Overview

overview

8

Static

static

8

URLScan

urlscan

1

https://phdmedia.cgd...

windows10-2004-x64

1

Analysis

  • max time kernel
    278s
  • max time network
    289s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2023 11:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://phdmedia.cgd.co.cr/secure/berta.marques@phdmedia.com

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://phdmedia.cgd.co.cr/secure/berta.marques@phdmedia.com
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3440
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3440 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2216
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3440 CREDAT:17414 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3200

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
    Filesize

    717B

    MD5

    ec8ff3b1ded0246437b1472c69dd1811

    SHA1

    d813e874c2524e3a7da6c466c67854ad16800326

    SHA256

    e634c2d1ed20e0638c95597adf4c9d392ebab932d3353f18af1e4421f4bb9cab

    SHA512

    e967b804cbf2d6da30a532cbc62557d09bd236807790040c6bee5584a482dc09d724fc1d9ac0de6aa5b4e8b1fff72c8ab3206222cc2c95a91035754ac1257552

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    375b0ae424807ff7163c3bf3abebbeaa

    SHA1

    f82e08b94958f7e5a2400d8e781803d9735a7afa

    SHA256

    9e47efa8c7da926615747edbb0f267fe18eb8d5a417e7d15b964f3e16ccfd51a

    SHA512

    0cfb7901ce9dd4179f0db49c35da35581c3fed30c6ee6d97aca9227452e49eee7578c24a380ab330fe70126d4b1048a4cc9ca2890a803db4833a45ac3363b2d6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    b011d2725e33c0bae4cc6110f1228caa

    SHA1

    98595cb1500ab32b457063d29a60a8ae5496b49b

    SHA256

    cfb146a5a70caac0842df76ab5cffbb524b9964c4a4250473189d053f24ea9ae

    SHA512

    60e98f54414f8e14185dd66570b6f4e1cee6471648b700391e59042249e9546d9baa19a6dd0c0b6b8ea17e1eb4059303b7a584507624d0634a50d957af21bfc0

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
    Filesize

    724B

    MD5

    c18c1ab84b27ba6cf9cd2e5ca8a96d62

    SHA1

    df6dc9e0b61be770d13df05ac149ed07c5f9210c

    SHA256

    c3535d9b617c8060aa4a80b708e2d017c1b344258b5f18d1b6889060c894ff2a

    SHA512

    cb84a250d7c37c1def8d34976326f4d90b4e5fc0dbefddec5958af85e67a07e77ca0bebe8bd8c3ab784b138eb2ee05004ebba20156e5e02186bd1dd1d92850e2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
    Filesize

    192B

    MD5

    26d09c5be2e811096330cfdb3c4632c8

    SHA1

    4f7c11ea099fc3f8ef7cc3b24606fa3830dbb406

    SHA256

    5701b4bef7d23a1ab9b89ed85ba1510e044530b962d5ae2e2bb082b90b024687

    SHA512

    db117ac069e415df694048ed2d91eb7dae0cbcc64717614a3d5e4e371fe48a81f7b9b84a5799bbd9cf18ef925387ebb501590f76cf2f14e9c6b3a3beeb7233d3

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    f2ce63d34973e6030504698a1ba6aeb9

    SHA1

    79ecc3f880f3ad25c5d8b5b45de721cb54ed2f5f

    SHA256

    e8b48c0a097174ebe570fc83e39508bb2efde719799efc18b02ae07ccdfc3714

    SHA512

    263f01696806412dddbde0abc7619a24248c566cb4bff428de9d2cd7718b93cb047fdaaa8247d24fd3e33f751b69a31ed6a3e87973fc51d3c1d606b843fba398

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    5c5452b6f547f4eccd62340aee14f9d7

    SHA1

    f6a1dc816e373ebfc3d91fe2d511ac000c5dd7bd

    SHA256

    df5828b469322f855c58db8e4ba61194d7f42ad5ad3fe7e63ec66f3b74d72582

    SHA512

    3e0448e87815faedb54c5ba0834b036755a102217a9333f96795d72ed074e93dc225aa3fb2d2dda825d69ea907c94a14a5f597131a0d93eb1c3e82cd162171fa

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
    Filesize

    392B

    MD5

    9cf9053a6bcddb34f1ec06f3fa87dc82

    SHA1

    b619c075dd16bf5e465145ae6c56caac6d9059ab

    SHA256

    680387be800e007c0cfb31b3ca34825587ac613b9fd7ca25a7f589d7db37bdca

    SHA512

    940373e0bb5fb1cbed41c78a39420bab91b18bdff00bcf876530d9aeb3491fedbe4c666802a1c59505b4471a68c5de815e586efe455cb98801fc8409ce50ba3a

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\zpu22o1\imagestore.dat
    Filesize

    1KB

    MD5

    8c55959948bd4cbc1d904307cdab2be3

    SHA1

    315766cf51dabd1d1673cedf0aaafc344ec38d1f

    SHA256

    a3cca2a9302bae62ffb07a6f766403744a85bf446ae8602136502351b2076a99

    SHA512

    dff0a68f74f56ac19b598efc96bfe7cdc262fce82cc9d64d41cb3cabc53ff73a8bbb70db9cd524bc8a1e033631378bf07bd66c404ce84f2aa25e1261a0d3461b

    Download Submit