Overview

overview

5

Static

static

URLScan

urlscan

1

https://account.acti...

windows7-x64

5

https://account.acti...

windows10-2004-x64

5

Analysis

  • max time kernel
    101s
  • max time network
    161s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03-10-2022 13:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://account.activedirectory.windowsazure.com/Group/RenewGroup?tenantId=d5b43ab2-065e-4daf-ba23-3348690b5b3a&id=291f34ba-d727-433e-97b5-f1fbf960f25d

Score
5/10
microsoftphishing

Malware Config

Signatures

  • Detected potential entity reuse from brand microsoft.
    phishingmicrosoft
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://account.activedirectory.windowsazure.com/Group/RenewGroup?tenantId=d5b43ab2-065e-4daf-ba23-3348690b5b3a&id=291f34ba-d727-433e-97b5-f1fbf960f25d
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1584
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1584 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2020

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    60KB

    MD5

    d15aaa7c9be910a9898260767e2490e1

    SHA1

    2090c53f8d9fc3fbdbafd3a1e4dc25520eb74388

    SHA256

    f8ebaaf487cba0c81a17c8cd680bdd2dd8e90d2114ecc54844cffc0cc647848e

    SHA512

    7e1c1a683914b961b5cc2fe5e4ae288b60bab43bfaa21ce4972772aa0589615c19f57e672e1d93e50a7ed7b76fbd2f1b421089dcaed277120b93f8e91b18af94

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    16f1c7e91971ee4e872d3bcc972782fc

    SHA1

    932798ccb7bbd91c92366009d87c76856bd6f84b

    SHA256

    9f654351fc7272a2d205a375ee3b32b239964e700cf30d2bd59fd109b4486a43

    SHA512

    d317f146366ab6de798229d59d62b4a77f7d0340843c01547b3b8201012c49ffa6738a277d572abd30729d2effdd140c0aca1f1c16691d8e8632ada96912f3fc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    6b5e9db3814a5ec9830dbf9a1c98eaf7

    SHA1

    8158762f3b7c4e48267dcd67ba734f691f47226e

    SHA256

    a188afca063263516a91cc86c0c1693b721020a191a2a5ae7f389d2a9cb293d7

    SHA512

    1e93488ddcbe4a7fdcff0d7c9c3ffa847fc317a801950ca04314b32fa2b83e516e7edd2578a72dbe7af5313ffdc105d9571ef315f8507ba0278ee48369074734

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1evexod\imagestore.dat
    Filesize

    22KB

    MD5

    01d0c0a03dac39f8da751eccfb14e613

    SHA1

    4f9b19f250de4b16a5e32a573923cd8ffa3014ba

    SHA256

    7d4a1c0085a8dde74d2d1ad06592e79f1f51a2cd037581fad03bb997b4597733

    SHA512

    69345bb300739043e48e4a68d7c05d305977ce467f985d9041aba4e5bd7d85c98424dd367a49d846ce7186fb89eb0d95c6473e6a86cfb11a4288224585d6f9ee

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\L3A3ZK3S.txt
    Filesize

    606B

    MD5

    3116cd3973ccb4820c7ecfbe192b6ec6

    SHA1

    723684d27b0d3a8c50e1f05d56fe52e6df94d47e

    SHA256

    bde01036c0b30f4701be94582095a1011d2454ef44a477c68f6664128377f668

    SHA512

    9810981b44c51bde8d60cffe933bf5332dd25efd382ce905c80bb38852aff0b8546150d6dd8768d1f3dd823d707d010953f11ce5c10304ab70a790320109f99c

    Download Submit