Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://go.concur.co...

windows10-2004-x64

1

Resubmissions

19-03-2023 02:19

230319-crxg9aee53 1

19-03-2023 02:15

230319-cplmzaee46 1

Analysis

  • max time kernel
    147s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-03-2023 02:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://go.concur.com/032223_Client_FaF_NDC_7017V0000013N2h_RegistrationPage.html

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://go.concur.com/032223_Client_FaF_NDC_7017V0000013N2h_RegistrationPage.html
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:820
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:820 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2084

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\69C6F6EC64E114822DF688DC12CDD86C
    Filesize

    779B

    MD5

    1205ee97a2ed45fa21699187f4f17775

    SHA1

    c8022ec92b9b1cd68438ce739ac8aafb05220f1d

    SHA256

    b85ed6ad3460e4d5234caffdd1e507e97de892eeccfb442d484aea5983fc5b0c

    SHA512

    0da501d200b4718fb056aa3d195a6c4960c0ec64b373816cacb4bd90ee930536c96e1e41cefe018024b7c2ffcc512540967841da42a5892d61c24635bc978fa3

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F
    Filesize

    7KB

    MD5

    08acdc49cd3b02b898cf5b16780a44e7

    SHA1

    d01f4fb9193458bd67f7005618a895358f6102b6

    SHA256

    b5549a74ba341c0ca43ba3bdad6991e02bad5acc24168e487a9174654ff9272a

    SHA512

    324f00eb1fa1b45866ca7cb4aedaf522624dabed7f8a1b955f8b517f99d32785bcb08a4aefac45c5be86797e1cf1229e8c3fed4f77e1bbc53bb39a8cbffb06da

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\69C6F6EC64E114822DF688DC12CDD86C
    Filesize

    246B

    MD5

    cd3a6d53f47cbe66278d17b7d48130d7

    SHA1

    589696709cf7edf4233ba6ade515045f38592a2b

    SHA256

    04a23df1e03c587827d945bdc8107ee7ea649a75519bbf92b7b501732cd5f3e0

    SHA512

    0840eb949f0a01e80fb69b13a1d6b648270469258380ae9bfd182841a2e20a1b5778fec1a58916fb538294ce7c7d07c6eddd7e7c9170606fbde9ef2c09189c4d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F
    Filesize

    232B

    MD5

    9c7fb83e816e4fba3ccdb41c2bec361f

    SHA1

    4a28889fc98f5a534d9655d99a685856c5119f65

    SHA256

    ea9dbdd88ef38f2cc3e8d2cebf742ad6f9e7a482cea0ac18ee5a322218cbb3a5

    SHA512

    bc3f410ca428602c7ac78af0a1c872d11ad5dd09d9ea2e5e9ac6eaa0491be6ed7bbf78a4cdb6d5ecac3dbf9f82cac8534e7927b3345c45d1b028e475c6660040

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\31LOZI9L\www.google[1].xml
    Filesize

    94B

    MD5

    4dd68807173821961d41e17d6ea79649

    SHA1

    c391b4a4ffbd81bf235ef1f2d26f0a2bb466bb72

    SHA256

    fa2e59de23df4b8669b85e62e57e3dbd4f78fc577e72458e9d45d2f3e657fb99

    SHA512

    29eb5a53ae725433554fcd6e2a7137b99ef50118b025753440dc4e9b9ebd2faaa9ebe59c09eebb91a051fb8182def1690017919f4ae90054732cdd45c3c699bb

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KGW254DZ\consent-pref.trustarc[1].xml
    Filesize

    205B

    MD5

    11dd4ea4549ad204a596f0a689e1ce4d

    SHA1

    2c48eadddf69b437f2117a76a7e0ad49ad44ed38

    SHA256

    e56144a11fe6702b07a93f55814e55e15bd48c0eb5270c519c650ea276ad60cb

    SHA512

    2c59cd893e04905d3e6bbe02d31b9723fc1691a2d3b127a71a78894ce756a4f63df57ac19a5f609e4c0b2bfa429b0d81ae558a6996a7aa6c350e74053023318b

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KGW254DZ\consent-pref.trustarc[1].xml
    Filesize

    238B

    MD5

    2c127853d33db872c0b289f5909e376a

    SHA1

    bb2a85c4920a8e78eb255e578f4a5c243cc27d07

    SHA256

    205e9f2be26fcd13e0b020159c598e652f3a4452ee2957b7d27221e28abeb980

    SHA512

    b72b8094a7a938c64a4c2406571fd3d748402a7c206adcf7d1a8fe8403caf078d46cda061b34eaec3820200ca71c11ebc43065b1ed45454a0941f3185d450793

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KGW254DZ\consent-pref.trustarc[1].xml
    Filesize

    276B

    MD5

    cf3696a89c9a366cf4d4f0e37ee21db6

    SHA1

    20d550f912c24952dd13f4f28e6b510c067e53a6

    SHA256

    53ad257b02c41c580485d66d1eee4fd533a616b3b081610a53618abdc1db9f71

    SHA512

    0fd2b69855bcbf0714cdac7c26381eb071af7a999381b14c4d28087fcde87535a655a00f1bf72cd13bd867ad2f6c229e54af84c5a1fe20b7cc3f11e1e2ed79cb

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KGW254DZ\consent-pref.trustarc[1].xml
    Filesize

    343B

    MD5

    83c63b7be478dff986cdb41cb3610293

    SHA1

    ae498a0f31084848d17eeea6742226ba5bb2d162

    SHA256

    4f654af334b79f57b546217e6489171da41e059279dcd456a917a164cff61540

    SHA512

    9ccd20c5fe496df585b179a754ef8ac9b8585e8ea634f0748a9c7b3f84851f3f143e0457e984c7ec8e772e98a83a6275b3556744da9f5d591ea2405089946058

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KGW254DZ\consent-pref.trustarc[1].xml
    Filesize

    552B

    MD5

    10bac6f1ff00a4f00e7488206c14176c

    SHA1

    bb93fc74d623f2cb85e75c9cfccb4b67dfecc754

    SHA256

    1e21fab6f377858fe12d1628a28feffe4661c6b6652c44e2688783fc0ef9a587

    SHA512

    5f7c391f8738dc3407f35c9edcd2f63ea795bb192c0d0c741644869ee2dd4ced419faf4515ad42b5681a59f73de7cb2b031740e9cc3750671fc350df6986e10a

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KGW254DZ\consent-pref.trustarc[1].xml
    Filesize

    396B

    MD5

    7a1fd73b866cdde1bf79d5e4e97e6513

    SHA1

    c1b99e4cd8eec78bee179a1f56048ad4428bd45f

    SHA256

    18eb5961dc66934c9f25df10c5cb441862cbbbb39d1c39cb6655484efdecc04c

    SHA512

    3e2a6f2f422d2c500a9dae46fb0a2bbc8167ce52dca3043ea5e6406e0b62ed82e12af8c4bb1fee92ef0d5a84c22790acf7d9f6c3f306376b562478fbabcdb869

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KGW254DZ\consent-pref.trustarc[1].xml
    Filesize

    421B

    MD5

    a7c8ad4a3f4171017c38ca5618d39986

    SHA1

    df2a1ccbd7bb6299ede57d07a9b2e46f43fd52a2

    SHA256

    c6cab7da580040ddba6609f11dc0e2d2ae13b7774e9229d07d64dce70fbf73ff

    SHA512

    30da708fd401d79449010873eab6876bf442996680c93f4c2d23918c9689d77bd975bbec706c724089dfbbcc9f9c0c5f87478e8c227c00193d07b5785688a026

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KGW254DZ\consent-pref.trustarc[1].xml
    Filesize

    580B

    MD5

    16d0945474e5cccc81fcf37a786f31ed

    SHA1

    91afa2e26daf49bfd7e6333a5bb3db9c003d4c8e

    SHA256

    f5e1d7436f89a1c1d02a4ea34e80455e02423d2bf976c54ca6542a84a6650a61

    SHA512

    3c459de067a09dff3cd6c195579261c64ead8ecd2889a4f86d5b31a2f5cfacf25c9ea2a293d734d11be25f38178eb2d3df6e7b2eb0e6d8e34f2fb90d1752dfdf

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KGW254DZ\consent-pref.trustarc[1].xml
    Filesize

    511B

    MD5

    6ac683db633929f5d3d4007bf1137ed0

    SHA1

    2716594bc6bcf92a4ed4c698f3b889e0bbae00db

    SHA256

    7512a74e0291339e0c989aaa5fd9b6b015a6b553be7f7a226477c08997264d40

    SHA512

    67ec475a5cb78db78697223eafb18a317f09b485a0661812a650f1fcd1d793392c2a9c74ed042f5fe7b303209f89d2e817fa7c3ca6a7c593a76964c8e358d6f8

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KGW254DZ\consent-pref.trustarc[1].xml
    Filesize

    519B

    MD5

    b9cd8effd85c9170838869d5f4419e3d

    SHA1

    4cd63ae80787d177f13cd1c26492521466aa1aeb

    SHA256

    aebf0084f6b9cfa9db5582a76ec4ff2dd4a961e0c4038940b1d053e95187da56

    SHA512

    18c79ace40d0a9b6e7613a8e9a32b3ee837d09197068f2b2a46e7247226837031b0a6f3084af3dc945d854402fb0ddb5ff3d77a76425edb1c7e1b9c684e4197c

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LBIF7TGT\chocolateplatform[1].xml
    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZQ1Q2VK6\go.concur[1].xml
    Filesize

    16KB

    MD5

    d5bd3e3b0a970799a8f151de2afdb2cb

    SHA1

    f75cb0d823d0c819ed2d9bafb1198f9ed71ad656

    SHA256

    36ff3bee69d59db2e6aa9d13e6041ec0e777664b80c253fdac647a08f889b2c6

    SHA512

    28b692a9ed33b7ad493d08f377f04214aeb269758881d24e508b75da3aee0de471c336e4d73a98b83c0ea04bf5492f4f41dbe556865d9b18efb8445b28486fd6

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verE1D9.tmp
    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\favicon[1].htm
    Filesize

    15KB

    MD5

    09ebe5e9b00a20b8d89c8a621fe2b2e9

    SHA1

    a45b5e052430a700f77eb64272fd8f66f72fab30

    SHA256

    c5466e617d000f8c6bcde4896db93b483eeb7d7482d43e90ce813161df9eeec6

    SHA512

    f7027cb96f819b25bdf99b2088cd1983d71849118358f1e1d4fd372ef3409a4d8901cfcc8e1f33952e0c02b6f8ffd0ffc45fc64505f37c422c052f312f48a1b0

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\jquery_cookie[1].js
    Filesize

    3KB

    MD5

    185607df1287788a379739a0fbf95fae

    SHA1

    e3e4af801a9065a63a2a231f00dbae344ed0af68

    SHA256

    96dccaa929e6a14f0f439d8597777a97b22720516942d36fc625ae11e85c3ada

    SHA512

    40b7ded8a4b26a55a6252bd8e9466336ffef6e0ade8c6dde66092c724543cacb2ce581f408cd67e64f521aef528dac8f85625e861973ac473774083e286db321

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8OI4IV75\js[2].js
    Filesize

    130KB

    MD5

    d28981fe6ead4539b045a784f8f3b8d6

    SHA1

    377b1d0b5ac977ce575eb20e5c5b0f66e8f5496f

    SHA256

    8e23b4c3a692a10e519d3fe764d3307098ad3298e42780bff6e417dffdbb95b6

    SHA512

    1404487863e7e6b202fb690c1fdff48c31d35ca0a0def92968a5db8afcd13114b91304fd8d367edd1153905d17de3bf2ea883fa65e550cf735319cf37157ed47

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8OI4IV75\opt-out[1].htm
    Filesize

    311B

    MD5

    1b17ebe451fc7634aa1976aabcd3e258

    SHA1

    246443711cda323bbe186f13f965a922ed10fbf3

    SHA256

    8e3bd3d06dcf76fdca5affd8c719c095e467a7ee6f3abd368fa660a3b627fa24

    SHA512

    34fe2f60c6944dc2896c959813443c3f64df55f1bf810f2c88834a9dce398e9130beb258453952cb7d2d527d5784284a9c8c7e4009596f3122417e2a962b4007

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8OI4IV75\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\form-ef1bb82d6c31160e3c2ab3455aa57bc45905aebe0977ed1d2ff644929076d497[1].css
    Filesize

    7KB

    MD5

    8beea677daf26e09ae8d6359eb29b924

    SHA1

    0da943eef88aa18c5e51bc5fda51c5a3cb1cc654

    SHA256

    ef1bb82d6c31160e3c2ab3455aa57bc45905aebe0977ed1d2ff644929076d497

    SHA512

    840ec30ec465eeb7ae680202efbcf233ec2357492411f6f48b86764e4f3bb718b06a64695367504f3e3d537821ec884a7a3b4c91dd695e4d09708f844bb01e4e

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\style[6].css
    Filesize

    337KB

    MD5

    c24d16839a033b964ec9a55a5ab69d13

    SHA1

    dbb82669e050b26901c3af8c80ff96bdb22f8f40

    SHA256

    4a3916fb798f3e1f3bfdfd5f7479168e462e4a48548e86819f8a45f8a017ed73

    SHA512

    103311207f9ff45f062c54a03880d7bfe3110691d4c2220de58e39fb8f14533eeadaeeaea38aca1399fefeab36d5e206104759d747b47ce8c69ef8b62d089aa6

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\favicon-32x32[1].png
    Filesize

    733B

    MD5

    9973e59957a882a4f213adb29eb0ed67

    SHA1

    cf2049deef78f85efa9e5845ef938bb2a16627b1

    SHA256

    bdab6e97443d58cf2c956d54ca7f966da0089cf0fa220692453b9536112bc04c

    SHA512

    9b9e51c3d2c29fdf1e5804cdbaeb374b0114f4b5887b24ccab8f01c3e7651f9ec8fb2c5f368fca627f87dacfb2d63b6c363b5b0cfdb07eb38b1005183d1aa5ab

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\optout[1].js
    Filesize

    9KB

    MD5

    5209a12a68f8096a21f5af7007642043

    SHA1

    665bb1596c512f8da4ab443c1b1e88ba4454e8af

    SHA256

    c868eb0300543d253fcc83d604c6e1b6425937bb7ebf47bc1217fd7abdef9d8a

    SHA512

    70dc1c65168c5e7e80cd56ed433082bb2f741a1141da9a74b2a6f0e69a82e55ddd9d0455808247c3c737911220754855fac30cdbd637968fd360b101accea47a

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\recaptcha__en[1].js
    Filesize

    403KB

    MD5

    3e73dbef941895dfc538a9d6a69ed927

    SHA1

    dac57a54b2635c1d5e1e6ae44e95d12d0a547ad3

    SHA256

    d9d91ff5b9a775b5ce8c6c81e51e71c27194d11ac8690353727d23c91f7b317c

    SHA512

    51c03135ccb8a33a233876423cf8d7e6eb0e7e9b0916ace5cf7a1588661878fcd738e0c72338b0c1c0bddc489552037e40b62cec438f31852fb4ffaa3b514fbc

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\v1[1].js
    Filesize

    76KB

    MD5

    eb8d4680952f44da2e4467d6eb3ac6ce

    SHA1

    57c66e30928a4cb6f71b540ae4013fff017d43f0

    SHA256

    903a46ee5c7582595197c74cbda644ca7e45ef90e0f89bdfce0d3d6cb3a3bc77

    SHA512

    4e6c9907f8398bd07437ed7fe5ac01b70d278ff3bdbf374bca4a958386cc34b1cc6638a0cc540b50d7b513effe7fdf33cace9cac90289cbebb5cac3e114a9d09

    Download Submit