Overview

overview

10

Static

static

URLScan

urlscan

1

http://5.182.17.134:...

windows7-x64

10

http://5.182.17.134:...

windows10-2004-x64

1

Analysis

  • max time kernel
    257s
  • max time network
    364s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    01-12-2022 18:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://5.182.17.134:8080/response.txt

Score
10/10
phishing

Malware Config

Signatures

  • Detected phishing page
    phishing
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://5.182.17.134:8080/response.txt
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:520
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:520 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:644

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ef51140273e57e64209054073f9bf978

    SHA1

    95c8c21affc16ddf84336a45d6e3d94714a95667

    SHA256

    0fdca1bb1ad977f61cde90d32b47e679da8abe342f1cdbfb9a460b4fda106c71

    SHA512

    0730e670bb62395fcbdd8f28b26ef196c4d696fa6de8475052d29da20529c60b2fc70efe41a00874f736aedcbfdeece911f985559fc7ce07c5b6fc4245aaba69

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    57d6da4cd5adbb63526fcb672cfead13

    SHA1

    f59c97189d002a085d7a9ae3cc500c25631b4327

    SHA256

    d7bdaace25187d4dfe6b60e7c121eeea757df71cb189416f54438e3fc52536f3

    SHA512

    b05d3ca41e6fb48a13ce76d0091fbeb464c0da5c7ae0093224ea6f8f4238321f3e015b5da3fc307337cb5cc10738642e13120f6e547f4f9db4658b571d28c8cf

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\mlf2v8h\imagestore.dat
    Filesize

    47KB

    MD5

    f31592703de32ef8609cf8cf95161016

    SHA1

    60ac0b3b6b9cf8ae20a8720c85341b1ade6b1b51

    SHA256

    112a56ab8adb475fee9afa2912323ff1aa39e7348a6e4f73417d68cbda9ddc1a

    SHA512

    cc286f2b8e79caedff16ae2ab83f2edfb29542fcdc21f7b9ffcd5ca2c0946fbac1cafb66d37da267e9ba0eec4a9a706dd63360f224b632b3de2e2f07096c620e

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\PV2B8L5L.txt
    Filesize

    596B

    MD5

    8321208cdc8675de746995b714e01eac

    SHA1

    7221d1cf4c44a85287aa97a576918f1e0e2acd13

    SHA256

    9888ee1cfdd967b1e28da3ad9e04c2c9623bfbe16359d721668cd9a7ad5ed437

    SHA512

    2b8ac9dafd27282c0e82839a62b41feed6d50d12cd9f87a23513db661a674219b0cd32527189d1a06555d76c924e4ad40106e4c1b2e50e240722da57bf4182b9

    Download Submit