Overview

overview

8

Static

static

8

URLScan

urlscan

http://links.myittop...

windows10_x64

1

Analysis

  • max time kernel
    120s
  • max time network
    145s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    04-11-2021 20:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://links.myittopics.com/redir/615ae06fa304ff7e69201b6f/eyJjIjoiMTE3YjZiODYzZTFiNDBkYWJkMTJkNzRhMDgyYWZlMzFmZjNlZmRkNyIsInNjIjoiNjE3YTU2YzA4YzQ3NjkwNWIwYzc4ZTNiIiwidSI6IjVkNzY1MzNhMzA2NWQ4NDQ0MTEwYjBkMiJ9/[email protected]&[email protected]

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://links.myittopics.com/redir/615ae06fa304ff7e69201b6f/eyJjIjoiMTE3YjZiODYzZTFiNDBkYWJkMTJkNzRhMDgyYWZlMzFmZjNlZmRkNyIsInNjIjoiNjE3YTU2YzA4YzQ3NjkwNWIwYzc4ZTNiIiwidSI6IjVkNzY1MzNhMzA2NWQ4NDQ0MTEwYjBkMiJ9/[email protected]&[email protected]
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3140
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3140 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1716

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\9EQYNKS8.cookie
    MD5

    6556874b88bb6b356f6ec801f65643d4

    SHA1

    1a3e6347f5f3c03e57ac3cb9eac32d3e44aeb887

    SHA256

    8d992d46bb90b9ad82e29fde5e30b051c52900ff47b603f3e3c8395deeda8210

    SHA512

    ee4bfb434d0da3fa159b2207b7c2a927cf3469127fbdaeff2c960093896a1b35cc2a3fc21481e7ddc958a352186cd8decacc26f3317b173845a9d16eb5487b99

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\TQMA27SR.cookie
    MD5

    9447812071f1aa5d8746badb8741e27d

    SHA1

    fecb71e9d4977c4bb9963be11051e79ce5fd487a

    SHA256

    50bc09c7788fb758209916ee56d8c3f3984f75bfcc381bca358ceb650b740b16

    SHA512

    4b9c9774cc14b1fd0d2cbb55976e47d145a07c10c423e737d176920c5a1f423768cbb80449811f5894df9fc6f1a56efc5b2677e187880fbdc9bc5f41855e8272

    Download Submit
  • memory/1716-140-0x0000000000000000-mapping.dmp
    Download
  • memory/3140-142-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-122-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-121-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-145-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-123-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-124-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-125-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-127-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-128-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-129-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-131-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-132-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-133-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-135-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-136-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-147-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-138-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-119-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-141-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-115-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-117-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-120-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-137-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-149-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-150-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-151-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-155-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-156-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-157-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-163-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-164-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-165-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-166-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-167-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-168-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-169-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-173-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-177-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-174-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-178-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-179-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-144-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3140-116-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download