Overview

overview

1

Static

static

URLScan

urlscan

https://www.google.c...

windows10-2004-x64

1

Analysis

  • max time kernel
    530s
  • max time network
    486s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/10/2022, 15:34

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.google.com/search?q=what+is+%22mail.turing.com%22&rlz=1C1GCEB_enUS1021US1021&ei=X_Q-Y6SSOLqwqtsP6NWl2A4&ved=0ahUKEwjkvfLi9cv6AhU6mGoFHehqCesQ4dUDCA4&uact=5&oq=what+is+%22mail.turing.com%22&gs_lcp=Cgdnd3Mtd2l6EAMyCgghEMMEEAoQoAE6CggAEB4QogQQsAM6CAgAEKIEELADSgQIQRgBSgQIRhgAUPIEWPIEYKQJaAFwAHgAgAFRiAFRkgEBMZgBAKABAqABAcgBBcABAQ&sclient=gws-wiz

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 50 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=what+is+%22mail.turing.com%22&rlz=1C1GCEB_enUS1021US1021&ei=X_Q-Y6SSOLqwqtsP6NWl2A4&ved=0ahUKEwjkvfLi9cv6AhU6mGoFHehqCesQ4dUDCA4&uact=5&oq=what+is+%22mail.turing.com%22&gs_lcp=Cgdnd3Mtd2l6EAMyCgghEMMEEAoQoAE6CggAEB4QogQQsAM6CAgAEKIEELADSgQIQRgBSgQIRhgAUPIEWPIEYKQJaAFwAHgAgAFRiAFRkgEBMZgBAKABAqABAcgBBcABAQ&sclient=gws-wiz
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2520
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2520 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4364
      • C:\Windows\SysWOW64\msdt.exe
        -modal "524738" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDFEA1.tmp" -ep "NetworkDiagnosticsWeb"
        3⤵
        • Suspicious use of FindShellTrayWindow
        PID:2768
  • C:\Windows\SysWOW64\sdiagnhost.exe
    C:\Windows\SysWOW64\sdiagnhost.exe -Embedding
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3384
    • C:\Windows\SysWOW64\netsh.exe
      "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
      2⤵
        PID:5088

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
            Filesize

            471B

            MD5

            77a5fe334f666d4abee341d464457838

            SHA1

            0e31de696f343cf8565ec3de87a236a66a8b5d64

            SHA256

            bb07254543e22422027fa5f3c7af9e2b5a6b69bf6925fc1ecf128cb27e9a6dd0

            SHA512

            50cfe44a977775350ed5e98e39c21b2d43321eabd0f4dfbdcf2644f41d8c6fde9b96e480a34e4665c021a315f4db031e90f3d84cf46ebecc5161032a63da74d0

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
            Filesize

            404B

            MD5

            85e0242481e9c5b1cd02a48a445884f5

            SHA1

            95be6e994ba4e8078e6bf835a3cdf1eda00a4d1d

            SHA256

            1838ef0dd76a19d9486aeb0d102f5794c7e411c06afe5ceec6ff6fe93adf09ef

            SHA512

            32304901cc94579002d6357f7fab7b7e986d036af129ff94aeca3d8194655268d95cd6fb7d6355b4dc7bd2ec8380b42514c979fb1e0083bca9f3b7a9aea68eda

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\z2evvp3\imagestore.dat
            Filesize

            5KB

            MD5

            cc16d9223ae50d9cd2e0435399131cd4

            SHA1

            426ebe3e29969216b634746fb0f8a1bd1b1ac0d2

            SHA256

            0fbf6eb88949436aeee50197cfbc9fe66a228320d70f64e16321585f3ff8e141

            SHA512

            af79ad967d6482fa705a270ad0446c99c89345e3cd62c1a85a02757d515a34c27039d084cf615dca2002ae56694fd90040b225c5d386b2d1917bbac0a5439707

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\z2evvp3\imagestore.dat
            Filesize

            6KB

            MD5

            54e06a20ba6d00b3e8eaf42cdd63c3ce

            SHA1

            6aa647f25c734c98fd36895eb0447ed273e4d402

            SHA256

            7191e2457e569e351533a9920224f2bbf9e71d8476a9ccb41da0aeacdf12a5c5

            SHA512

            eab8a03ef055365bc84afad1d3cdd204635321c1a3251f58a1dc82866f611ed3f6c5bc97b48b53aeaf5801c0f7bdb150a064a4beea88d1e4d5a17e5b88d7baed

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\94PW68LC\favicon[1].ico
            Filesize

            5KB

            MD5

            f3418a443e7d841097c714d69ec4bcb8

            SHA1

            49263695f6b0cdd72f45cf1b775e660fdc36c606

            SHA256

            6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

            SHA512

            82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\NDFEA1.tmp
            Filesize

            3KB

            MD5

            0f6002891eefb89a314bc5ceb46f4614

            SHA1

            cea33833324762e7fb7d8ce56446847f79baa24d

            SHA256

            3524d6fd285683bda5426c805cf4f7e6f6f7cf4baab905eb0e9ff6372198a55f

            SHA512

            1375b06c8c63b2d914987e9e2216c99ddec8b2686d853c9d3df152ab88f8c3d51e1c4096c3c3f49ea5ce5858aceebbbcfbe64e8b819d8f94fb36bbbde4c9a2a4

            Download Submit

          • C:\Windows\TEMP\SDIAG_c368028e-9f35-4118-9547-227266a712a1\NetworkDiagnosticsTroubleshoot.ps1
            Filesize

            25KB

            MD5

            d0cfc204ca3968b891f7ce0dccfb2eda

            SHA1

            56dad1716554d8dc573d0ea391f808e7857b2206

            SHA256

            e3940266b4368c04333db89804246cb89bf2073626f22b8de72bea27c522282a

            SHA512

            4d2225b599ad8af8ba8516f12cfddca5ec0ce69c5c80b133a6a323e9aaf5e0312efbcfa54d2e4462a5095f9a7c42b9d5b39f3204e0be72c3b1992cf33b22087c

            Download Submit

          • C:\Windows\TEMP\SDIAG_c368028e-9f35-4118-9547-227266a712a1\UtilityFunctions.ps1
            Filesize

            53KB

            MD5

            c912faa190464ce7dec867464c35a8dc

            SHA1

            d1c6482dad37720db6bdc594c4757914d1b1dd70

            SHA256

            3891846307aa9e83bca66b13198455af72af45bf721a2fbd41840d47e2a91201

            SHA512

            5c34352d36459fd8fcda5b459a2e48601a033af31d802a90ed82c443a5a346b9480880d30c64db7ad0e4a8c35b98c98f69eceedad72f2a70d9c6cca74dce826a

            Download Submit

          • C:\Windows\TEMP\SDIAG_c368028e-9f35-4118-9547-227266a712a1\UtilitySetConstants.ps1
            Filesize

            2KB

            MD5

            0c75ae5e75c3e181d13768909c8240ba

            SHA1

            288403fc4bedaacebccf4f74d3073f082ef70eb9

            SHA256

            de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

            SHA512

            8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

            Download Submit

          • C:\Windows\TEMP\SDIAG_c368028e-9f35-4118-9547-227266a712a1\en-US\LocalizationData.psd1
            Filesize

            5KB

            MD5

            380768979618b7097b0476179ec494ed

            SHA1

            af2a03a17c546e4eeb896b230e4f2a52720545ab

            SHA256

            0637af30fc3b3544b1f516f6196a8f821ffbfa5d36d65a8798aeeadbf2e8a7c2

            SHA512

            b9ef59e9bfdbd49052a4e754ead8cd54b77e79cc428e7aee2b80055ff5f0b038584af519bd2d66258cf3c01f8cc71384f6959ee32111eac4399c47e1c2352302

            Download Submit

          • memory/3384-144-0x00000000050E0000-0x0000000005102000-memory.dmp

            Filesize

            136KB

            Download

          • memory/3384-143-0x0000000005150000-0x00000000051E6000-memory.dmp

            Filesize

            600KB

            Download

          • memory/3384-145-0x0000000005260000-0x00000000052C6000-memory.dmp

            Filesize

            408KB

            Download

          • memory/3384-146-0x00000000066E0000-0x0000000006C84000-memory.dmp

            Filesize

            5.6MB

            Download

          • memory/3384-147-0x0000000005220000-0x000000000523E000-memory.dmp

            Filesize

            120KB

            Download

          • memory/3384-148-0x0000000005320000-0x000000000536A000-memory.dmp

            Filesize

            296KB

            Download

          • memory/3384-149-0x0000000006D20000-0x0000000006D86000-memory.dmp

            Filesize

            408KB

            Download

          • memory/3384-150-0x0000000007020000-0x0000000007042000-memory.dmp

            Filesize

            136KB

            Download

          • memory/3384-142-0x0000000006060000-0x00000000066DA000-memory.dmp

            Filesize

            6.5MB

            Download

          • memory/3384-141-0x0000000005070000-0x00000000050A6000-memory.dmp

            Filesize

            216KB

            Download

          • memory/3384-140-0x0000000005010000-0x000000000502A000-memory.dmp

            Filesize

            104KB

            Download

          • memory/3384-139-0x00000000053B0000-0x00000000059D8000-memory.dmp

            Filesize

            6.2MB

            Download