Overview

overview

5

Static

static

URLScan

urlscan

1

https://au.report.cy...

windows7-x64

5

https://au.report.cy...

windows10-2004-x64

5

Analysis

  • max time kernel
    98s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    13/01/2023, 10:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://au.report.cybergraph.mimecast.com/alert-details/?dep=MA7EyUJGHSaxgdiLeoKABg%3D%3D6Pw%2FEZ1b2qNLHuxqJnRwKu5d1jt7hhCrCWJybTRWCtKxVL33wyUVXyKLa2CQ%2BLekb2MQt11HuehrIjT72oBrQ8FtN%2BXBxheM3I4qekfNumd%2B85Yb3bd4Fxc4nueZL9I4Zov0SpYysTKFtjLWU4%2FAvMQRXlLxX5thI19KkW%2BCwU73KEP69fYLHEARcSqK6j5zp3kT3d6Hk9oa2seRgqPJVAuwxLjH%2BEqHUsZOzXqRf%2FdqcKJbKbzQmktLalqSuTem5xcw0EZWlU%2FZk45BwWdHZpu7PlIZKwgxCNgrdREDxVjSmhgmMHe%2FW2kuxBXBntAYyA4tzgj7ymV%2BTo42Xlk6iwa%2B3pwyYS1uz6LHRzpFDbV%2FE1EIWVuO%2B7Owl%2FxX%2FdrFo6v0T6vxNEqxzV5rHHvSfPwZeItBxhP%2FNRVE3MJajdoH6nDVAsxhrVtQBqc3YESUqf%2BMFrPXhtabQr6YyYSHQnaDPH3kVX6dZHE5xBenUXNXPLbl%2FS2tKVnPrNJCf2dXmUzZC1%2FYsFvfUd5I%2BzHlU2fG%2BfXK65zLls9RNTQ3Wva9I1bdNiKYH3s26dKHvYK2mf07j%2FPpNIzBf%2B4fA0YlqmdDRbVz7gAro9spyh%2FD3zrXu5wuVI5ZYKFqJ77Tp4Y6f73hDZ1PwqV9H1PGHKCyLi%2BRn7m9g77Jdri%2BRFf%2F0aI%3D

Score
5/10
microsoftphishing

Malware Config

Signatures

  • Detected potential entity reuse from brand microsoft.
    phishingmicrosoft
  • Modifies Internet Explorer settings 1 TTPs 44 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://au.report.cybergraph.mimecast.com/alert-details/?dep=MA7EyUJGHSaxgdiLeoKABg%3D%3D6Pw%2FEZ1b2qNLHuxqJnRwKu5d1jt7hhCrCWJybTRWCtKxVL33wyUVXyKLa2CQ%2BLekb2MQt11HuehrIjT72oBrQ8FtN%2BXBxheM3I4qekfNumd%2B85Yb3bd4Fxc4nueZL9I4Zov0SpYysTKFtjLWU4%2FAvMQRXlLxX5thI19KkW%2BCwU73KEP69fYLHEARcSqK6j5zp3kT3d6Hk9oa2seRgqPJVAuwxLjH%2BEqHUsZOzXqRf%2FdqcKJbKbzQmktLalqSuTem5xcw0EZWlU%2FZk45BwWdHZpu7PlIZKwgxCNgrdREDxVjSmhgmMHe%2FW2kuxBXBntAYyA4tzgj7ymV%2BTo42Xlk6iwa%2B3pwyYS1uz6LHRzpFDbV%2FE1EIWVuO%2B7Owl%2FxX%2FdrFo6v0T6vxNEqxzV5rHHvSfPwZeItBxhP%2FNRVE3MJajdoH6nDVAsxhrVtQBqc3YESUqf%2BMFrPXhtabQr6YyYSHQnaDPH3kVX6dZHE5xBenUXNXPLbl%2FS2tKVnPrNJCf2dXmUzZC1%2FYsFvfUd5I%2BzHlU2fG%2BfXK65zLls9RNTQ3Wva9I1bdNiKYH3s26dKHvYK2mf07j%2FPpNIzBf%2B4fA0YlqmdDRbVz7gAro9spyh%2FD3zrXu5wuVI5ZYKFqJ77Tp4Y6f73hDZ1PwqV9H1PGHKCyLi%2BRn7m9g77Jdri%2BRFf%2F0aI%3D
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1456
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1456 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:964

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          61KB

          MD5

          fc4666cbca561e864e7fdf883a9e6661

          SHA1

          2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

          SHA256

          10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

          SHA512

          c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          369ffdd2e2bdf77529160e58309a0d5e

          SHA1

          8ecc0d06128750e821ece4ab5d727201ad5136e3

          SHA256

          31be255a399a5aef835bd5fd0d37c46031b416e5293e7cbb1be11bfa96be8ecf

          SHA512

          56d3d0eb07a7fbcade2a96e0d235af5e43743911ad42aecff4b76809e23ff077279f003482efef31ac04f540f5c3e31457881e2de6279de6385e0616ab58b3c5

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1evexod\imagestore.dat
          Filesize

          5KB

          MD5

          b2b8cffe94dfc084e2285dbf05f342ea

          SHA1

          9a0aee1fb82bb4d01eff0cf057b83c993ee69770

          SHA256

          d2b833bdd5f64a15e9f50b85ce3237c44d85263dfb236ca65d7839fd8c032b8a

          SHA512

          445efd0f6b4391d85b2e3629e850c76d71dc2b7233e8b67c6c4065dde82ccdd1b04a7dc26f5d6edf83568c1bba0a98582e22c37b9dfd30011c3a0d44fd8ce6b8

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1evexod\imagestore.dat
          Filesize

          23KB

          MD5

          dffc4ed577816eecad6885491bf46018

          SHA1

          6937151a42628a0ecd3419fcaeff6a95de0803b7

          SHA256

          84dd69627317a39e5703ed09cd8d75a89c5ec8f88070a265347b386fb9a250b0

          SHA512

          0a4d193ff1f099ee392dbcda30c212edac690c2b00d7e439a192f83d0c03f0751ca8f3f8a8120ba687a98c4fa34312d4e2fc65668d5ac3dad68238266086961b

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\H0DEGFYF.txt
          Filesize

          606B

          MD5

          725b8055d2a06a66fa0f40cadaa5f13f

          SHA1

          3fc9b2b49f9208c7986b8b924fe3b64532b5db40

          SHA256

          018c710189b536f05b68fa7f307c903e0c0fcbcfa0aa6c8dddace82fa64f1d0c

          SHA512

          ad11850a581d38786fc40276a67834de5b670ddc23b75c822fdb216f3747b77b373be0cab163e49735079d372c7837271a3dc4df43d75485890fd26469374f65

          Download Submit