Overview

overview

1

Static

static

URLScan

urlscan

http://Github.com/pi...

windows7_x64

1

http://Github.com/pi...

windows10_x64

1

http://Github.com/pi...

windows10-2004_x64

1

http://Github.com/pi...

windows11_x64

http://Github.com/pi...

android_x64

1

http://Github.com/pi...

android_x64

1

http://Github.com/pi...

android_x86

1

http://Github.com/pi...

macos_amd64

1

http://Github.com/pi...

linux_armhf

http://Github.com/pi...

linux_mips

http://Github.com/pi...

linux_mipsel

http://Github.com/pi...

linux_amd64

Analysis

  • max time kernel
    1737s
  • max time network
    1630s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    05-07-2022 10:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://Github.com/pixiedustattack

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://Github.com/pixiedustattack
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:548
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:548 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2000

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f3969152fcfaaebecd235595536b5f2d

    SHA1

    fe69f6e564c5b8dd3798398537c82f807b024d22

    SHA256

    54aa11f526556186e00808122d8bf36566605ded6af203a96c6565bc78ae6366

    SHA512

    6c6f6da7fc1e1014caf8b50f28055e0b97d871fa6c197fcc5896731a75cfb6c5ce9a641bcbe7b03a15e169e17a47a0522f093ba64f2aa3e4e5e98371caf66720

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\YLASMNSM.txt
    Filesize

    607B

    MD5

    57d159fbb04516c0e4b095d8d4cd7727

    SHA1

    82d53778e236ea5a95bfd52feb4ce8abacdc2f01

    SHA256

    5351b143dd48b777acddd716b26c3009a2b7bd56a48d21edae7dd1ca25dbe86f

    SHA512

    7365dc97f2f6929d96b4bbe94ded9ead097b00dae55a19335731e5399e87a835475102727bb597bf130f6486abff85329ed38fd6d81ec3dfeecd28bb13091d8f

    Download Submit