Overview

overview

5

Static

static

URLScan

urlscan

1

https://microsoftedg...

windows7_x64

1

https://microsoftedg...

windows10-2004_x64

5

Resubmissions

19-05-2022 07:24

220519-h8elnafcgj 1

19-05-2022 07:14

220519-h26rkaccc8 5

Analysis

  • max time kernel
    138s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    19-05-2022 07:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak?hl=de-DE

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak?hl=de-DE
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1488
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1488 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1992
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1488 CREDAT:668688 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:392

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
    Filesize

    1KB

    MD5

    60b3ecc11d722d74de4c9a3df9d556b4

    SHA1

    7c06f819e90a777bd7969c534ff2e796b07f1bfd

    SHA256

    30f4bee4ab4756c731ea2df39a68452ae05b280c16e2bf8d4dba5b575a223003

    SHA512

    783868202eca1d3d69ddf2bff5ee8fd1118d9ef3bc2b99d83bc567f2051c5a47e8f19e31f2ef81fa6f691bfdffde6d0ae98d67d97d22c97295f1e302005fdb3c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    60KB

    MD5

    b9f21d8db36e88831e5352bb82c438b3

    SHA1

    4a3c330954f9f65a2f5fd7e55800e46ce228a3e2

    SHA256

    998e0209690a48ed33b79af30fc13851e3e3416bed97e3679b6030c10cab361e

    SHA512

    d4a2ac7c14227fbaf8b532398fb69053f0a0d913273f6917027c8cadbba80113fdbec20c2a7eb31b7bb57c99f9fdeccf8576be5f39346d8b564fc72fb1699476

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
    Filesize

    404B

    MD5

    731f1068f224acc7280fe93a80284df8

    SHA1

    5c958de69c0b4916ac8cbc2b471aedf1ea1bc068

    SHA256

    3d92556fba9a3c56a7336f853b97a4cee60b4ff5a9507aa8316818b6cd083908

    SHA512

    20905152e1845269cba7dd27e943158c297a587e8db2fbf8dd2fe4b8a870daeb5dc5765624a460131c783a2ab65deb29e27001a6d5af85080daaa1245655cd55

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    68c74e21c0d5e2ac93bffc5fa1930d15

    SHA1

    c21b63040d279ee2eaaabc5c8ac6857818a044f6

    SHA256

    5c3982d8ede08c7571b288848daedcaaee7b99b45dd44e6aaf98c2044a4bbfbd

    SHA512

    275ad167996b00ac8cc0f8f0cee33669cb9586c03030fa34bd9552dc1c45d4cd30610af90649c79ab2fac43ccbd8842e8cf06433a29f29485e1ade4c809149cf

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ezmz917\imagestore.dat
    Filesize

    12KB

    MD5

    d5a24b9ba2f519fd8c67a3f7e52814d9

    SHA1

    97d931a721ff41e9e90e85862f45f96eb772b5ee

    SHA256

    380690171331df8c962386cae4a6c23ba7df148a2d0d90596684a6a39f9cbb45

    SHA512

    dcbfe632e62823437a6a7d71bfe6505b976f4514a23583972d78afc9b2a83d8524a0a786329ad824bab5837c8464f8f07d1efb241a92cace2541c088728b2294

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ezmz917\imagestore.dat
    Filesize

    12KB

    MD5

    d5a24b9ba2f519fd8c67a3f7e52814d9

    SHA1

    97d931a721ff41e9e90e85862f45f96eb772b5ee

    SHA256

    380690171331df8c962386cae4a6c23ba7df148a2d0d90596684a6a39f9cbb45

    SHA512

    dcbfe632e62823437a6a7d71bfe6505b976f4514a23583972d78afc9b2a83d8524a0a786329ad824bab5837c8464f8f07d1efb241a92cace2541c088728b2294

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ezmz917\imagestore.dat
    Filesize

    15KB

    MD5

    2fa358a084b9c5558c91d269166f6a38

    SHA1

    86eb1cb9eed13da28282fd2e03579015a49a62eb

    SHA256

    54ede9fc9c349c5ee7011a73ad598caeba29b78d1ff2c17595b69237ac4201cb

    SHA512

    d1650a9e518e4b5c2a2634538b496f40088d4edd76046f2180fa6d7cdf56fa789aa9e2b7c43a94e4a3e80e4f0d6d2311f311f15d7ad2f0d357f6435be1bfc08a

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\BUUQ5FRE.txt
    Filesize

    409B

    MD5

    4f7c83e4a89e70ef8f22e6f445106b42

    SHA1

    a6317ef9ddc8fca49b5f340624a2ca854831116c

    SHA256

    1f1fad1f0aae37baf9be22c32005b6d181a2c6ea95925b468b1c4ecd8b65f5e6

    SHA512

    38ee7062add349b895c05932d546bb57ea053e49d04f3171b473e7922364382d63147ad3f6fd224e83a6faa900a5a2697599d0e3c831a86f6e03d09bfb9327f2

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\DHDXA354.txt
    Filesize

    1022B

    MD5

    644ab4e617a3047c1409c7398a0bd93b

    SHA1

    39f1387677b02de56091f7ee03b98d7f994b5169

    SHA256

    e81111f82b446f6390b807a256ed6022b03da3a0c99c8f1a4dc5055e8c959102

    SHA512

    5ba95d2826f2dfe902b61d0a73842943141c5e54c31e8756fe114abc63497e50e1e945de1f80aeca178213bd42238e1f0742b3e3b2fb69b001cff562563ee3a6

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\H4GP1C5S.txt
    Filesize

    606B

    MD5

    ede29faccf15398aca233b91c7d74c4c

    SHA1

    547478bac0f2ff7c0311ba7c98562ffec4a8cab0

    SHA256

    fa696e52efe3bb3dd8b57a127e0b3e8af9087154baf67cf16b03be00d8c63d1d

    SHA512

    8bf47ff701408187377ab2177c87d85073cfbf97d9254c99c52a1991c5fcd1330e2bbef97f74fd8b55d4a70811e67aa161d48630491c97e3f61689f0fca5bf6e

    Download Submit