Overview

overview

5

Static

static

URLScan

urlscan

https://www.coinbase...

windows10_x64

5

Analysis

  • max time kernel
    125s
  • max time network
    132s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    26-10-2021 06:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.coinbase.com/accounts/9ccc56a7-72f7-59e5-a9de-c92268c0149a/transactions/6fadebe2-51fa-5ecd-ab3f-d5d5293deb02

  • Sample

    211026-ha9zxahgdr

Score
5/10
coinbasephishing

Malware Config

Signatures

  • Detected potential entity reuse from brand coinbase.
    phishingcoinbase
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://www.coinbase.com/accounts/9ccc56a7-72f7-59e5-a9de-c92268c0149a/transactions/6fadebe2-51fa-5ecd-ab3f-d5d5293deb02
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3404
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3404 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:428

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
    MD5

    0bb9633d7cd76baa735473052f61aad0

    SHA1

    99fe3252b0d121c6eaf41471710401ef09d6222b

    SHA256

    565d5fa72ba1dce92a850a73d0e85d05c90542e4e58e897c1ff1245e427641db

    SHA512

    9e5df54ed0e4e27f68b3b74d467946c8fbaf020e97d3b0ed65f5f37d768af26cef7e6f633bed045fe9d6284eb4f09e7b2656e0805ba83c356eabfc0fd726a341

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
    MD5

    ed22ec8992801644d9f922565b633acd

    SHA1

    8dc7142753428b32bb21718268590276fc1412d3

    SHA256

    ac16267d249c51cf194397c6c1f598419da95ce73226688d06bb2e74e69a21a2

    SHA512

    ddb60fcaf7802152fd1bc08c97a1ac9e4c68d8bc5810d779ef49a617039727ff325a47b3ba6fa39a3aa0e6ff993329fe5011dbec91af2cfac2b38a874e97aaa7

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\9D40VNMT.cookie
    MD5

    c8dc13f35ffee2f5fb5a2975c8e2de0e

    SHA1

    b6a4b4e1496a7b7f3d7e8f4f4850af4dc9ff9ce0

    SHA256

    88a5311b1b902f39236725c9ad9dcb5867dc303bc78108e1d576674e874c697f

    SHA512

    a717bd7f5d15a978c7250e9f6da5773099d31b53249ea4cbd5f550ae654527c4fb2b0da182ee36532eaa327d2af0cb05602833eb62f936f2eeedb3e824064f3d

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\HUIROKOG.cookie
    MD5

    6b4340aec83c3acfab8ea30139aee096

    SHA1

    9673ac455e8073b557be209fb504b0a02e828b24

    SHA256

    70afa2ac061947b06bb1d705ff930107d69b05dde86044d9f869bd5f5a772bb9

    SHA512

    a20be0239a821b7a3143fa84a40d23792ad8d51c0375e64eb5c03e04d87432fcd3079c3541c35a86afa80ba87cf4c0923fba00010aafb182f444969e79e83b5a

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\LOGOYTVA.cookie
    MD5

    65a0a756934eb377cf55ca61c978da9a

    SHA1

    a64920d439cfc69277cfb6930c7c84b6475a1054

    SHA256

    08ee73b61930447d15f93ab7c06717a9db00a179e47855295a29ad5a06150d89

    SHA512

    5917def73b8fdfa592ac08d5eb57b15d2bd3a80ccf35415a86324601bb2673412274f6fcfb82a0fc9e443f2d656bc28e64f4a02bbbb9a2d387894905fee5fe98

    Download Submit
  • memory/428-140-0x0000000000000000-mapping.dmp
    Download
  • memory/3404-145-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-150-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-124-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-125-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-127-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-128-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-129-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-131-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-132-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-134-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-136-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-135-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-137-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-138-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-122-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-141-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-142-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-144-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-115-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-147-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-149-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-123-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-151-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-155-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-156-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-157-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-163-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-164-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-165-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-166-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-167-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-168-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-169-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-121-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-171-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-172-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-176-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-179-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-120-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-119-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-117-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3404-116-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download