Overview

overview

10

Static

static

URLScan

urlscan

1

https://www.nu6i-bg-...

windows10-1703-x64

10

https://www.nu6i-bg-...

windows7-x64

6

https://www.nu6i-bg-...

windows10-2004-x64

1

Analysis

  • max time kernel
    67s
  • max time network
    74s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    15-12-2022 18:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.nu6i-bg-net.com/%D0%B2-%D1%81%D1%8A%D1%80%D1%86%D0%B5%D1%82%D0%BE-%D0%BD%D0%B0-%D0%BC%D0%B0%D1%88%D0%B8%D0%BD%D0%B0%D1%82%D0%B0-in-the-heart-of-the-machine-2022-%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD-%D1%84%D0%B8_3dad8908e.html

Score
6/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://www.nu6i-bg-net.com/%D0%B2-%D1%81%D1%8A%D1%80%D1%86%D0%B5%D1%82%D0%BE-%D0%BD%D0%B0-%D0%BC%D0%B0%D1%88%D0%B8%D0%BD%D0%B0%D1%82%D0%B0-in-the-heart-of-the-machine-2022-%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD-%D1%84%D0%B8_3dad8908e.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:900
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:900 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:660
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:900 CREDAT:996367 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1892
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 1600
        3⤵
        • Program crash
        PID:2148
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:900 CREDAT:1061915 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1492

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
    Filesize

    2KB

    MD5

    602cebd424613d514b439fe78f14a48d

    SHA1

    d5d7580e513e9b4af91e1a8bcdd5401ab98636f6

    SHA256

    29fabef3eb6d67f8ff9b015375b8fa6b6bced5e8c1651f2199fcb183f33578aa

    SHA512

    fb2cda553e81eee089a166a0da126f9b4cff2ce5dba999ea87a4bfd1d396198f93e17391f408b2b5fa76e5a021717c4c349dede102e3e7eb1f51b44d407cb8b2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
    Filesize

    717B

    MD5

    ec8ff3b1ded0246437b1472c69dd1811

    SHA1

    d813e874c2524e3a7da6c466c67854ad16800326

    SHA256

    e634c2d1ed20e0638c95597adf4c9d392ebab932d3353f18af1e4421f4bb9cab

    SHA512

    e967b804cbf2d6da30a532cbc62557d09bd236807790040c6bee5584a482dc09d724fc1d9ac0de6aa5b4e8b1fff72c8ab3206222cc2c95a91035754ac1257552

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
    Filesize

    1KB

    MD5

    a8ccb1c96249609cdf477c986a66a950

    SHA1

    e6dd65e060ade24f88509054d9a8ce7e72845377

    SHA256

    6a8bc4f0f6da83dc6cea5a7c37bb6e3087cc4e7b64d79024a3bc51e5b884abe6

    SHA512

    6f574428b33e91aae6bd0330271754445b2d819b5fc3121a12a947b16a2372bb6df49c1b7e6ab5c3ebbc95e4bdef6765975113febf1ad2c01011e42b2370c06a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8977EE46DEBDB8B110A1EFC4CBCB79A3
    Filesize

    472B

    MD5

    19633ad3523ad8fea4bc26a57ae9a311

    SHA1

    702e2a40f3c8c8ceb319ba6c5f8983c1a650d330

    SHA256

    c5cc4c5e82037b66ea9ec7a574895c4bb8a2a9349f1ed271f5a266bc1f6a6a2a

    SHA512

    77b37f77c956229ef469e8f4fa0418e84d1c44852206752eef5498225ea8e04bc556759f1d43979c9845258873d51b46fe65b43edc21296cfb03890b63fa6d82

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
    Filesize

    1KB

    MD5

    13ed5d9cdfe44b69986cdcda2709fae4

    SHA1

    6f1ac25238f31888d91eda34e7b2dd92a4f379db

    SHA256

    c19bb0d55abcc511665e003cb64e5900a9a93dea9e6a8261356ea9f7f02d8126

    SHA512

    8b34e9dea82332ad2098fe1fdc24f9be1c2722b07d6c8427c4b8348b5dd014780933b369bdf97408e473d84259925c4427a005e86df3a83bd9cae3a93d5f3982

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
    Filesize

    488B

    MD5

    e915d3a3541b41b80ee2dba5666be72f

    SHA1

    63f4234ea1a3e88a96bbb27b430a0f65494c4473

    SHA256

    c5da36594ceb7c4ca46993aac9c15a71a33a72cfe31f9508e40eb78f0b7c923c

    SHA512

    f82b37134e43eff11bc83adf93425edf55dbe7222bc0c5efc1c169ee4fd807e0ddbf21b972a4448315f4ff910e1b74efae40948724fb37fab615d526eeafbcbd

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
    Filesize

    192B

    MD5

    913476f082360d3d6166b64eff0d915a

    SHA1

    5d9f6e27cc566eec1e87d68ce5e7e6d4b582b93a

    SHA256

    09329869a01892978e3488e7e2e9903f8464fa7b54703f9d3f32693ecaeadeee

    SHA512

    8f4c13586f4d04039500ebc47144f81111b8304366cfa8e3209bf577432f1fcfddec21d0faa84496836261334fe42965aa6cbbf5f078801cc3653b290997cdd1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
    Filesize

    438B

    MD5

    4776229f36ebeb0b546a9e1db32a0234

    SHA1

    e10a9c3e0aee61d36d7acf14773b4f0cb00f1149

    SHA256

    3ddd0b1807580fe9748c1098eaad635ce348ebc4214680fc0c86088eea2c0c0e

    SHA512

    9be8bcd1ac439a96a12fcac991ff9ac53997a7d783a6cdc6c3e63bc8c8d0e5ae65ce75e4ff34d6de1af7efc2a346172bdf884dbbcf1658b19e4a13fb3d6bd0fe

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8977EE46DEBDB8B110A1EFC4CBCB79A3
    Filesize

    476B

    MD5

    e420555700f15907784ce53b70f0f57f

    SHA1

    b5f03365793658bdeed767008ba87cc7908a4ba9

    SHA256

    56f716985f604a9432196e02b745d7020616e1bbc36a96266d74f2caa2d08ef3

    SHA512

    31f96599a150bc52cae0ba399f95ad30059b631e6ac5b4790898c153d89e399f103ea7b662a808f23d99551171ae08820468cf1cf0bc4dd4ee21aea36bd2f3c4

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    710fe9bf88a9fea55e539baf66e97087

    SHA1

    49f4f9c814c391351d0e0d6884c013c2bbcfed43

    SHA256

    63733726c41cc1512722cb854fa51e1036289416e7c12757443404293168ed9b

    SHA512

    b776e1ec44b4e329637bcf37ae9a06ac15b9dc7b7e455151402210045b439228751a4ae4430a8ac0b9f04601793b467387c44e80c2acccc6da192e8ae7955fe5

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8dd078fba8a7c3e24830b3ffecbf8cf2

    SHA1

    7bbf60e63088d67a9326910cd0ba7bf92a8597f6

    SHA256

    94346b49027e5b17c1163a0477f7a85af450ba4bb52028d0e790e7df836b96e6

    SHA512

    2decd477da0ba20aa772206250186bfd6d0c8b9613e98af8c78bb464bc476ccad3265f12e86ea3d07c8633ea95954f8a5c7cbb1f78401f53319830475ba456cc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a7376af13e48eaf8ad389181f099fcb3

    SHA1

    c653930fbd1357cdabc9d21cd8bfd4618d5749fb

    SHA256

    3937f45ef1e04c1aeb4d25e2617f35c27e82d0e5eaf90773e3ec1593d7d03a2d

    SHA512

    28a7c8a48c64e08bfa4600e81fad41aded7a8723c154c650dc80f7b0dce7bd1fb4bbd9870f12102310dda54eb620c1cca747cebf304aacc3773312df38c53ada

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a7376af13e48eaf8ad389181f099fcb3

    SHA1

    c653930fbd1357cdabc9d21cd8bfd4618d5749fb

    SHA256

    3937f45ef1e04c1aeb4d25e2617f35c27e82d0e5eaf90773e3ec1593d7d03a2d

    SHA512

    28a7c8a48c64e08bfa4600e81fad41aded7a8723c154c650dc80f7b0dce7bd1fb4bbd9870f12102310dda54eb620c1cca747cebf304aacc3773312df38c53ada

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2e41bbfc36960157caff4f9a5ce5dcb8

    SHA1

    344ad1ce5dcbe69d045106b9d5620d8f5b892078

    SHA256

    88220e6e996db634671ba68b98ce2c431ae8a7db3fb5268567c55c9897c88d74

    SHA512

    9470ff036cd0a6e9630f8f35d61f42b5af68190dbfdd09658e9c24d04f368388f9325ba2024560b7e740c34525e9420ae391e1d65d7bf62802b702f2c098feac

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
    Filesize

    482B

    MD5

    104183a0e532ee5136dfa30a4808d9c6

    SHA1

    ebde1a872815f185f42bd499e07f7553e686ed15

    SHA256

    a8e393ba3d00a7758cdfa9325625030983a11094edf27ce5b8f78cd05b89d12a

    SHA512

    aacc5877dcbd7c7fa8d0c1473c5d27b67a7b914f96a7820d24ca0d80a84c7cfa8f1d9cd5dff2e6289ef2c91ab8af15fed6c0ad112f765d3953e2f4ca230176d3

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    394dd81a97693cab12b551ec84d36f5b

    SHA1

    a013444b1e079c483940f3bc15f7eb14f7dfb401

    SHA256

    30be950fd10d0801b8c97b128f6db8debee62645768b8f015d5bda5b7556c129

    SHA512

    ab46242034757293493756ebbd15e2cb8279b48fa27347b0ccce51b13af934e0fe81da84f7f4a40f5b4f9925902fe5a1584542c55357165b71188f4410ea52a3

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    ee58e9dd08700f727f60fa4811a45d33

    SHA1

    97ce5b3d6b7110683e4b44ce11fb99b4d7f28027

    SHA256

    6b48635bb6a893aa3d9a866622b1d0b5e9a13260812f9a775df4e42c7ecfd922

    SHA512

    4eee48e5a67b97bec5a354145b0e5a4ef9ab0afa524d5ced2c8e593d499022fed24414a25ad59d12ab9777c242e4f0a37256934becc0a764d8efeeb13827e95e

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\TH9EV5JB\www.nu6i-bg-net[1].xml
    Filesize

    964B

    MD5

    b759198968df32f546f2a0cb7a1a981c

    SHA1

    31b08233bca3c541cdd26509bbdc4c9ac78d6f29

    SHA256

    9ca77fc6c85f58b7f7ec0ac6022898bb5c6c53e5b8e6643928ce25e546fdf005

    SHA512

    512471e7861124f1550c77fba4fbd4fc38cb3b4a9d14691dd15eadd5c17b3a9a412d38e329ecc0435a87dbc26527a78b0ce5ccddb13b1837ce1ba215985fae1e

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t9o3c8r\imagestore.dat
    Filesize

    1KB

    MD5

    db1a34ee1e2b7b5895396dd9f32afef0

    SHA1

    1909d15985308c4650af9bd99c8bbe76bafa56f8

    SHA256

    ce6a125a9120a7ede54b4681734021c07b6ebe6035d7800cae950e4eb571765f

    SHA512

    e0b2b5da74c776b7ca890919e2fc193ee8a1da110a13de2b00cb8850faedd13cc10749c747a682dde173f61f3d43829c9e3705a96fbeaeb5d982fe45328fc16f

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\54TLEJPE.txt
    Filesize

    645B

    MD5

    7d04cce1d6e9498a33e82e1e4d03456a

    SHA1

    09db367e8e77618932b9013c5726d3ba101e1af7

    SHA256

    96dfda85f5e5de2f9e7e0dad4566724f0d3dbbcd663b4690528314839ef1d266

    SHA512

    69ae5afa30e285f55c5eaf5d75e791bd97b1283aab6ce29eaf0c57da588a5dc1ccae14dd7b88abe7ecc718109fb7a7fa080a7e01a9a1939032354a673effce9f

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\B0MDOJAI.txt
    Filesize

    579B

    MD5

    a289f6c1f9e81ca806961f5c97da276b

    SHA1

    ddc8f91d6a4d8aa88c9b926b140219473941c223

    SHA256

    c8979306a81b6901b1488e962fe61554111cedd702e37e5f62e9dd51d3528356

    SHA512

    1d104959e5965bcf0965bef306263841053fd5f072700dd0c0c15dc04e147203b1e7edec064410d088395479f13be4efd0c0a5f55a12488bd86a7037d37c5b1e

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\E9CBWRS5.txt
    Filesize

    608B

    MD5

    519dbb8b3233c6b37aea8fbffe4667e6

    SHA1

    a727b56061fdd227d53388ac8f1c12d80b617811

    SHA256

    05e6b6d79c6ab20265e21e9b62baa7a34e0c261527b16263da6736fa009bdbe4

    SHA512

    61f9b297a07393937689070ff816c8c0d3513f2a904a317291f08e03245b5047dd94634643a6dcd83199544ceeca5ad0f7f0c7cc58cb25a081025582e112e453

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\G4AFN0VV.txt
    Filesize

    885B

    MD5

    a5509ee8761a24729e4dc658801a639e

    SHA1

    7db4cddc3df8f815d79e93e68804185f2cf6482a

    SHA256

    dcc2bbbbbd0c1783c6bc027c17c94bf88f1a276626c0a8902982427b37544e34

    SHA512

    169cad480f211a3f16728ba0954dade48b698ab69b25178b81bf409d663165c5fde4840d1a9d62532a2a2905b6c8314c1e6658de8f36e0372b7f259057a480d1

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\II76LYV8.txt
    Filesize

    169B

    MD5

    3c37568e11b242a80eee23b4ed4a7b05

    SHA1

    8ac5c0fb0ce302b5ef86ca15a6332247902b412b

    SHA256

    5328d2bab6af335a0bba484871374e5256c2ef1f341425fe353f3abf3b755c03

    SHA512

    e60026cc2433830a7a6c5a7970d3d04976ce7aaa08d8ab54048d0bc3e4b678531ed9ddf979b8b7e9918ec068f873efea6fcac75156133fc158b0243f2155ed83

    Download Submit
  • memory/2148-79-0x0000000000000000-mapping.dmp
    Download