Overview

overview

5

Static

static

URLScan

urlscan

https://nt.embluemai...

windows10_x64

5

Analysis

  • max time kernel
    122s
  • max time network
    137s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    08-11-2021 07:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://nt.embluemail.com/p/cl?data=8d9cg%2BSyaNP%2FaRwH0uUoq0p%2FUOMcKb%2FlnNafQmcO2U7h7k790gBhUSpjU2Cc5aJ%2BJL%2F8Q9Qe0SwNUiD20GnvLai5u9vMEKGwxhAyvrDtC4s%3D%21-%217j6gn%3A%21-%21https%3A%2F%2Fwetllands.org%2Fi%2FamFtZXMuYXNod29ydGhAcmFib2JhbmsuY29t

Score
5/10
microsoftphishing

Malware Config

Signatures

  • Detected potential entity reuse from brand microsoft.
    phishingmicrosoft
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://nt.embluemail.com/p/cl?data=8d9cg%2BSyaNP%2FaRwH0uUoq0p%2FUOMcKb%2FlnNafQmcO2U7h7k790gBhUSpjU2Cc5aJ%2BJL%2F8Q9Qe0SwNUiD20GnvLai5u9vMEKGwxhAyvrDtC4s%3D%21-%217j6gn%3A%21-%21https%3A%2F%2Fwetllands.org%2Fi%2FamFtZXMuYXNod29ydGhAcmFib2JhbmsuY29t
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2720
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2720 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3960

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
    MD5

    54e9306f95f32e50ccd58af19753d929

    SHA1

    eab9457321f34d4dcf7d4a0ac83edc9131bf7c57

    SHA256

    45f94dceb18a8f738a26da09ce4558995a4fe02b971882e8116fc9b59813bb72

    SHA512

    8711a4d866f21cdf4d4e6131ec4cfaf6821d0d22b90946be8b5a09ab868af0270a89bc326f03b858f0361a83c11a1531b894dfd1945e4812ba429a7558791f4f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5F9ACEAA0635610A452E366DB4EF30F0
    MD5

    63f7aff352f7689a856c243fa50bb8f7

    SHA1

    3bebd5d81f50525d3c25d1d3fb89990108631518

    SHA256

    6698420aaf00d8791b8863b15b0fd8b8f242074577d4f7801533aa7e4ad6bb3c

    SHA512

    185d9a09e03da9f36b38443c31c6517223369c92a08526390ddd5534363d23f044f8d456e31a3db7ce77befa643130fda390685aa7e77ec007ecd63ec4986d0c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
    MD5

    f462e6c7abd8d54d9e1c93b3db0edcd0

    SHA1

    33f99a6904e94d90dea7142778a9a5f21a6e2f79

    SHA256

    6d4e8ecd1e255dfd4d866c0d08dfdd863ae01da97a5ba885fa848213b54aa12e

    SHA512

    caa9482ea71d798896a0a829c69672e0883534a889237f5ca9f8044ff153e15a97f396fb1adb89068d3b16954842d3e6187033a85390ca9bbb3d98af06f4f775

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5F9ACEAA0635610A452E366DB4EF30F0
    MD5

    11d4dca002ec339dc5233e6ac391328d

    SHA1

    edc472dd5eb94c21654c8974a6f24fc277237ee0

    SHA256

    0961b70a7794e869633cc11182299144cd7e03ba015c7bf9d57acedd48cb1ac1

    SHA512

    20b3efb59a894706176d0c8dd139c55f0e50d3b382270d917d67118ceda26f56dbe3f7c2af51f415069ce2cb89cd6794ccfffb85c10cfab8a37cdac9213effce

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\E7Z8D09K.cookie
    MD5

    bd1370604ef5078bb1929e80de430bc5

    SHA1

    61fa03b840f4c4503822933706cf840288db83b8

    SHA256

    8f3afc0c8dac33344cf3ba93a8dad30d8c198ed4907f63dcbdcb8b8f6651e472

    SHA512

    b9452a02b544324ba4fc55c0930c2c65ff9f38853107c0f479ebc8598eb89f38629cf26f5454a363f0d80db7a1822864c7f471ee8751a000cdbbfe6160c7e85a

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\JS1S8A7V.cookie
    MD5

    b2930ae706ea0f7c0bef07e171374237

    SHA1

    81ab8d413b2d692008895cc5b5782bb1b7f31f6f

    SHA256

    01bb47f6e0792d332e08d477dff49e5db92cf51372fde75c08fd1182f1fbcd12

    SHA512

    8c0057df9965ee075083fcd9856c2be8f9a9d6f8a2084a576ccd74e2d493e067cd60c214dd6878b6ce0333862b7ba022832940e7511aace36d671d38f3925fe9

    Download Submit
  • memory/2720-145-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-150-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-124-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-125-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-127-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-129-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-128-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-131-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-132-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-133-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-136-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-135-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-137-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-138-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-116-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-141-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-142-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-144-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-115-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-147-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-149-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-123-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-151-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-155-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-156-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-157-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-163-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-164-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-165-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-166-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-167-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-168-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-169-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-173-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-175-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-178-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-179-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-122-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-121-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-120-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-119-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/2720-117-0x00007FF82D740000-0x00007FF82D7AB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3960-140-0x0000000000000000-mapping.dmp
    Download