Overview

overview

10

Static

static

URLScan

urlscan

10

https://storage.goog...

windows7-x64

1

https://storage.goog...

windows10-2004-x64

1

Resubmissions

29-11-2022 02:30

221129-czlqqagh42 10

Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29-11-2022 02:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://storage.googleapis.com/xvctpdwwculvt/z9upjs88jvlrt.html#LbsVqM4InyWA.LbsVqM4InyWA?fL4ZTkccGhkHcxS6Kcdc9Qckc7R4XjnL2cbbb4H

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://storage.googleapis.com/xvctpdwwculvt/z9upjs88jvlrt.html#LbsVqM4InyWA.LbsVqM4InyWA?fL4ZTkccGhkHcxS6Kcdc9Qckc7R4XjnL2cbbb4H
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1088
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1088 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1748
      • C:\Windows\SysWOW64\msdt.exe
        -modal 65934 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\Admin\AppData\Local\Temp\NDF2AB6.tmp -ep NetworkDiagnosticsWeb
        3⤵
          PID:1348
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1088 CREDAT:406545 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1828
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1088 CREDAT:340994 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1664

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
      Filesize

      717B

      MD5

      ec8ff3b1ded0246437b1472c69dd1811

      SHA1

      d813e874c2524e3a7da6c466c67854ad16800326

      SHA256

      e634c2d1ed20e0638c95597adf4c9d392ebab932d3353f18af1e4421f4bb9cab

      SHA512

      e967b804cbf2d6da30a532cbc62557d09bd236807790040c6bee5584a482dc09d724fc1d9ac0de6aa5b4e8b1fff72c8ab3206222cc2c95a91035754ac1257552

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
      Filesize

      1KB

      MD5

      1449add840e9160cae5f5b565c634b70

      SHA1

      dc889a8567e97e99d8b3186975f6b969de5aad6c

      SHA256

      ab53d0cb3f95f86c66a7e43185e7abce5c80b18270ebe804cfd73a7249174d36

      SHA512

      192c3eee32ad50022f2f561f4e08c03bfacd7a891e7709e5528ff2641d02a84deafdfd9deb0d086c02b4bedcf8ebf802746f1814a3b8f70afd309695181f4d83

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5336D2FB8483D5462FEDA0784120463F
      Filesize

      503B

      MD5

      04e7844267ac4a8dbf3e931132734fb6

      SHA1

      6940d768c29d0b6aeeff7d5084ea9ff2392feec2

      SHA256

      6fb55678660b57a80c005d91f096909c0538cad3f63937146fbf514e4f1da1a0

      SHA512

      ab13419b4d69b9d3b82aed3212ea49e602dfec7ff04a1b14b83fe5558fb909cb7863699c4dde32eb35d18f4937acaca803c06a76ce483c9b3791d1f416569f43

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      61KB

      MD5

      3dcf580a93972319e82cafbc047d34d5

      SHA1

      8528d2a1363e5de77dc3b1142850e51ead0f4b6b

      SHA256

      40810e31f1b69075c727e6d557f9614d5880112895ff6f4df1767e87ae5640d1

      SHA512

      98384be7218340f95dae88d1cb865f23a0b4e12855beb6e74a3752274c9b4c601e493864db777bca677a370d0a9dbffd68d94898a82014537f3a801cce839c42

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
      Filesize

      192B

      MD5

      024a74b713e3573e2e2ec6537a139d7f

      SHA1

      71e30986b266d9eab07ef35614492885af117e16

      SHA256

      f02fe7c219332b87605ee21403f29348bd423d10b516c9e7d4decf6ee393f90b

      SHA512

      c5fbfa98c7351a94131ffd2af7f21f24b377780269d3d3987ff7e2f8b58c79360d3e502c5df248c7caae6a6fa1d474496140606fa7e293192e87d69f74d15b45

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
      Filesize

      410B

      MD5

      43c196079dddf48ab99ed00beb424e64

      SHA1

      d6d09734ae1c305ef483b56bcc3d91c2ab3df096

      SHA256

      42c616d623e4742c56b9c4044cf7f28013bd9e8b4337529b796d56af03b391f1

      SHA512

      e9f87eff3ef27f53a4dc48043830bae986ee8676d00cd15985f7a42adbc6902d5b60dcc2325c2bc7ef1a0224df3800b32cdff91c4d85b90aeb5731f09918834e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5336D2FB8483D5462FEDA0784120463F
      Filesize

      548B

      MD5

      ab53810edca922d7b89f135e3a84ab38

      SHA1

      3634f2e4a6e1c5800109c664b8d5153d92867bfb

      SHA256

      091a46d3fbf6d100d88ab4f6f4d45a88a303cb855aa2db8e1356e685124ee36b

      SHA512

      c34905f9ace5d800972a42a4396547ab0aea39af51a9f40e118aaee47b6a2b34e3933a328d1c18eae019afb25e4de2096c2ecd4df5bd7ed9c0581f6787b8080a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      f111088d57a03b3183ae9d97cd1935ec

      SHA1

      a2df4652d9594b80b2135f13d66990e836eede2d

      SHA256

      cc9fdeed595e6df8aa3123f0fa41585b0a015d42c8813eaaf9e270756afd39cb

      SHA512

      eac349bc73e47b958e06e321851642f7cdc703d4753a14b6ca2340ffe91a7b17883365f19ebf755616300e0e824f57b340a9f3d0a347d1d7f2b583b6d0d0923d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      fac013b6570012d38fcfa55012c6240a

      SHA1

      d866171721f9b530aff2568af952c25e76717c65

      SHA256

      f3afdd2f3c5d29944fc9bc4643f06a9e0ab0555b85b76dcb304d039ff6bf61dc

      SHA512

      5e69b6d30abb12d071a85bddb621770b23ab75b375a283b7ffd15569355076d14b3b1c00d869f9ae876f3f873618dee30bd56e24a34c4d8007f750f1a601bd43

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      242B

      MD5

      54aced9a9dbd99436ce3b7e725686ba8

      SHA1

      d4435153abfc32e00b985e1cbda2ecedf2704c35

      SHA256

      e234151af87c2a6ae1fe3552aac943413969434dafaa307effc3ae0679bbf355

      SHA512

      c1d8017810f151ecb9ac13f4768b0061bf4e05a16ed89814cb4e293a6c6fd06f2def316737ee4938ec57c56eb14dbeb8626d3c21e821fbc0cd6ebab637f07ce3

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\tcz8fqz\imagestore.dat
      Filesize

      19KB

      MD5

      0af367c518601b1d5ab944a13c678d1b

      SHA1

      c325654d9bf63d6a6f04cb2c0e14a90e6f11a41c

      SHA256

      11b75f0072eca13077c0f3464cad170c549366bdbeb9cf0f8ea3cb65b984ab48

      SHA512

      c1b24d49660323cd450f9c621b59390d6a94dd5624d162678eb690b2bf88d49296dea3ee5f26423a33b39aa651f753f1518200f431ca6a49d236b8d0d915b5f5

      Download Submit
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\QTPI6DOM.txt
      Filesize

      603B

      MD5

      f1eb0b14eb5b8b9eed3e1f15aff1b57d

      SHA1

      1d20a2dd846ebc258d7a8a8d11562f1abc86883a

      SHA256

      af5c3a1ad16f6f7a8a8c63415abb559818fd9df50449813bb4f407ced026fa4b

      SHA512

      0eddc3aa95e8c3bd369403c5b1cfc9161f606736dbb2198d0322f92705906823e0406d3d71b6b0a930d837801adb956d0f91d22ad27062cb5af663e4127848b7

      Download Submit