SHA512

    b8bdeed6e44ba7d377850460a0eccd203e1a9b05d195529b276b2a9a98a16efc7816cb733be43abf6eea1e9c9a45626d25589fd72061f16e036546db3a044b26

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\UKJ2TOF8.cookie
    MD5

    60cf170bef0467b9b5881359ceeb115f

    SHA1

    6e6f9b3629602cf1c026f4429d1ec603b9f73b33

    SHA256

    031c527a2c76bbfbeb2fa21f2b45bf1870fd8c58bb332188e5785cfa8b7044d4

    SHA512

    5e2de1407f3c74f6822a75ebdf0fae10e97d2bbac4c13fc0966e72e2eea0753e004b0f446e5e8d6d4bd696ffac2b6eb864651c177991689930a6d139d18ae7ed

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\ZXBZ3R2D.cookie
    MD5

    40503f550c671a762c1cff9c696841e3

    SHA1

    9788fd776a414b8066c5c277ed627e190d21c485

    SHA256

    ae563c5d66bc47e53e94497ca65e2eb305ea91f6baaafb7cc3e032075a0c5221

    SHA512

    beba92ce8c8b3295588ca51c59f13cb992d4294f2116f4e78418fe7154b808b1d6faf5de4e9b8a66c38dde75e1feafe68d42520d8de728c08cbd72e520a4b1d5

    Download Submit
  • memory/912-140-0x0000000000000000-mapping.dmp
    Download
  • memory/2844-138-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-147-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-121-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-122-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-123-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-124-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-125-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-127-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-128-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-129-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-131-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-133-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-134-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-135-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-136-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-137-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-119-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-141-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-142-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-144-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-145-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-120-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-149-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-150-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-151-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-155-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-156-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-157-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-163-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-164-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-165-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-166-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-167-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-168-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-169-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-173-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-117-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-116-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-115-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-176-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-179-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2844-180-0x00007FFEB5100000-0x00007FFEB516B000-memory.dmp
    Filesize

    428KB

    Download