Overview

overview

10

Static

static

8

URLScan

urlscan

10

https://hak9.conohaw...

windows10_x64

1

Analysis

  • max time kernel
    132s
  • max time network
    134s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    15-11-2021 09:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://hak9.conohawing.com/ruftcborglee/[email protected]
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3136
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3136 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:316

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_005284E085E122BD76B51F33745F7753
    MD5

    46bb6e0f3926472382bf09407b67a135

    SHA1

    c02ef6e1bb2e1277f41df0be0fb6053e11d05b67

    SHA256

    9ea6cb36322d74e3adc19e710f1cde733107f4b66e8242d80e6170b27c5adc6f

    SHA512

    0eb964995fac8404e45adf2ab6e03e4f5ebcd21c046c36e6726ef068b37b3d509226ac282db8ac351192023b3905d726848d764bf3ed88fb90394446eccd3a70

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DD76941B08ECB69B450D4C1AE579DB94_70896B4F983D1580523FE22DA2957981
    MD5

    602ed80970b91e164044742f5dc32eab

    SHA1

    d99de4b789b53402f150873041ea601d29ef1beb

    SHA256

    8993302957bb2001958ce316e86049237ed0805ee4233a44cf37b7b443ebf7d6

    SHA512

    8d8a782682db444683438edb4d5a32a99bf480eedb769e9d069226350af7fefafb668a5affc07466c426be7aa8bff84b63f9dc57bd69ddd6a588a373a347bbf7

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_005284E085E122BD76B51F33745F7753
    MD5

    bcbb301ae5fd820ebed66020f22086b5

    SHA1

    8ba6dcdd44edf31e1f8db362c4b6b0312aa6009e

    SHA256

    59e68f1f0000e49f63f973589bd0f5f55dce30353c1d67b102bf1d9d9d57ac90

    SHA512

    43f1af73e577c2512cc6ac619254c3883149a5548dd2360ffc825052d4a2b4cf99d3ddaf140d2226f2c278cc0c7cccbfcf1ddc9c2d05a739cbb7cd83733fc0d4

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DD76941B08ECB69B450D4C1AE579DB94_70896B4F983D1580523FE22DA2957981
    MD5

    63557421f8487098b9c92e7ec91b68d4

    SHA1

    9909db1560e4b22eef7c0ad831d131a03cc8e385

    SHA256

    5aa464645640e98a583a27d45cc30513561d41e5f0e9ec221a1c2a5b7a702157

    SHA512

    39e0974c2df3ed5654c43cce07ba4bf1723430cf528af736f2bf7689e05b574d6e5ffbb03cca30779ac845cf51c01e1ff12f8bd9e1fdb4a60416889c8d370f11

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\I6PSEZ51.cookie
    MD5

    62c7923d29287174dfb9d3ca85f59979

    SHA1

    694449f2c1d90f496c9f3203e2df4834c7db7a0c

    SHA256

    3bb03c2dbde3476e4505de9d6bdd6bac207d4c5fc7e7cb931d7f39e403175134

    SHA512

    f44b72accdb2cb3091731a2176894f84087e47579fb62d8a5cf026089ca70e9d219ec41122d1b5272172a384f063d1c713bda059d5676d82f2bd0387e380348f

    Download Submit
  • memory/316-140-0x0000000000000000-mapping.dmp
    Download
  • memory/3136-145-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-150-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-124-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-125-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-127-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-129-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-128-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-131-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-132-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-133-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-135-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-136-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-137-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-138-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-122-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-141-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-142-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-144-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-115-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-147-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-149-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-123-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-151-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-155-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-156-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-157-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-163-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-164-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-165-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-166-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-167-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-168-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-169-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-173-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-175-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-178-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-179-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-121-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-120-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-119-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-117-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3136-116-0x00007FFB28450000-0x00007FFB284BB000-memory.dmp
    Filesize

    428KB

    Download