Overview

overview

10

Static

static

URLScan

urlscan

1

https://surveyhero.c...

windows7-x64

10

https://surveyhero.c...

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-11-2022 14:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://surveyhero.com/c/z7w9rj4z

Score
10/10
microsoftphishing

Malware Config

Signatures

  • Detected phishing page
    phishing
  • Detected potential entity reuse from brand microsoft.
    phishingmicrosoft
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://surveyhero.com/c/z7w9rj4z
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1028
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1028 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:924
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1028 CREDAT:17414 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1392

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\646C991C2A28825F3CC56E0A1D1E3FA9
    Filesize

    1KB

    MD5

    1519171ba0e9b6aabdd22495c93b43f8

    SHA1

    da916b57522c4c4cbac2aedc3354bc6c69a56270

    SHA256

    dfb271a64ffabd0110e6c943e6052fca6dcb7cc738c9cc4c03ce3732361fa318

    SHA512

    7392b921cdb6419c616d744e9556b09d38a2e0956cf0ee0687aba4b4ff75ad7692440afa6d99daeea67f0c07197b466990d6d2c6e4d3567cd8f15b0750dcff2d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    cb295ed32b0acd9eac87bcc961fb315a

    SHA1

    a580f2d38c9d1611e25b6aaa3d79b54eb34d3ebe

    SHA256

    980abeaa872503211925db8acf8bdcdff0bc3c6deb2182fd698f6a444d2625be

    SHA512

    974f48bdfb8ea90a49cfa25cacc98c9a145702f4e4967dd6ffddd5eaee6144189499682e80b342708e04f812006314b04e5715492170d0f63c7b0530e9cd399a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    f569e1d183b84e8078dc456192127536

    SHA1

    30c537463eed902925300dd07a87d820a713753f

    SHA256

    287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

    SHA512

    49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\646C991C2A28825F3CC56E0A1D1E3FA9
    Filesize

    184B

    MD5

    049d12a7361a492869998c72db747b2f

    SHA1

    dd93172afe26314e9b4a8a6d4a3e2415048ceec6

    SHA256

    f1a7f08484fbdf72879d654e9a0e0a15d039f24c25ba85a308abb6697315b2bc

    SHA512

    c6f3386312841d664f0a14325897e97c24a59000ee02fc38984a69279aead6b1e504e6512cac3c3ec3c2c8073251acfa32bd0e43eb36d6d9e11595e1fa814001

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    434B

    MD5

    6015e3b373847e9da0daa6b7420c6e9f

    SHA1

    1644913607ccdef5e80fc9d856947faa31db5238

    SHA256

    aaf8ec0f2f27b1b13c84756e866e0092c2c9adf5732f9f1825c1eefc3eab73ac

    SHA512

    89e0b6f08a256f0d1870730c6ffc290ce55e72a0a92177d45cb9372a366aed4b088e5f198f9c3e9c0864ae80e97b0ed7dc4dcb0796ad3a16ebde8f0200a49add

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    fed14390b9f2ca962bb5e43b0e8c64ee

    SHA1

    b082a0fe1be64fca10b3ee812704e1c1f0ca53bf

    SHA256

    e0952adc19a34ee528f2525fb2ff5c6e8b6fd6dabb1023c08ac6bcfe6bf0eb48

    SHA512

    8d788f5cc6ff31f632a2d309cb88de639cefce8606a0617399afee7808adef45c6fc6cb211a534c944b0f2ee14f5e4ba43aa30d6193c5cad14f5eb7bc66ae371

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dqptnfu\imagestore.dat
    Filesize

    1KB

    MD5

    b4639e8adb439c5bb8a6bbd5a18695fd

    SHA1

    19dae6ea0d2be51b81507d3938f6bbddb8ceadaf

    SHA256

    1a16c40597a32dd77c8d68ab9300594d37b41719a331a981da413b4fb6b90512

    SHA512

    7460fed21c843d860d086672553ac766e628a86c68be661d28470b8f1915dbad78098abb13cb90cd81efacd152f5a063f338543c2c094445ec437e41431f3ebe

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dqptnfu\imagestore.dat
    Filesize

    16KB

    MD5

    7cd05ac55d3edbefb89fec495a5ea5f8

    SHA1

    9b30de988f0bb3ec75f053d3bc40d7942b08bb6c

    SHA256

    c40a5b2f2b10897742fc9e8bf878213dfa5cf7eb60891a49249fe107ddc0ab09

    SHA512

    37e21c5f6618bd1a1c65d50fe76f4f499661dc6b4cf8fcec542451111141cfe4b14e5d23eaf23a5b5f5eb81813f2eb8faa2594f40eec676eea335d29fc7a41d6

    Download Submit