Overview

overview

10

Static

static

URLScan

urlscan

1

http://yes.slidefg.x...

windows7-x64

10

http://yes.slidefg.x...

windows10-2004-x64

10

Resubmissions

02-12-2022 16:11

221202-tm9epada57 8

02-12-2022 15:57

221202-td1fesfh7t 10

Analysis

  • max time kernel
    348s
  • max time network
    353s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    02-12-2022 15:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://yes.slidefg.xyz

Score
10/10
phishing

Malware Config

Signatures

  • Detected phishing page
    phishing
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://yes.slidefg.xyz
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1380
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1380 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1116
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1380 CREDAT:668694 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1724

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
    Filesize

    2KB

    MD5

    61ffe15234088bd43d27e9eb101ad1f6

    SHA1

    80e8cf2dbbf66018e148cbab446cfc5e52eed1b2

    SHA256

    1dc492a98f81cf0473e5ebc17c9284892b88c592b5194c31761a1ef1985c59b5

    SHA512

    f925dbd2d421bc596f344241ce915b69e8f9a5112f4b9d6e62c82a717493ce2422366395dea33dfce896704b940afd6366923a7a2eb476d10563bc76de15b61d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
    Filesize

    1KB

    MD5

    10b27e2f80d17bdae791a9d22ac3d50e

    SHA1

    17fcdc95ccbc005575dedb824a84f6d0d5a78c2a

    SHA256

    43b7e7e63fa476604fc6359358e0d0628506f99a21c0c4f4f7f7f5651996c1cc

    SHA512

    0a25b9f0d717b3a1c75e4c76b0b8f418743de6dc92b0ca5a8cfe88a6cf97bb91663115aa8b13dcaa7e1222db6ab34c6ef7e0dbb7637748c15dd3e2e97a4f9dfd

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
    Filesize

    1KB

    MD5

    912da6b52d140c350937afa14a357061

    SHA1

    5eb54c7f9f32a1e3442113fd93c348027e218004

    SHA256

    033b9d2ea11a924f8cd8af9d923c311efc401040802424ad0f7c8c811cb5f88d

    SHA512

    ace1abd89c31d0979a817b994fff933fec49b5f1204bc8d6ba43a41fd776500e719d3df95f1f90358d000b6de1705abe3cd8d120d13a9096ecea24afff4bdc2e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
    Filesize

    488B

    MD5

    77206c1f9901032d218d24134d85105b

    SHA1

    796cd7b823dee338ad020a6f21dbabb11d4bd5d7

    SHA256

    eb24f70d29fdf8f5a7eda1e9b950efcba9027c6b5d095650db23ae11e8286a4a

    SHA512

    55883eaa8020afa5481d59d99a2bc922630f72b48f9a55c3cc99b30064465fae3228dc0ffad63fed73eb07cd5a19ff8fd1c25d3cb05f0524dbc10edc1c470c73

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
    Filesize

    446B

    MD5

    3d509d7d90bd90547f3edd12483f2187

    SHA1

    dc9f9796ee35fd27736135a4687247e882eacf8a

    SHA256

    6475caeda65eabab6dcad52b4062f8491579e1aaaced62080ab142298983cc02

    SHA512

    4b2006f187c9cf07201e1685ef78d444a64fbfebc3af1d333a040c22d7e069d02972a6b1076889bf89204e478d3359e22777291620d3caa7e526c66b0d76af4c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    99c7709a10c46b8249d91d532383b0a6

    SHA1

    896bd43bd67720b1430691bf198ef63d27a2056e

    SHA256

    d69f810a074d6f23164cf81b7059566ac9a90701223ed7ec0feb214896c72ae2

    SHA512

    a3467d77c6aa368872e274d54500597c72aca95a2ca438642ae899e97ba50a299703e3c37886d2424c3092bc025288d1ced5bead3b723bc2bfc7b8e051b83d9b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
    Filesize

    482B

    MD5

    c96fa5d94f41412f8135b13229d744cd

    SHA1

    6b3e9c9525dc3ceabde4568723da5d89bfccf0c2

    SHA256

    25ae83704aa0cfab14b75db3c4b8703d5131fe964f13640766cd926dc14da0b1

    SHA512

    2297cadaeeeceafcb1b0eca90ebf08e4b1fc679451819ca709086e6d1d6c1276914e600abc06e15e4603785229c1355f1b87121e7d46e6f3d91286dcdc187da7

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    f8edc8509ef95756cd1c6b1bb2cf276e

    SHA1

    af432dfdffa774ce3784bd45ac6181e9d2e9c690

    SHA256

    54992940e5a6c30f9bc51749acb2985c873adbe7131614308b6388e6294aa823

    SHA512

    44fa591c7ad91b67bda99d29a9bac634c5468de5b52ba7484edeff3e5205cb788d1b02f8e17288914b61ccfb25a5144ca555dde5aa1b5d4d10693de0df1a5704

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\309axvf\imagestore.dat
    Filesize

    12KB

    MD5

    3a04042852722203d6c1b3157df14539

    SHA1

    b193e099899677e26c57519b9664dca15623f0ba

    SHA256

    67e45e8398e24d75d413cbcb9b2d435302b0ae0fe5b74e2e1af28f28081911c2

    SHA512

    ad5bf69ee50578080b6c20b6636c3954aa8b454261f675ebf501703c743eca787cf9b0f4542e21064de881ca409383d34496cb61306a2cf33934f2e94fe87c96

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\309axvf\imagestore.dat
    Filesize

    12KB

    MD5

    3a04042852722203d6c1b3157df14539

    SHA1

    b193e099899677e26c57519b9664dca15623f0ba

    SHA256

    67e45e8398e24d75d413cbcb9b2d435302b0ae0fe5b74e2e1af28f28081911c2

    SHA512

    ad5bf69ee50578080b6c20b6636c3954aa8b454261f675ebf501703c743eca787cf9b0f4542e21064de881ca409383d34496cb61306a2cf33934f2e94fe87c96

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\309axvf\imagestore.dat
    Filesize

    14KB

    MD5

    247bed35aef7ca85633a1df3cea70b1b

    SHA1

    d5184489435459ba897e815bfb3ff876bd4a7174

    SHA256

    4a4455e75d5583eb24cf82e400df91fad0bb8eca7f1626f811996feaa15b4998

    SHA512

    edd4045f48d193257ac92a955d39baa89dc3ec5d642bee4353e35bceacc95a61d00d4da89855f4111b4187dbbf1652ca86a63e331581716291d2229cd48404ba

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\46L6XGBK.txt
    Filesize

    539B

    MD5

    9a067b88cb0a68b2b2ab8d5ee92ad2de

    SHA1

    1d4f40a2b6555cc898307585dd99e09f8ad1210d

    SHA256

    91398abbdab0edbc27d9ab5f2adcc82b97502b775842871e405339172726c3a2

    SHA512

    5fa8fa4092fe563f85f76d0b0e4896d95870db39613b3658a8ad6a9110d30661a6133cf0db0816e623ef98fc08a382358f907daf786281c11e734ce68b473225

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\78ST6N8I.txt
    Filesize

    503B

    MD5

    aa76b58942f02aa731b9d3504777de22

    SHA1

    9a01eef517b466a9a2d430a4baa2eed7cf86277c

    SHA256

    695f953eaa45e1ab17e721dada8fa0649f33f24f66438a7a2e86576226793587

    SHA512

    538454f023868f68219dd2eb3e5beebd7eb7195c4b5c19dc0ae0b98b934969146c6ad6da41e0f098b99d90354e180eafb237e117ea1efe9a69995758c7be372a

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\EC049X2U.txt
    Filesize

    407B

    MD5

    2939e9c77171d8d148acd14515f51b58

    SHA1

    810d265e0bbee713883e66ec2bd50af88188a621

    SHA256

    fa7d2f378a1b3a8860c163f580278b24763f95294847da29d2c4c5362a23a1e1

    SHA512

    32b50f555a440203341a7d30caeb6756dbc0cc88c9163acf25ba2ccd18210867ea148b5c596708b2455906457f06da5f76467d7b994d0f63e41469d7321460f4

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\TIC8GEOJ.txt
    Filesize

    204B

    MD5

    83480bb199d30caa9979872439c35e51

    SHA1

    ec3dfbef3f448cbb74af518096882ac67d15f275

    SHA256

    6cf08761e5ebdd304224107fa46634f5a85ba68072e6aa6cc2a8c34b0cbe2cfb

    SHA512

    1cf8f35042341a7f49fd70d3831f96c6f3835a82c812794f7fe72ee7aac40d8daa31e92df2673c7d66084e87b91bd2e933addf381e35fa94654280b81fe9c194

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\WZYI9BGJ.txt
    Filesize

    1014B

    MD5

    c0e621092ad31920bcdd4a691242ed29

    SHA1

    a109490392630066506b4fffed1851414ab74137

    SHA256

    5b73bbbce6d3416f6ed88e40d2734014b55567ed1eafe91d2b4e5c372baa9227

    SHA512

    7f1fed5593fc5c49a424c9a910e9e5044fc24db721000275665aa12509e3719a0f86f317fce147fb901d487ee8516638bdf661533e4e257fdcfd558c7a8f7ab2

    Download Submit