Overview

overview

10

Static

static

URLScan

urlscan

10

https://bitter-poetr...

windows7-x64

10

https://bitter-poetr...

windows10-2004-x64

1

Resubmissions

05-10-2022 19:48

221005-yh4qvsffcn 10

05-10-2022 19:15

221005-xypq7sfegj 10

Analysis

  • max time kernel
    143s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05-10-2022 19:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://bitter-poetry-5215.westofsdfdsfd.workers.dev/

Score
10/10
phishing

Malware Config

Signatures

  • Detected phishing page
    phishing
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://bitter-poetry-5215.westofsdfdsfd.workers.dev/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:544
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:544 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:940

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    60KB

    MD5

    d15aaa7c9be910a9898260767e2490e1

    SHA1

    2090c53f8d9fc3fbdbafd3a1e4dc25520eb74388

    SHA256

    f8ebaaf487cba0c81a17c8cd680bdd2dd8e90d2114ecc54844cffc0cc647848e

    SHA512

    7e1c1a683914b961b5cc2fe5e4ae288b60bab43bfaa21ce4972772aa0589615c19f57e672e1d93e50a7ed7b76fbd2f1b421089dcaed277120b93f8e91b18af94

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    92f205417899dddbcedacb3910baa2fd

    SHA1

    7fc3bcae81366fe8164aa281a05aed0de2216860

    SHA256

    f99e5026cc31c2d5b4cc21c738e68326340323148a815cf93b0aab910725fc59

    SHA512

    9470596aca87766439e88159c896cae864972a00f6d8f007d2ca9769cd75fb0f535701d16944bcf310e51e673f53a03c7552209f8f2e449d38667cbe3f287f54

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    73675b8c5435ff2624a810a339672bb7

    SHA1

    4e2a57c35b4050014be50ad15a728d2ede789e3a

    SHA256

    eedd598172812d913ba5cab83335ab9e01e0a7eb5b90ef783d6a5a19687445ed

    SHA512

    ee56fdf07b9c8d2195757abc162c117e03803eb39fff1f21e5e14497432bbe0be257ed0f41ef0b00889137cc534a34f08818a3bf9614c9805590d7cdb13dc75a

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WRZXZATJ\favicon[1].htm
    Filesize

    4KB

    MD5

    0bbf825da55ffd744d596e209c8bc634

    SHA1

    999cce85dbdf4e84630efe225c59778c8a1782bc

    SHA256

    4162680b06e293e81c5c6e96df90145edabc8a906dd6d5cb3ac49855b86f92ae

    SHA512

    aba3ffb4de5a3b90f725ebe5ec071155ce05ffc1a528d08e465ec3f16af452b1f1e364323e6507a9af27239215dafd0ea7fadb65456e93bddfc1d573b14a6fed

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\64Q1S5A3.txt
    Filesize

    601B

    MD5

    b36479e163d6038404c3846b3dd58c34

    SHA1

    3bbe0c4e50a054d113966d9aa51ff3d0ed6aaf86

    SHA256

    99ca3a53e2942a083ac3794df5ac7e2fa1a39d94870144da65a6642d94c8ae68

    SHA512

    f68692ff6b41eb4fd34b0974ac734e59d0d8e904cb1e84bfc6187f5a02b7dda9204b7ea05cb6811cc93abbfe59a8deb18098eb8e9bbbc06edcce0bf1cc65d738

    Download Submit