Overview

overview

6

Static

static

URLScan

urlscan

1

https://www.tutorial...

windows7_x64

6

https://www.tutorial...

windows10-2004_x64

6

Resubmissions

16-02-2022 11:01

220216-m4kpbsbfb3 6

15-02-2022 20:37

220215-zeb24shhh7 10

Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    16-02-2022 11:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.tutorialjinni.com/sodinokibi-ransomware-sample-download.html

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://www.tutorialjinni.com/sodinokibi-ransomware-sample-download.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1636
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1636 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:556

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    84e10a83a7de9bc756cc01b9785f3c6a

    SHA1

    5d0f428ca2e394a773a5ea8ebd4491f096571a3e

    SHA256

    817ed5fb51637ac517d2ec70a6d47074f0cec8336337481e756ee719b7f1067f

    SHA512

    63a15cb44e820cabff1018a00f19b9cca2cc352c54aec20ed42acee362cbcdaf2186c0aea01154de80acd5b5b961e3ab36170a91fa85688746352b347c3a7e5f

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\o5rwqiw\imagestore.dat
    MD5

    890556b6472a6122b64affed45203f69

    SHA1

    ac327f77cbac02c704929330d218aee0dfb12bb4

    SHA256

    11d91c1b03bd791e4a9dbeac0e244472370ba384797bcba95abf9379cfc085c3

    SHA512

    eb7402adb71604b1ca9cf5564f5f757ea191c0a483fce5af735ac90ef0a0e0f2cade8a32c538b1ae4e38f97d78bc67348042c691ac8f2c6184703b29dee34fc9

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\SQDFQOIJ.txt
    MD5

    17c606b45c26209015d01ccd971b68d1

    SHA1

    c693994b7b330792c560da0e648b2727c98224e2

    SHA256

    aeb82a9b72881e962f65b5e8b84be5c5a7923be763dc23d63dbfb32bbe89e725

    SHA512

    fc498cb36f4c24891738305d967b4d4060cda1a3579758579bc5297b220cfeb1e5045ae79eb0477a29affdbd08fbf6730277f3d15595ed83f43c1d7a0fb07c66

    Download Submit