Overview

overview

1

Static

static

URLScan

urlscan

1

https://info.safehub...

windows7-x64

1

https://info.safehub...

windows10-2004-x64

1

Analysis

  • max time kernel
    205s
  • max time network
    189s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2022, 19:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://info.safehub.io/e/983072/HPPCaseStudy2022/2p3wj/165374545?h=2JwTmXvUaqCOfP3Tt3xzcov9RgxGeyX6EEHYRQsiWoc

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://info.safehub.io/e/983072/HPPCaseStudy2022/2p3wj/165374545?h=2JwTmXvUaqCOfP3Tt3xzcov9RgxGeyX6EEHYRQsiWoc
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1132
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1132 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1888
    • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
      "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WRZXZATJ\Safehub_HudsonPacific_CaseStudy_071122.pdf"
      2⤵
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:616

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    60KB

    MD5

    d15aaa7c9be910a9898260767e2490e1

    SHA1

    2090c53f8d9fc3fbdbafd3a1e4dc25520eb74388

    SHA256

    f8ebaaf487cba0c81a17c8cd680bdd2dd8e90d2114ecc54844cffc0cc647848e

    SHA512

    7e1c1a683914b961b5cc2fe5e4ae288b60bab43bfaa21ce4972772aa0589615c19f57e672e1d93e50a7ed7b76fbd2f1b421089dcaed277120b93f8e91b18af94

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    42e90d274408a38b41caf17387f48bad

    SHA1

    c49d1dc70668aa6f0ab2310d5ec7743f8f54f783

    SHA256

    c3c33361439301d9cc27d14beae7754fdfa598cecfe5fc0b0925ee9492c975cb

    SHA512

    77aad2e2d0457d165d9c59428816540df859d4a78f803a3297cd9c6f4d38d119f04f6bbc09eae1fd25a92c69e33f678786b9f540ba3138f89c2c12af3749398f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WRZXZATJ\Safehub_HudsonPacific_CaseStudy_071122.pdf.1jg2gri.partial
    Filesize

    893KB

    MD5

    17ceb65016bafaf75511dd94348bf7ee

    SHA1

    0f61ef4786091fc9b339b8c13e63e307b14b94c4

    SHA256

    41d2967bb6987278c9a28e3dc100613eafc93ed0dd9d4008ec2080d515c53541

    SHA512

    53602ea652eab6d650d3760f6b1bcb765a93ef75d01e8d69fe5970686d94ab1c1aa97a4d677eca55ea1495091545c95808c45e3c03ba984c37e262623e28b4ba

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\959XWU81.txt
    Filesize

    606B

    MD5

    2f7a5e0347d2c56505c5cefb9c9f2932

    SHA1

    1d8a94e4643b73557b581c233ab7ddb19b53a565

    SHA256

    ac0897f4a85f12e95abcbf68045fd7e8f3de125239d9b207c1b301e461ac613a

    SHA512

    c07f717efc7e00e5ea3553674cf3335b90a1f817f0c469fad3e8c2ede771bede27c37d985aa20a4cc6de0d53316098b0dca5cf3ec349573fab3dae9da7993d03

    Download Submit

  • memory/616-56-0x0000000075561000-0x0000000075563000-memory.dmp

    Filesize

    8KB

    Download