Overview

overview

8

Static

static

8

URLScan

urlscan

https://determined-m...

windows10_x64

1

Analysis

  • max time kernel
    129s
  • max time network
    157s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    25-10-2021 15:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://determined-merkle.178-128-198-133.plesk.page/124/csc/?email=user@domain.com.ph

  • Sample

    211025-sh4szahbgr

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://determined-merkle.178-128-198-133.plesk.page/124/csc/?email=user@domain.com.ph
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3048
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3944

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    e630c11543a0c1cdb641c29134f90306

    SHA1

    de6f14b6eafe2525e2262fcd11e3ec72cc35aaee

    SHA256

    01ce91b38c5f6f73d99a3dafcf47484265fe784983130196a2a00b92ead1ccde

    SHA512

    80ed41c9efe8e66aa3efe2946e44c224cd9c363e2187f549ee8a8e75809a6dd6ee7b7a1811ad9fce26b2479b032fd4c45d06c473f310384e30cd4998e0c01b91

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    ccb891f2e4ed3b343b05e770faaa65f7

    SHA1

    dafa056fd62bb531d9b65886419a2b96faf17f06

    SHA256

    a431a84e33172fb9b6f7452516b565f6f751a76f7ddcba2e7af18affd00a9fb0

    SHA512

    6cd9965a2560b8f5b8c66b35afc46f7fa87d2992c4f1e512217513eda088d0f738cd87171ea939505986c3606706d762c3178cdbb12add95ea95a26b2e8cf7e1

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\HBPS4WXS\favicons[1].png
    MD5

    3ca64f83fdcf25135d87e08af65e68c9

    SHA1

    b82d0979d555bd137b33c15021129e06cbeea59a

    SHA256

    2e30ff33270fd8687b0eb4d12652bfd967f23975f158bf8da93bece2ba4ab947

    SHA512

    7675a8c4e6146e62dda019340ef95e477aa3d14364b5a773114ea1110c38233f5d8d9b08f6c83bf7664b33695aac7254b25d727a15ea6a9ded2ec9d1ea07dc0e

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\IQWJNSZR.cookie
    MD5

    4e35683a55c03bdb8966529de4f92646

    SHA1

    b82c3c25ccb07c415893075020cb52d680315a5c

    SHA256

    563fc1e2eeac0b51ff46ac5f0e79a6870595badb2cc1843c22f4ac1baf08843d

    SHA512

    1d9ed15869afadbd598e2dde9f6b6fdeea3f579819e54e79749f93f3960c5764a4fb116dea07c7fd49bc2fbe5660a263cbd68cfbd7b9a0427ca395aea843d766

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\K3BRQ1IB.cookie
    MD5

    78c64e85137c810866c9ca8774f65146

    SHA1

    e46016e6fe5a9b225ebe7dbc6eb92abb2728e4ad

    SHA256

    9ed881fb70091a6942d328b79d66dfe89fc55df58568e2478de8964a725097cb

    SHA512

    a10d9ccb589734840705c8b8558d4b036bca2ac5415d3089d5202322365debea1e13d02541770c951bf3474af6c66f2353c7bfe5cfcca118619971060f37310f

    Download Submit
  • memory/3048-167-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-124-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-122-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-149-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-125-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-127-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-128-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-129-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-131-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-132-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-147-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-136-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-150-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-137-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-138-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-141-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-142-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-144-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-145-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-116-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-134-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-123-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-135-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-151-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-155-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-156-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-157-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-163-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-164-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-165-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-166-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-115-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-168-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-121-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-170-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-174-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-175-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-178-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-179-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-180-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-120-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-119-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-117-0x00007FFEC8750000-0x00007FFEC87BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3944-140-0x0000000000000000-mapping.dmp
    Download