Overview

overview

10

Static

static

URLScan

urlscan

1

https://ewydrfdndsbr...

windows7-x64

10

https://ewydrfdndsbr...

windows10-2004-x64

6

Resubmissions

15-12-2022 23:56

221215-3zc2pagf3v 10

15-12-2022 23:50

221215-3vj97sdg56 6

Analysis

  • max time kernel
    970s
  • max time network
    972s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-12-2022 23:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://ewydrfdndsbrt.shop/index.php?key=116614230752

Score
6/10

Malware Config

Signatures

  • Program crash 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://ewydrfdndsbrt.shop/index.php?key=116614230752
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3448
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3448 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4116
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 2836
        3⤵
        • Program crash
        PID:4332
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3448 CREDAT:17414 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1788
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2456
        3⤵
        • Program crash
        PID:4492
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3448 CREDAT:82958 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3164
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4116 -ip 4116
    1⤵
      PID:4880
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1788 -ip 1788
      1⤵
        PID:456

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Persistence

      Privilege Escalation

      Defense Evasion

      Modify Registry

      1
      T1112

      Credential Access

      Discovery

      Lateral Movement

      Collection

      Exfiltration

      Command and Control

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        471B

        MD5

        f858ba1a816dd020e5af93bff48aaa7c

        SHA1

        171a4e5f3fc126ed213d0cefcd64639f892cb31b

        SHA256

        e0cbc49b2de6d153786f381793895f2011f0f918cf9c17ccdc9fffa611546921

        SHA512

        fc2a6de8eaa89bdfd8b4efd951e1a06919db0a27fa3ff571804d0220c8ba4797021a162461dc7f065d91146219979f33a821d6b8ff862f88e4ef66871ed19d74

        Download Submit
      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        434B

        MD5

        79c568ab274272e12b8c2c06110ed94f

        SHA1

        798e8a0c9c81e9b0f62ee51daa7ccaf6a692d130

        SHA256

        88190122aa84c6b82dba6c3ff8075f0a95ddfb5e2ccbf50de0db57bf138f63c5

        SHA512

        6853f6bf804f6a8ad27ea238c3d5a7b5aa05357b4a42a1b111a8f1aa0cd149df8639d3d68b2a480943e556aaf4dd68f5f51831e9369907a1a0f220975df0726c

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DU2BEY67\aes.min[1].js
        Filesize

        2KB

        MD5

        b2c1e560bfa05e6a2fb04a78c09f824d

        SHA1

        a38f5bb31ccbcd24fc8ca707b9479325526a90d8

        SHA256

        9d2324da115b05d11b9876e759bb7bd2589fa772abde237c9dbdb572f6e2d5fe

        SHA512

        7aa6d0bbd50df33b35197628a599a74c516d271a59d37147681328537770a0a8ab80646cb3d76262a56979c520b6a5b6611164215824c9c19057ce76703e3afb

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G9LDH5FK\index[1].htm
        Filesize

        22KB

        MD5

        6dcc40e16ddb0a045f0014c8b9f7bbcb

        SHA1

        cd33cbdd3c83ff97c30475276582945e49b02b08

        SHA256

        8458c4d2816377c833e2ca46fd2b9cb1926685a7c66c445f3e3306158499774c

        SHA512

        20912b76dbb62cc130088864aa53016d7b15aa2e2ab877776a1a06a75c5caed0d1130ef858128f55079600bac229eced4c87b515c493a8891b493d21b6b9f75a

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GMQ6XNBF\crypto-js.min[1].js
        Filesize

        46KB

        MD5

        cf3402d7483b127ded4069d651ea4a22

        SHA1

        bde186152457cacf9c35477b5bdda5bcb56b1f45

        SHA256

        eab5d90a71736f267af39fdf32caa8c71673fd06703279b01e0f92b0d7be0bfc

        SHA512

        9ce42ebc3f672a2aefc4376f43d38ca9ed9d81aa5b3c1eef60032bcc98a1c399be68d71fd1d5f9de6e98c4ce0b800f6ef1ef5e83d417fbffa63eef2408da55d8

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S58XVZL8\zepto.min[1].js
        Filesize

        25KB

        MD5

        50a4556b0089cfa1cb61e88ea23bbcce

        SHA1

        6865443a258954fa19b8aa682e1f4c77d42493d1

        SHA256

        beb9f5e32ed61fbce010497242a9b6b8219242b5ffc636038e7891510c773725

        SHA512

        06bbd560d84a87ac924f6e04e4363f2e8a4b3b977ef0a626217caba41209d8f2be0b2c89c3f70b486fc17c9a2658b0b521b94dae688958696b1ae78a2ddfc493

        Download Submit