Overview

overview

8

Static

static

8

URLScan

urlscan

http://index.html#DG...

windows10_x64

1

Analysis

  • max time kernel
    1799s
  • max time network
    1814s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    26-10-2021 19:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://index.html#DGleichauf@gflesch.com

  • Sample

    211026-x49zbsaafl

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://index.html#DGleichauf@gflesch.com
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2824
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2824 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4776

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    1a128aa012c3da294bf2da6c91242b15

    SHA1

    f4bb5960cdc767ed888f5e40b77e3dff161af14d

    SHA256

    4b9003a34c132e257e846b6436c5277db554be9a328581fbb2d37f5ccb01d188

    SHA512

    4742e6ed56cb800f2406073eccb1a70a14b22135a2b4a761aefa8898001cc115595176aae28fe720ac6aac8f48807f76a5ff62f34a222ca6fa7caeda12599b4b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    3fccbb344d4b024a2a7c2ba03306ed26

    SHA1

    6bae963280d646b1a4f68f597ada5fa6c7a984d1

    SHA256

    1e4ecdfd9c6ae93c466a4c5e5d76dd3df5781129738eee598124bd3c3a801009

    SHA512

    4472f3d7cf42943cb291a4dd4fbf484186bfb62a74352df169632b863b57840d774a2abb3a4f4315e1fc52fc8feeee60c66382174007efb96d96190149380d26

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\G6UKMIOQ.cookie
    MD5

    e0ff5bd2e9c21a41cc46e4f90cae6292

    SHA1

    4990567d4e0fa9a8256ad76b7cae7c7deec33a38

    SHA256

    f89e151a1601bab73adb92021d61e8afba858e4d781f1c0c7bf268ba966b821e

    SHA512

    1a8412aa48af9960d563a81fb56a80cf3852f3d879fc40d2cf3a2ecb31d6e5d3449a04ca3014126e894f9a6b3006172ecb809892d0ba50a9166ec451e9b52d81

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\XN1C1O9B.cookie
    MD5

    5116a9c3cd0fbb2f7b0a197c86f35c12

    SHA1

    9af9c08261196207d8775fb775a0b0bb5020a9b2

    SHA256

    ca13b766ce3b6bf8f81523b47394a3360513aa3b24ad2edd9e2e29bab2fb6544

    SHA512

    690aaac63e2c603fc686c4d57abc0c0a58d4453465734e43401eaf1e9560844d2fae4fbe65706bebfff7aabecbe262c950566e123f3cb8aaa5cd5588bebc2a7c

    Download Submit
  • memory/2824-144-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-122-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-117-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-119-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-120-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-121-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-150-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-123-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-124-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-125-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-127-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-149-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-129-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-131-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-132-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-134-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-135-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-136-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-137-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-138-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-147-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-141-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-115-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-145-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-142-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-116-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-128-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-151-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-155-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-156-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-157-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-158-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-160-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-159-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-161-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-162-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-163-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-167-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-168-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-171-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-172-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-173-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-174-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-175-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-176-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-177-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-180-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2824-182-0x00007FFB83920000-0x00007FFB8398B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4776-140-0x0000000000000000-mapping.dmp
    Download