Overview

overview

5

Static

static

URLScan

urlscan

https://security.mic...

windows7-x64

5

https://security.mic...

windows10-2004-x64

5

Analysis

  • max time kernel
    133s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-02-2023 11:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://security.microsoft.com/url?url=https%3A%2F%2Fvsnyproduction.mypixieset.com%2Fevent%2F%3Ffbclid%3DIwAR3Iv29yQaR0UWAm33Jfv04XbjC17XnmHQlEPmMXzzS9WX9RFlYWtiXcUUE

Score
5/10
microsoftphishing

Malware Config

Signatures

  • Detected potential entity reuse from brand microsoft.
    phishingmicrosoft
  • Drops file in System32 directory 2 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://security.microsoft.com/url?url=https%3A%2F%2Fvsnyproduction.mypixieset.com%2Fevent%2F%3Ffbclid%3DIwAR3Iv29yQaR0UWAm33Jfv04XbjC17XnmHQlEPmMXzzS9WX9RFlYWtiXcUUE
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1544
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1544 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2424
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k netsvcs -p
    1⤵
    • Drops file in System32 directory
    • Checks processor information in registry
    • Enumerates system info in registry
    PID:4624

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    627082c64c12e33958757c71e493e289

    SHA1

    76523ca1f952da5ca306f72c6efd497fe90085cf

    SHA256

    4939d97986cdabd824b38fc8ce3d4b8b6ebeafb7a113d2af94944b09e33454c8

    SHA512

    2cb4f47a38d99edfc1c25e520970fb057acdf589da1d097d0a621f020cdb843e8c3fe559d1098b04161f22d0596ccaf34d526b4ead38e5bb94421a5b209daeb6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    9b336fe698a60495bb2860e5fa33d586

    SHA1

    4dd221a4a6f8ecbc2dc4c3d2601fc072191972e5

    SHA256

    9804c0a944701278244c271d31a1132723deaa89ec519caa60e1f6e7d07da512

    SHA512

    0e9a148138a6de5b8882371109525dec5ba42e6c06105e23d1492f20e79dfd251eeb8321731f1c32f27cfece75fdb167491eb1737b40b03b2428a511fea3629c

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\z2evvp3\imagestore.dat
    Filesize

    15KB

    MD5

    fe7e0f603c1529791950bae7c6012243

    SHA1

    eb52745a79ab58a969e55ce15b37ad919a472752

    SHA256

    3cabb4d52d8f836c454869ac5f77b441550e4547c33e2ce036c1df8a42e0ac5b

    SHA512

    080333b21c6e4f676ff57876331dba1897c3a662e593ea12f1c188673ea5cfaf4982eada983201d5255e385fc42ce9a1bbb8ccd36dc9646108a8034245c5f417

    Download Submit