Overview

overview

10

Static

static

8

URLScan

urlscan

1

https://plhzoe5hkr3k...

windows7-x64

10

https://plhzoe5hkr3k...

windows10-2004-x64

1

Analysis

  • max time kernel
    134s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    25-11-2022 15:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://plhzoe5hkr3k3iy4kbwd3e43lkr6a7pvxqmezdcalr7vdy7fa-ipfs-w3s-link.translate.goog/q9v.html?_x_tr_hp=bafybeig2v&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp#[email protected]

Score
10/10
phishing

Malware Config

Signatures

  • Detected phishing page
    phishing
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://plhzoe5hkr3k3iy4kbwd3e43lkr6a7pvxqmezdcalr7vdy7fa-ipfs-w3s-link.translate.goog/q9v.html?_x_tr_hp=bafybeig2v&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp#[email protected]
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1768
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1768 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1616

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
    Filesize

    1KB

    MD5

    40fc2d3fd38a171ca49f1ebf632e1903

    SHA1

    3acc79a441ac1aea5e50d24a0cc619ccf7a3b81c

    SHA256

    3675deed33abf58cdf735b4f52de6a7300c2c3c0d330fa6a0134cb46b43ef8c7

    SHA512

    9a54f9771b0d0afd24efa465f3f52ec357bd7e7b9e0973319dec29172344f8777a837ad0fd4c5b42d725a3da4eb4810db684712d2ee6df6393f7947465991685

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    3dcf580a93972319e82cafbc047d34d5

    SHA1

    8528d2a1363e5de77dc3b1142850e51ead0f4b6b

    SHA256

    40810e31f1b69075c727e6d557f9614d5880112895ff6f4df1767e87ae5640d1

    SHA512

    98384be7218340f95dae88d1cb865f23a0b4e12855beb6e74a3752274c9b4c601e493864db777bca677a370d0a9dbffd68d94898a82014537f3a801cce839c42

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
    Filesize

    446B

    MD5

    683c0c92d2b8cd3541a6b27429024531

    SHA1

    1bbe5c92851d65dce8955c4a4b4c4a606ad1bc31

    SHA256

    7b0f022b572a686fe23a6614d38b7a6ef54e6d9216f994d9f1039933c4a5866d

    SHA512

    3c0290386da3ed77538278726f698547cbb7213956862d849aaea6fcd9144a181e56331879c8aca3a0678c76a1f122d94407d907bc8b6df2a015e03be5cc6884

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    51434b25f38197aeb95a7c6370a86a0b

    SHA1

    b9e76795ed0bff5109b645aff5c181742ec6a8fd

    SHA256

    7a2a27dae0f060f97fcd7ec8e88282ac28b28302ce6ff84d2aac1a0d00d55cb4

    SHA512

    e4319bd577f73ed15d09028bfaa6502d0fd97034f7189c053bb5394377550e41a3a51dad3aec9add669e8a799cdf4aed148cf51bd03c1f01d0a6f7be4e718576

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\WTE2AMAG.txt
    Filesize

    608B

    MD5

    6f6d1de0e8d7837c7bb80621397683cf

    SHA1

    448d4a307f1a577609e71ceaa465f6cc371b421b

    SHA256

    12c4061c28acc2de65fbbb108f17ba3b0db13b3461e2a5c1b40eccad6a7a76d8

    SHA512

    2a143371858c57f5ac59c5f247be5abf4637783e048fad852e0e453d595e8e7310e8e3a13e29d93eceb2bd3da0d5fe4abfa1875d965283e09e234a1b2aa0774d

    Download Submit