Overview

overview

1

Static

static

URLScan

urlscan

1

http://firstam-closi...

windows10-1703-x64

1

Analysis

  • max time kernel
    144s
  • max time network
    147s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    11/01/2023, 08:09

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    http://firstam-closingportal.online

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://firstam-closingportal.online
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1412

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          471B

          MD5

          2edb0497a0b1af9ce4fd1678e28d33ca

          SHA1

          a187a6aa5d6a6adaf84d883d45393d3467a969a1

          SHA256

          ef88897d83afa3568fd2b4d8e4c3dbebf153081b157b16074a8ed0737411e5bb

          SHA512

          fb929af42c1a5438a5008b67953230b3864875af25529f12bce1c4f7c4ce467e66a35ff18be15f1a0db9c81ab5f2dc6f45cc0a0b7d9199c4e9c1274557256d31

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
          Filesize

          471B

          MD5

          3855be0964beaf64379b70df36ca05f5

          SHA1

          1ed25dd6797cd4c13ca39bb578bc94491832353c

          SHA256

          3c391e1e53dbe0414de85f49f28b47c39ff49928f79e7f8941fca82f1a59151b

          SHA512

          e76b4f54adf725ca50441d58c27bc01817a4487513c67d3e84dc0fd788d8973333fc542aaac3fe3f852e495163b57a4c1622af8f7a88d22b6a87bf6916b43fdd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          434B

          MD5

          a460040d9e1aca8ddb7fb3287651d024

          SHA1

          dabb6c32ee2d4379dc456c039becb19dd08ed897

          SHA256

          9832fe97f222051c04a866202b6a777eb6416d80a0a5ebd900aacdf88a324fa7

          SHA512

          b6015a0e8f88dc684f379d318a2096b8d439b8695095e705092c457df8cc1c6c6b1e623c0e61bd248abe4465a1583cd18441465d9845010645130c4534510a2f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
          Filesize

          400B

          MD5

          b6950981e8669f3f9a6332306ae4479a

          SHA1

          7285f36a74feefbf3575cd0d642ee428333f8b85

          SHA256

          e278a50c1e8ff2496ca5b4648a594632d7120fb8a89834260c823acaa07acef3

          SHA512

          6577d24b540aee8387afa58249945a5a0b3ce5fce7085a491329a3bbef04d76ea74133ed4d3270a9566c00f1a9b0d27094ca22d5a428bf1f7121e095ac660cd9

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\ESB1PHQ5.cookie
          Filesize

          610B

          MD5

          6a0f89c53a4c59321208a21c4cc1230f

          SHA1

          388f81e4cf325923922c281df8a8715fed7dd2ca

          SHA256

          1e65bd7a22c476f9603a78dbcf2695be9a7e3f7b2e932bde632270de33f17cfb

          SHA512

          7918fe33c03fb91dd71b68c21234f9d4bfb16650f6f7f00f738732e2abb17d7d094577e25afa3bba32e45e9a0fcf9717aab5b4f3e13f7d69a2e6f64aeb7a3afc

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\P5394SEV.cookie
          Filesize

          610B

          MD5

          3bb7aeb2fc755bf38be5eacc8acd8d3e

          SHA1

          80452c48f6684afd84bd4dc15a6af96fdcd52c02

          SHA256

          6bc1a539e767e34dc53aed8467deaebd38867c103c53b69da3dbe0e89299a597

          SHA512

          da01faac20f82d06b4f7f991af347ef1c284a0afb7411f1efc146f8e22e9e59b32305625665edfde3c7e403918e884195d1d80a1efc5096f2060cd2b06abe18c

          Download Submit