Overview

overview

1

Static

static

URLScan

urlscan

https://alert-dg01.r...

windows7-x64

1

https://alert-dg01.r...

windows10-2004-x64

1

Analysis

  • max time kernel
    135s
  • max time network
    165s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-10-2022 22:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://alert-dg01.redatatech.com/onprem_security_warning_fetch?r=0&dep=pnyLPnYR%2Fig6X1Y4KwwVyg%3D%3DNUnMrbcJcpoYMDmoD0fPEmuCtpQqRxgIal0jr6DHuT1oMV4wET6UcR%2FHPXHW3VzRcXFhRNBciNGwjdlysDoPJ5Du4Srx568JHH8ysdvID8bEd%2BHLu0gBGr4dsIpGatUvlfsh3ljriRf0R9ZPv47R465obAYpby3XDrg7xroROvjxnD83XQ6eT660JA%2FiWqGPAZyZ6gm7wUS1kqgH3hnx0wUDCK03FWLe0gMJCNtGNOB0EyliTzkW8I0yk0ONWIhxCtBRyiA5PI4qp6STmkOYzL7fy3uFL%2BslgeVKKB8dXkHRFEpECIcl2BCjTH5rILFYEMcFVTFred3SsyXOrCiM3%2BdZq1XjIl33y3%2F8J0jf2drds6rNi1FG%2FRGsWzqT5dgwVp12D65uPanpoZtTyQOWAPX3xR87jrDxclLQwYAPRO1Wx6AqijIgeprGjzRKUZT%2BWrMdZ98gGcPOMgZvnSsmjwCzDiFm1cLDpSyixPSuE7M%3D

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://alert-dg01.redatatech.com/onprem_security_warning_fetch?r=0&dep=pnyLPnYR%2Fig6X1Y4KwwVyg%3D%3DNUnMrbcJcpoYMDmoD0fPEmuCtpQqRxgIal0jr6DHuT1oMV4wET6UcR%2FHPXHW3VzRcXFhRNBciNGwjdlysDoPJ5Du4Srx568JHH8ysdvID8bEd%2BHLu0gBGr4dsIpGatUvlfsh3ljriRf0R9ZPv47R465obAYpby3XDrg7xroROvjxnD83XQ6eT660JA%2FiWqGPAZyZ6gm7wUS1kqgH3hnx0wUDCK03FWLe0gMJCNtGNOB0EyliTzkW8I0yk0ONWIhxCtBRyiA5PI4qp6STmkOYzL7fy3uFL%2BslgeVKKB8dXkHRFEpECIcl2BCjTH5rILFYEMcFVTFred3SsyXOrCiM3%2BdZq1XjIl33y3%2F8J0jf2drds6rNi1FG%2FRGsWzqT5dgwVp12D65uPanpoZtTyQOWAPX3xR87jrDxclLQwYAPRO1Wx6AqijIgeprGjzRKUZT%2BWrMdZ98gGcPOMgZvnSsmjwCzDiFm1cLDpSyixPSuE7M%3D
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1716
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1716 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1804

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    046bedf3b97e782edc5343dc24a1c485

    SHA1

    ebad04906d01fdb00719463e729f201a043433ae

    SHA256

    4bb13178dccf62921053ef1b62f9bdb994dfd0520741873a60ac2c1484df78ca

    SHA512

    18203014488892166d7c331f8239c1c030fd9831b8040d51b3fdf3d887f867380ff639ccac26e8751b7b13d1dc83e2931f96019783695e7a93c4348046c9fabf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    f79ba658783360e6d7a45a4aa073be08

    SHA1

    b5039aa4c0ad2d963426c72d71f164842b5ce759

    SHA256

    1b07b48d764a02ddcf55e59b3e1a113fa42808e9914f25ae580490892af26e1b

    SHA512

    b52bc60ede888a007895cf6955721dbd028d2ca6a999ba52e311063b6ea1c71e7d456a0136b25269d461a82b57826b1df38b7ad095e623fb5e21a1938176be11

    Download Submit