Analysis

  • max time kernel
    73s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    20-05-2022 19:45

General

  • Target

    https://s3.eu-central-1.amazonaws.com/mailingservices.documentaribvall/securedpaymentportal.html#justin.jelincic@kp.org#anVzdGluLmplbGluY2ljQGtwLm9yZw==

Malware Config

Signatures

  • Detected microsoft outlook phishing page
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://s3.eu-central-1.amazonaws.com/mailingservices.documentaribvall/securedpaymentportal.html#justin.jelincic@kp.org#anVzdGluLmplbGluY2ljQGtwLm9yZw==
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1292
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1292 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3396

Network

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    fa526918a211e850a6078fb1d00b2045

    SHA1

    75bad6b9476e0655e6a2947a682e81df689682f3

    SHA256

    396b94c667643afa59d155ef4d812da6f4d67dd50cec97194e1ca3a1b3ece3fe

    SHA512

    27a3e00ba0e478d8a79cbbd134ef7beaff7fde2fc57aecfaf022806af41c2a85183fda3e1abc2dec38d27a7f22960db3549721b8d821ea659a5592b430de1ed6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    28157743b6c253cb2ad103b1eb93f24c

    SHA1

    579af91f5766c892df28d68ce9895afa030d7fdb

    SHA256

    3d8f040c4831bb7f24829c99b3c8d0305e4cf3ccd4acd288ebe840071fea2693

    SHA512

    21ef4c25ec26d1b37176792af74c793cb689fb54caf59c1fe9353339f1a1709e83962da1b70053c0cdd1475291d47d5e0b99eed076c337788d590f04ff6433df