Overview

overview

5

Static

static

URLScan

urlscan

1

https://campaign-sta...

windows7_x64

1

https://campaign-sta...

windows10-2004_x64

5

Analysis

  • max time kernel
    161s
  • max time network
    168s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    12-05-2022 15:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://campaign-statistics.com/link_click/wRiWTVBH5m_rOaAw/d443a605972ffb67e79d0c4ae8a49f6e

Score
5/10
whatsappphishing

Malware Config

Signatures

  • Detected potential entity reuse from brand whatsapp.
    phishingwhatsapp
  • Modifies Internet Explorer settings 1 TTPs 48 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://campaign-statistics.com/link_click/wRiWTVBH5m_rOaAw/d443a605972ffb67e79d0c4ae8a49f6e
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3968
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3968 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1416
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3968 CREDAT:17414 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:936
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3968 CREDAT:148484 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4312
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:3720

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_E52792650B3F2B5D290136B51796D30D
    Filesize

    471B

    MD5

    499431269ac5818daa8f25403ea4c1a1

    SHA1

    736eb2381275922556ae301795f142d06732ef64

    SHA256

    fd8de187c822d153d0230f3de8903feee93bafeb9b0f6d87b4985b764292a893

    SHA512

    413bb4f91abb2e45fb6683bc3aa9645e75bf959fa1d132447777ce0aaf026112fa5b9a04280c8634f6a17756670fdf8270c1f9829562a462aea028988ff2b349

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
    Filesize

    471B

    MD5

    8cba9ed5a8445ff44ac21fa3b49a1c8c

    SHA1

    1638b7e12aa4cc0fc313d8e8bd2372d15be3515c

    SHA256

    987ef07679503b44c2750318036a6c6c8c99a2552dd1b145ab4c42b0cb985f21

    SHA512

    ee101b388351714df2c6efb3f84078acc63a6b5a1269ba25ade699f9ac0fb29b270853a3b90ff5980b6c013aa4ddaa935919433af93e9fe8238aeec928766012

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_E52792650B3F2B5D290136B51796D30D
    Filesize

    446B

    MD5

    55388ba7dd3eb021a7628131bd803fe5

    SHA1

    3d7c74f8d2691750fc31291690c6e796e9a26903

    SHA256

    a21d614aef6dd556d2e4541f06828ca5791371876d00b3db82a7d09de2a74ea5

    SHA512

    7658f92baac67305ad5d6101eb96f43a082f35855111121249812c3a9ab678bd514b6c9d050da2ad511f4e08bcb6a50b611c583c3e594854e92a81373d1cf481

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
    Filesize

    396B

    MD5

    f9ccbd534fe424efb6fe92cecb4a9659

    SHA1

    14a36b8b1acafb9b8172263cffcef3866f4c31ec

    SHA256

    995e4954304ee5c31ec86deb6fbec859284f47d8d7fce4c9b1d54216dc30803a

    SHA512

    ef04928ecb78b5cbf84cf2f7e34b683d64ff5fe4ac526ab57ae8e95c1e36856a8f913edb738525e496858a2d6406f2e94183b9168917036224fa7c41b386e1fe

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jnqp20o\imagestore.dat
    Filesize

    935B

    MD5

    4df8eb1e66908df12848106e2da957fb

    SHA1

    2e75dfff5eae1f67c01a129c625efa021ea68f4f

    SHA256

    af313591686674fd86e48d45f9a1fc5b4aeea90c00477af1a3aa72b30d0ec2ad

    SHA512

    fe2b5a0f7651e8457cbd33d7da224365f4c8a0cbcf8627f9c11d1bcdfa95b23a0af84075fa59285d97e67df4078f79472f64bf474c27dc059b349172072fc301

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jnqp20o\imagestore.dat
    Filesize

    1KB

    MD5

    9df9837d79ee9e39f41bf9cb6726fd08

    SHA1

    86e447df5ded393da6cef03e92e661fa4dd130d5

    SHA256

    9ab88fcbd8e75458964b04fb3403b4c082afa188469c3892eced76732c9433bc

    SHA512

    8ea047c1767faf2d083cf666a45a229b563d3d1fecc56c23c9a6c3a4e3148169b14118c88b28a8d9a7f59231df0c77700c3310f97c59a398ff4165a07a1808ae

    Download Submit