Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://www.grammarl...

windows10-2004-x64

1

Analysis

  • max time kernel
    131s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-03-2023 15:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.grammarly.com/--

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://www.grammarly.com/--
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4544
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4544 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4496

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
    Filesize

    1KB

    MD5

    5d1ae35983c18e139283a2053219ad3e

    SHA1

    f4e90962e0db52c0a01330b199e41766e3ce619f

    SHA256

    ca4f33ddee85b722b343f20963ec0ed0093fd4dffda18ee7331ca59245b3a23a

    SHA512

    6b5a3a5177cbd49ae4319bab17ae216440e31b9396947c00198ef8df5415f15b595b621f64d4a6d007cf90b21de83b8525edd7db3d8d4aebe378c767bf8b958c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
    Filesize

    416B

    MD5

    d66e1ef4417e36ea877e658480d45ede

    SHA1

    a4c3646d7ff139593554bd05689023958760167c

    SHA256

    b19eae886b9dbefbe5fa34e8c8ec88578dad1189a0b902fff69a37d4b4743b09

    SHA512

    66d8d8c9c26f0a858008e96cc4232f15b7b27a475e70106d2100a48b5da037e5c6b6f2f579060444708a32554142059d592ce46948e159273cb6be7438259029

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml
    Filesize

    106B

    MD5

    78864a0c2da3a53e002b7b1b7fa0e962

    SHA1

    21e48f2e5b33a6e23b34705efc0b49e1cec71521

    SHA256

    0d4b6b029928bdf995d1e3c531e78b7f4e34825dbb10bc58bf03de5fea412a34

    SHA512

    d47db3c0d66a44a31ccf087526728448e8487a60efa7dcac08801ee693b9faecc9c8521eb05082883c9236efc58d8ac6adb90ebfa274e124330560fd1dfc4a46

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml
    Filesize

    198B

    MD5

    029b8a7e4a72ce00c0fd38e025d3079f

    SHA1

    8f6cfa0b561920253b076f6062b1ffdce1209b26

    SHA256

    c5a3a964b6cf5b84d6dc2654da6e744e19a34fe58686860fc3aa075e470f3fde

    SHA512

    a01f0334f667bf2345e0ea22600fb7f5136e4c8b7a0964fed7a8812913cdb5b9d40f35500359f27aad8ca9bc62c4e622e1243a7f3a8d72dac849780ef0b6e566

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml
    Filesize

    483B

    MD5

    d2bd3182b679c9d3cdc325e8e533942b

    SHA1

    266807f3291d2cf4570e433bce3659f037ec614f

    SHA256

    665898767fc972ddc07e004445b9d5d9821f338c55a13b6fb57483a2c61fca94

    SHA512

    f802e0e2bd7659098679e8d252006c9e9f96014ee93f446bc703897855c40c55d03819f4d8df627d2670a3bcedf81627d81cb2669df6b4aabb64667a4ef2dcd6

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml
    Filesize

    505B

    MD5

    05083a401da6f12cde2c6436a6d22651

    SHA1

    ef2e7cbfa7e4f556260cf1304b99dec9a3409d46

    SHA256

    0c4d6bd8d05e8b77b48dff7e7648fb1c85b5ed180f843c8926e8030e6c2a1dd5

    SHA512

    098115590a918fc85cbe1dc7988bc94a67987e36cc7d1766673c17e9ab81dcce23608107f6a380f06c285c9b7bd19e1f003e89d5324329e7a2df98cb211c553a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml
    Filesize

    505B

    MD5

    05083a401da6f12cde2c6436a6d22651

    SHA1

    ef2e7cbfa7e4f556260cf1304b99dec9a3409d46

    SHA256

    0c4d6bd8d05e8b77b48dff7e7648fb1c85b5ed180f843c8926e8030e6c2a1dd5

    SHA512

    098115590a918fc85cbe1dc7988bc94a67987e36cc7d1766673c17e9ab81dcce23608107f6a380f06c285c9b7bd19e1f003e89d5324329e7a2df98cb211c553a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml
    Filesize

    1KB

    MD5

    1b11c625593c0f0c19f05d27d9ede2fd

    SHA1

    af6ce058851060f31e725fcb43d6482837a803cc

    SHA256

    b8f7472ffe927640c86d8efe8bd627971189624c50a8b0fac32c49c1307e5bc1

    SHA512

    398037a95989056a8a5cb19cb97af3c61400a208feed426ecd725bb15179834d3d809bcde5895e5fd824e7a2c76cd2613a382f68aed1e867e7c60cfa248e06b1

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml
    Filesize

    1KB

    MD5

    fe5ad6746f85ef1de1f0dfe8f6e9e3bf

    SHA1

    69e18c30e1ec0c0fd227c6b5b002b4c9352280ad

    SHA256

    c36ed798b17c1c90ac4316bcc7c085f67d5fd8b4d091fa6ecd8972a364a35923

    SHA512

    e7b9157f15ee5aebe43a6f0e3f863596a242033dc93c093ca02399a408ab3a60b481c45e9b32fb0866ddbb7af2248610ae50305b95da5f784134cefc5cdb2318

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml
    Filesize

    1KB

    MD5

    c5925d2315bbcef5a8b480c1b90668ad

    SHA1

    6f67d5f0bcad4328da0fc026550951a9dabcf4da

    SHA256

    1fc5e8c0d0378fce7931ccdd2b0526233163880f0ac341d26643078eb91b0695

    SHA512

    e377632b938b40cd8fd6167dd2525bb22a07c4318a12453e3019331d3f7581df886ba0dd3fca0ec3ff8db96aa292ac449fba9a4de0281d0fe53bb396042eaf5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml
    Filesize

    1KB

    MD5

    1df9e65b8a41d9e1c1b403351e74d4ac

    SHA1

    10fc53e2f0e57f35f021e82e06f20813a7b0a26f

    SHA256

    ce4afa5dd79547192b06c9de2cd9d224a0dab6830073e5aa2420aeaecbd20689

    SHA512

    7ca8a70a21cc7e4100527cd5e2b7ed522ba8b835369391731be619bcd4198e4ad3822235ad6caab68a6babd45dbbb9815b3906339d6fd764e14b149d4aeb5ac7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml
    Filesize

    1KB

    MD5

    1df9e65b8a41d9e1c1b403351e74d4ac

    SHA1

    10fc53e2f0e57f35f021e82e06f20813a7b0a26f

    SHA256

    ce4afa5dd79547192b06c9de2cd9d224a0dab6830073e5aa2420aeaecbd20689

    SHA512

    7ca8a70a21cc7e4100527cd5e2b7ed522ba8b835369391731be619bcd4198e4ad3822235ad6caab68a6babd45dbbb9815b3906339d6fd764e14b149d4aeb5ac7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml
    Filesize

    1KB

    MD5

    8e6cd9752929803e8f86771609812dd0

    SHA1

    447889d6389f6123a3b7252f519924a31799d371

    SHA256

    3c60e265fa4714918fc209c7fba034c66db39a858830f0de76eaa13a359203f2

    SHA512

    9fd86f901dce11dc5557377618f5e1f8d9b5a01d90a06952384162b46ee3f804bb5e43d149665acc240de76667e4d876c24ed304887b0115fdfacd4b35a8f55a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml
    Filesize

    1KB

    MD5

    8e6cd9752929803e8f86771609812dd0

    SHA1

    447889d6389f6123a3b7252f519924a31799d371

    SHA256

    3c60e265fa4714918fc209c7fba034c66db39a858830f0de76eaa13a359203f2

    SHA512

    9fd86f901dce11dc5557377618f5e1f8d9b5a01d90a06952384162b46ee3f804bb5e43d149665acc240de76667e4d876c24ed304887b0115fdfacd4b35a8f55a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml
    Filesize

    1KB

    MD5

    4155fbbdd8c15fb95211c53d99cd0c32

    SHA1

    b185c3eebec79a1f0cfba6157f84e73f219a0c5d

    SHA256

    455ed3d778061569c2a52fc8e3c192ac2f519d8fb80559c41292b056d1ed1fbd

    SHA512

    125878958d96f0a2ec4be564e749d567fbf81ad1f1ad2aa37041e5bc4e41ac74d1285b94112975bd4c5bf0c780a71964a3194dc3bfabc87da15d5c56915a44b6

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml
    Filesize

    1KB

    MD5

    f2a63d962adc27496dcf816feff21f59

    SHA1

    06fbb32e45908518dfeb30ea4848a9b91877a39f

    SHA256

    2b6b217a2a2a39fbac8c363c72731469d9bd7385486fd1778c5cc4089c9d97ba

    SHA512

    fe845619c8ca0c5e183f504feec70d555dc492821c3c3ce4a99d14341cfd00d3c0ca69f065fcb845a8c8e4549c062a0453e26e0f8019775550c11c79c7508a62

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml
    Filesize

    1KB

    MD5

    0b2bc5af98c3d1fb1add7a2279bf0db1

    SHA1

    8138cb9d5ce514bbf6f26efaa9a28770b0e98510

    SHA256

    64b5ec85087475d347abd33e33a84bac693d457f24b03ee3b6630fddff301ac8

    SHA512

    b947785e5c7b9f5aed1b33500d57bb872eee72738d5ff747b5120f8be91d05d8dfc6bb3522547e3155b7a6b80a88244b91cc4a36b221b9b73d5aee1cfe75267f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml
    Filesize

    1KB

    MD5

    06724cec2d5f9a30c92eedff106ce730

    SHA1

    cfdbfb56d7060d7bf586bf63ac20ca6de746c224

    SHA256

    f352820546a46f4a5b35aecc3249e9a35bc0f49914f5cf4b3b51849c27409941

    SHA512

    1965130b4c658d47bbdf2d518bcf382aaf7a46531825c05c5e4b0b4f6c95bc90eb14b6bd31d22eaaf7645f165cf63846c9df17260af1cd6668837f5a2166c9cc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml
    Filesize

    1KB

    MD5

    bbb1ec4b9d997a3924981cdff01af0ad

    SHA1

    3e060ccbb4f3815c49e06b29d756fb2489eee7a9

    SHA256

    f92943488e553af8885edb7ef62ba320d415c0c4cc62b60568487ef6d6f98b51

    SHA512

    f48453b0f9388ebf3274bb4eb749700193cbcced94565bad1974e8d5c64c2be8c7a8a69ef844b6ea119127f2ba8097fe962038a46fda48230797ed6546370395

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N9UYGWU2\www.grammarly[1].xml
    Filesize

    1KB

    MD5

    804ecdf68413592447c00353300f978a

    SHA1

    04ac6321bcbddac198c3672d913fab3afc51d485

    SHA256

    022f12227f761704b52854a59f576ad28a80c716a0fd06f994c70b14b5483a92

    SHA512

    9d0db55447ed180f6b79dd5240a1d939246bc824f9aa3f3c2f8562d87d9f7cfcb29148c9707a7eaa8c94e19e80549b3940625ad3073cb2d37d391cca0e6b7de9

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\feo4h2u\imagestore.dat
    Filesize

    632B

    MD5

    a2fd4e90bbfd6c9693ab28876d015292

    SHA1

    2b688c58d29cc7720254435920134b15e18c5b53

    SHA256

    a80e2a8b2af55b488968cbbbcd20913415719de89d5e3c16957e3ad43d4725ae

    SHA512

    8bd314fea2ce0c2bff46fded64bc16773541524656e654d5f8d15208fc3718300e7a27beb5f9ebc65fc2188dcf0bf0518f2e0a1f3c69e6fd4d677ce4b0fa1bda

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\up_loader.1.1.0[1].js
    Filesize

    4KB

    MD5

    98d98b3499058b76d58073cf8ede2f10

    SHA1

    2ec5bc839a187c2a4d93499567e8fff091a6bcc4

    SHA256

    ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

    SHA512

    dc185d5287645b2d8578fad706446fc337db7a34ddff4ce2a473fc09ec4b85cb13ade474edcdc8c973e4e407853a6fcfbbdcb4e58e5376e37f173150bcd1d066

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\analytics[1].js
    Filesize

    49KB

    MD5

    54e51056211dda674100cc5b323a58ad

    SHA1

    26dc5034cb6c7f3bbe061edd37c7fc6006cb835b

    SHA256

    5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

    SHA512

    e305d190287c28ca0cc2e45b909a304194175bb08351ad3f22825b1d632b1a217fb4b90dfd395637932307a8e0cc01da2f47831fa4eda91a18e49efe6685b74b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\favicon-16x16[1].png
    Filesize

    402B

    MD5

    2340c99e5888c621067307ab254ae533

    SHA1

    88689ead0a6a37314312c7eb7f1eb2a71c50b76e

    SHA256

    66f23b8274c50c3311e814b31d0386816937b904f53783191d84d02cf55ea7a4

    SHA512

    f2229477198d4c38399cdf182c377e679f53fecdb3b46d27c745216faee16930d81b420aa4fdeb9282bff86ba3088951f7269c39fa67897246f8786365b315df

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\gtm[2].js
    Filesize

    370KB

    MD5

    8acd9046081690dd0bbcce6cb995b9e5

    SHA1

    a4f3106e59915d30dc0bf09b3dea69e814d68a62

    SHA256

    2f269c6b7198cffb4b51ad0ffcf01319ac1525d651693ee2d271303173ced60d

    SHA512

    443643b1bf94abe27c58cc7f558f6dce8ea6cd1972f8d44113db6e570bf6088cc30cb40739d7129d576f8b1e96a9fc4561b96af877cfe3481a12f583c23cff5f

    Download Submit