Overview

overview

5

Static

static

URLScan

urlscan

1

https://view.email2....

windows7-x64

5

https://view.email2....

windows10-2004-x64

1

Analysis

  • max time kernel
    29s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20220715-en
  • resource tags

    arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
  • submitted
    05-08-2022 15:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://view.email2.office.com/?qs=742b7d34dcccc2ad81a02a1c36b240bda4489cc5f542a350b73cc0825902b819e805115a28b99d7015dce419f772588ab148be72e5bf950a1288a007a2620efee873837b8104670bc4712e3919244161

Score
5/10
microsoftphishing

Malware Config

Signatures

  • Detected potential entity reuse from brand microsoft.
    phishingmicrosoft
  • Modifies Internet Explorer settings 1 TTPs 45 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://view.email2.office.com/?qs=742b7d34dcccc2ad81a02a1c36b240bda4489cc5f542a350b73cc0825902b819e805115a28b99d7015dce419f772588ab148be72e5bf950a1288a007a2620efee873837b8104670bc4712e3919244161
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:288
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:288 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1496
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:288 CREDAT:209933 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1964
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0xc8
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1220

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
    Filesize

    1KB

    MD5

    607c58f70686ac2fd8494b158ed7e32a

    SHA1

    3457e533dfc0acb0fba69dfb49d132399524c68d

    SHA256

    675c4adafca2f070cc3173f560577170045e240dbf596408b3a5de2b8ab132af

    SHA512

    c33f4e767d8867b841090a6cc9147eb23e44c8e850c1ef0d29eb0fc711983545ec3279b52a4b22bb1c17ef320ac398764cab71f3950dd4f884b5fad8acad0c0e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8A07532D6AAE6A04052D31515DB38D1D_2C59668D30D7B0A18568171EC9A8EA21
    Filesize

    1KB

    MD5

    c7b8391e082198f29bb4240aeb65a4e7

    SHA1

    f2d7e425ed7f5e74af8549cff56a786d5ee338b2

    SHA256

    5fa0df3fd555994274820dba02603c0a59bc39dbe88f24b74c8bc0d830f6efc1

    SHA512

    714e6370d00dfbd475093a23c162f2d9a811a510c55ff1cbca35f9042c0d2c936afd608fe094f79bb8d959c79879302b9c615974f503ca29e0cff920e41e1d16

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
    Filesize

    404B

    MD5

    25dc4cfc883591a935571827554bab29

    SHA1

    efdc85c0b874fab8ab3c422f3ab29c84186a67a5

    SHA256

    ec01b58bc64e9381cc9016022b8a12c7f5632c4cb1c29799bf0c5968e83f3f2d

    SHA512

    f50f3fa20efec449a41b7002b03e0bb5285fa5fd328e5b845d0c4f710393300c94453e272d6c1ddb7ea7f4714e2a1f82dd1e2017c965f3b2986df5199acc5789

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8A07532D6AAE6A04052D31515DB38D1D_2C59668D30D7B0A18568171EC9A8EA21
    Filesize

    494B

    MD5

    dd1db910ece3eb8fc10183f345a7cfff

    SHA1

    e42564877b67b32286092e24f6b71daed8745475

    SHA256

    20d6d0a3b21003eb31b8f48003d026a29e03e95f99a07450943c712ed79575e6

    SHA512

    f76e2b3e8619428a78c4354a2fd8c27ce229e29ef2d7db05c484f033ed4f89cb865933486f01154279f245bb0148779db5b6e64686c1e393f6c91d8935c0338a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    7bde6ae0a148ff38ff10eec33e0efc3d

    SHA1

    c0a7946b7d160faa54044771de83ef74bb7e306c

    SHA256

    51f27265e564edf5f7fbd8f6de3505fa77890faf1ddf5704e2e5195a5d7ded62

    SHA512

    3ddad00326e36f367891e3f20d365573327262108616e2cb02e315e2de05154bc3b0a9585a68d70bb3a7074c837457bef2e1e89e63ee741bbd3c91e0b3743028

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\lvx0ibj\imagestore.dat
    Filesize

    21KB

    MD5

    09367c3746a12ad5a28297783ab3db13

    SHA1

    c7b1f2307c09f9a0c5f496fbb834bd8228b62cab

    SHA256

    1679be88e71bf324bd76f3500310bd54c07e9c4ca07513ed250ec9c3ea6410df

    SHA512

    b04f716be6b56a6ca538b78b641558ba0d846a9c92b01de750c4c23de910c1e866a49bbe6de1bd165006e97fee7977c6bd6549e330ad1e3a1ce3b301d6a815c3

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\8NY8F8A3.txt
    Filesize

    509B

    MD5

    7261494e48f99cfe270403bf3621a56c

    SHA1

    2b45d1d5a78939c402948820e26b3eeb1add0205

    SHA256

    5b7ad4429de2c71aa0bb4bade2cf35bdc282820b43c721f430419f7d93fc6a1c

    SHA512

    2a0b902f4fc6e42a8a4afebf9344a265961229c0fa003ee5a898795517d75c846f91cde8ebfe59702b27ed6b421110ff1f9ec272185facada0fd78d5064a0e76

    Download Submit