Overview

overview

10

Static

static

URLScan

urlscan

https://nawa-store.c...

windows7_x64

6

https://nawa-store.c...

windows7_x64

1

https://nawa-store.c...

windows7_x64

6

https://nawa-store.c...

windows11_x64

8

https://nawa-store.c...

windows10_x64

10

https://nawa-store.c...

windows10_x64

10

https://nawa-store.c...

windows10_x64

10

Analysis

  • max time kernel
    119s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-en-20211014
  • submitted
    01-12-2021 00:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://nawa-store.com/shopinside

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://nawa-store.com/shopinside
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1120
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1120 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1228
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1120 CREDAT:340994 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:916
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1120 CREDAT:209934 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1740

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    MD5

    acaeda60c79c6bcac925eeb3653f45e0

    SHA1

    2aaae490bcdaccc6172240ff1697753b37ac5578

    SHA256

    6b0ceccf0103afd89844761417c1d23acc41f8aebf3b7230765209b61eee5658

    SHA512

    feaa6e7ed7dda1583739b3e531ab5c562a222ee6ecd042690ae7dcff966717c6e968469a7797265a11f6e899479ae0f3031e8cf5bebe1492d5205e9c59690900

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    52f7f4f8c013d375f9a7d7eaa99fe8ee

    SHA1

    054f1dba3421e4ce93d4a2d138d22f33a54b5e5f

    SHA256

    8c12f30f3c64d9ecd295691efa4be0dcae86f85e314f59f11634be1bd98702fb

    SHA512

    49780a58f23e28ed0ab4e79dde961a15aafecc09aa3a978a156bad511721a167a7b504948eabd522b39d3107394f1872bc84f7fe69a287376306de7d55e2a8c3

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RHI8KPQK\SSWU79U1.htm
    MD5

    4795408722c856d480dcf76c8d5f6e37

    SHA1

    12d512f5b3b0ed22bbb0509b3458fcee5254ed39

    SHA256

    91556f3bfb4af6a4bf310b42d9967a52cbe1992b4f0536df63e60563c6db4875

    SHA512

    1f2c566107080047fb2a88fe9bc53567ed7dbf1f47d8105e854fe994227a756a346a3b46e8bcce4f561ce93bfedd8b9acb8e3ff518b5cc9b027f073cc03f3c88

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\586YT70K.txt
    MD5

    4a98eb703c391adc5c8261006064cfe0

    SHA1

    1e56c06a26884efcde7514b2ab3d7f233959587f

    SHA256

    6c610bdd41e44d1aade9955aa81ecaa9e240ddde00970df0510a85cdf01ce13b

    SHA512

    bca058da375fd25d3f4e1faa246f14a05116d84f6719ed6f790046809a88553fe4ea72341b69c5e23943267aff3d268c33def05f002f5f6a882abfd22b79d7e1

    Download Submit
  • memory/916-57-0x0000000000000000-mapping.dmp
    Download
  • memory/1120-55-0x000007FEFC1F1000-0x000007FEFC1F3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1228-56-0x0000000000000000-mapping.dmp
    Download
  • memory/1740-58-0x0000000000000000-mapping.dmp
    Download