Overview

overview

1

Static

static

URLScan

urlscan

1

https://rfq-xlsdoc.m...

windows7-x64

1

https://rfq-xlsdoc.m...

windows10-2004-x64

1

Analysis

  • max time kernel
    92s
  • max time network
    205s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 14:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://rfq-xlsdoc.myportfolio.com/

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://rfq-xlsdoc.myportfolio.com/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2012
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1196

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    71469c4109acc74129119a8f8aec539b

    SHA1

    50b7731f3064772f06184b306844db1f8a7b75f1

    SHA256

    bb18af6a629e578433da1d3217fcc6d1a8a5a7f792ffdb84f081f1d23446cf4f

    SHA512

    9820f73c12d63460c35a9f13c56b527d2137055603798b9b3e72681e2b72d055b401e26ed6e1b810d6fe2de3400b6fba4cbf3abc326f6e4523f7b23891c618e2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aad6a97d04ab1ac44ff182ace0316451

    SHA1

    e898338e362a13204c335abb55c378d4f95bddba

    SHA256

    5b41d969dc11db86a1986dbe8474b493009dbc4ee66a403a8f5f5e80e398c080

    SHA512

    6ad8601abd3d970deaae887b6fd17a57bdd37a1c678ba948bf4d7ea7cb7582af811ca1f24c9440928690bd13ff746bc8051255115d836124cb86eb61cb5c81c2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    498c447bf22640fa24cda2fbd7a3491e

    SHA1

    c0ec24ccecc0b5f49d8a959b02511d287569af92

    SHA256

    b62f99004ed13e659e8bf92536dbb6a814e21dace5ef68c6fd28f40523d35ea2

    SHA512

    700967494366d365c29cce522c86321ab86c96592d23a3f7e2a4c900de9025cbb9734069a03169360b0601306c53a213958f61fd8dc1efccbf3b91ebf300130c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a12f63abd1bd9deb64d6530d9e2ee4a5

    SHA1

    adfac6372691b40f8684eec949fb065592394631

    SHA256

    7343171723181690b87a8517d7caf21ec7f5a54a98400b1945e2d9cf3eb2ae73

    SHA512

    befb2d3e293913488cd4c0ffc8af8c24c3f070bfabadec666e8a9eb079e6b62aebfc366d0110591a2c2eb0f1f4c8dd45c04ad51060f67b5640730bca2051fdcb

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    407f6b4c70bcf29a1afc1942ddfc0efb

    SHA1

    43a5d3e062febc80ce75b45452c7dc70e1a13eca

    SHA256

    139c0010e30849f30dfeabb8c3720007c45f9f81b5cd8a3e04c88abc57f2af89

    SHA512

    1985cccf408dce180814df868edfb1a5f65c2c1ad9c46da6f4fa21ab7f979a62637137f7cac143d5930e537d15f28f0b7ae6489e36c6eb66436590f7fb5f160d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f0112f6c4fe6f2286783db2648b7caf4

    SHA1

    68d890d90788acf1adf162c7e63f20cb9ec52efd

    SHA256

    2f4cf7e226da1c71235843fae243f922a5cb651bc64c02551be8334d2da16164

    SHA512

    5bd1d075e639374c576b815f1e2b049a9881cfe20cfa1070094ee166d70a147dcb5fb251cfdc0987ad375b6fdef76eeaf86a8ce01e4fdd7bc60006259a1a3e96

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b2d6caf9aed5f7924f80d8381d49138b

    SHA1

    daf56b2175093bf564b99b01655626975c9e66f1

    SHA256

    b3e9c15a15c2f064a806b0ba9576bf1624c5df6e281722e739b4fc4081ca4732

    SHA512

    7bd2cb0b83c4f34fb42dc31bfb692630e009341a2d38f363ace02ebde4a2a0f3638ea08b7d519f73baac5a9b58bf5670cf334c6cbcae0d75949bcb175ac85853

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    72465870d6c387aed35bede559ba5ebf

    SHA1

    da4e7653594b78dc2c594435c1c71a27eff9b5ce

    SHA256

    1e21a2e5eedfe541d9b6ed72454067d5eb5295e7126745c31562278eeb0d36f6

    SHA512

    1f7f15793d6abae8830f4bea19f0c05bc3e7869f6821fa246bb3788865b7fd12d53edd7748cf644bde96740d239aca9cd5c1e2390598c148c89f05df60e3d8b8

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ffdad894b00db87b5c1b8cdf3e52e75d

    SHA1

    3081664e4108289590786c3c34af425afdcfb727

    SHA256

    800fc508723be56df9d4d4b833bf55135166ab2b6b81afd5ee46ab5facb0c0fa

    SHA512

    406872f01f31ba1d19e952f87986bf63dd318031bd41b11b5831a7c906b0ca6730affd6d8b5db9cb4fdfe06cbdce680f0bf08d83d514b8cfacdbf6d021b8e8fd

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1wzfztv\imagestore.dat
    Filesize

    692B

    MD5

    27b7e91bbaf7284199ddb2a7f732d6e6

    SHA1

    e168dabd9eb98b26084a16274948189b80460a7f

    SHA256

    a9d2ae59b2e0e40516de7fe9b9fd64a0af058b7720be7f8e6140caf651761d8e

    SHA512

    0ded05116812368bacd063742cc272fe519287ab4b20e2e085b9d0d08a2f87080daa2a4287f42629299e3fdc65bf974a9104d13f167a203a9fbe9090f80e92cf

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\NOXR168Z.txt
    Filesize

    608B

    MD5

    06ae2d1f44aafa1c5444177ffb8e6199

    SHA1

    ce8f57f21afdbabb32a6da83deac88dacb83356f

    SHA256

    32441c8a01afab0dfcdea61c2be3f835bc021b1c239587fcc3a7847d5d96b6ee

    SHA512

    d98d409a1ba0c550c359b0292487e42c168d2f6b51ab6ae32ba39aac32843105ea7fc24ec4c1d0cbb83c387d2e9636b3ad4b6b21fb897d6388e57816e577c5bc

    Download Submit