Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://go.concur.co...

windows10-2004-x64

1

Resubmissions

19-03-2023 02:19

230319-crxg9aee53 1

19-03-2023 02:15

230319-cplmzaee46 1

Analysis

  • max time kernel
    145s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-03-2023 02:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://go.concur.com/032223_Client_FaF_NDC_7017V0000013N2h_RegistrationPage.html

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://go.concur.com/032223_Client_FaF_NDC_7017V0000013N2h_RegistrationPage.html
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4812
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4812 CREDAT:17410 /prefetch:2
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2516

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

00:00 00:00

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
    Filesize

    471B

    MD5

    3781e22c4b672ab7ec1b9b442d5fd887

    SHA1

    27b9680e44b0d98d66b63991d157fb297b79aba1

    SHA256

    ed7c2aec06e9fc809dfa2b76fc31756621380f882cf4eaed75cc694640191f77

    SHA512

    0520644e581d5e339deb43fd32ad589783f67fe13d038a86bca4d60f01f083a8db998accaa8f986096a730e9aee224097d0b22ce9be0db0aa131a40ce1c33530

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
    Filesize

    430B

    MD5

    4537b11a9ac01dad38fc8372bd641227

    SHA1

    6a4f57eccda2d6ba05c81834003895e7488641fa

    SHA256

    5198aa6c5721a176f29b6a2587d4b110342d61ce002b6504bf77752b0573a791

    SHA512

    1c41172668ae3b949c3e1855c2851ba7bc7dd93c79e14e85ae5755fc07d7e8db1ef6fdbc4e2230d2f0be26809eec8836a3c98548152016496df983e878219164

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1CSWJNG1\consent-pref.trustarc[1].xml
    Filesize

    193B

    MD5

    41ea686abf04d356d06710c52ffd2f5b

    SHA1

    028a4891815901311b150efc7b27adbc079cf73c

    SHA256

    5500a27861a64fd78b72e2f5d9cc3505b9bd167092138294a8ff6b1538ccbd73

    SHA512

    18c7c1f75ffabb04a6779ae408b42881a76fd09e0b8110f7bb79d88fe00c12981934ce8ba4a7e817cdfa40a71b9317e4ea99d437e1df7c52d5482fd9f483aac9

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1CSWJNG1\consent-pref.trustarc[1].xml
    Filesize

    217B

    MD5

    a009844f6cf8bdb6a95b574737169c7c

    SHA1

    e32531ca8279e4dedb2d4c3fb9116a56b80e8adb

    SHA256

    17509aeebb874e103344bd4911f6c21c511c489f79655c0814f874a12ca440f5

    SHA512

    21c9815cc1daacdd2fcee994694c080a2bd8f574e13c97135c621f22910ecc6c39f890039afb847a972920d37c0db39eda62736bed9534c9f171cee322d57f4c

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1CSWJNG1\consent-pref.trustarc[1].xml
    Filesize

    371B

    MD5

    fb1276c0060ea29c17717fbc2c182537

    SHA1

    f055060440424510c8730080c0e64897716651fc

    SHA256

    8185b97defe73eeba22d5cbe72aefa774bc729e4a43bde2394f2e59452f2ca9a

    SHA512

    18dbbf46512536b8b7256c46286df096028d6deb8dea25be4daa0387cdfcc2aed42cd8718dd52319fbdcd6dc50c2c8baee4611e673da6a1ef505e9eba2c8b6bb

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1CSWJNG1\consent-pref.trustarc[1].xml
    Filesize

    403B

    MD5

    6b59c1c5471759232815a9520ad37ff9

    SHA1

    70b9ec6a662832f23dd6dbd6ee754852b9939b4e

    SHA256

    2ae7a71ccc3c4b10d569f4af6912cadac841e970927b962a482f28dc853e1163

    SHA512

    21923ad057c491f5e974d4ee410752eb188a5615d88d03a132b13ef1474cda38ff4fa15e256c7430a8b7cdf29a03741932918ac4fa044a2020b8f357c7da6c05

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1CSWJNG1\consent-pref.trustarc[1].xml
    Filesize

    304B

    MD5

    b97cc406cfe1caf023c906f59411cb24

    SHA1

    537ff7a57200629a954a98dbd451230e4f18b22c

    SHA256

    d8a88a0ff204a72d3dd92afdd04538c70bf3f177c4aaeeeb6f9c61e2d902a7df

    SHA512

    8a6a29e962288033945b7855f0730b402ebcc3a80d8c7f863c9bbdb15ba73a4887a9e21fe1fad48450a8bee3b270f6d0815956d9a836e5c5ad165d981199a4c1

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1CSWJNG1\consent-pref.trustarc[1].xml
    Filesize

    376B

    MD5

    d1a016026f3fe9a604ded793918709f6

    SHA1

    b29823fd28ac4729702b283b94324b143e31a755

    SHA256

    34d5e281798070433ce5d3b3842bbc7e82e2cc26f1c683e43597874603f78d72

    SHA512

    08d7f67557656d422c66f14f2684f76df274a48592619549288809d073b12f70066f4398059004b1ff58871f11db00928c98ed7a04a741b4ac7d68927d0d22c7

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1CSWJNG1\consent-pref.trustarc[1].xml
    Filesize

    541B

    MD5

    8c87f710382fb9c59e4d02ab1f6aa104

    SHA1

    3ec0688a99bb625f80e590ebc845783c2e815399

    SHA256

    7e05f5aa1862a995612b7e75a1fefde31ade46210b7bbf65d56374eecfaea56d

    SHA512

    a1c62d407a4b60ede0715ba9d8f847a9c296e4a38112d9fcc540ba31dfa2a6314b220e8c96b345518edd8d8119062815cdafbc11ffc9112be39ab2b2e464d6d6

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1CSWJNG1\consent-pref.trustarc[1].xml
    Filesize

    541B

    MD5

    8c87f710382fb9c59e4d02ab1f6aa104

    SHA1

    3ec0688a99bb625f80e590ebc845783c2e815399

    SHA256

    7e05f5aa1862a995612b7e75a1fefde31ade46210b7bbf65d56374eecfaea56d

    SHA512

    a1c62d407a4b60ede0715ba9d8f847a9c296e4a38112d9fcc540ba31dfa2a6314b220e8c96b345518edd8d8119062815cdafbc11ffc9112be39ab2b2e464d6d6

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1CSWJNG1\consent-pref.trustarc[1].xml
    Filesize

    438B

    MD5

    39af12ac13551902d7cf1acdf6fffcad

    SHA1

    ec3ffe3ff9257b04e1978e4def47d996a7d772d0

    SHA256

    f9c4114753050a4b4e209dd8df5b38039736a0f752bf94c7d26f0c9f0e3821ac

    SHA512

    2eaade50085327ba8ed5f1f59e39359ce5fb77d8456f30f4a2ff3d14aff3e2c7317f0dd94e089ce9ce8152987df96e65a5015c0def190a170752c949953fcff8

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1CSWJNG1\consent-pref.trustarc[1].xml
    Filesize

    438B

    MD5

    39af12ac13551902d7cf1acdf6fffcad

    SHA1

    ec3ffe3ff9257b04e1978e4def47d996a7d772d0

    SHA256

    f9c4114753050a4b4e209dd8df5b38039736a0f752bf94c7d26f0c9f0e3821ac

    SHA512

    2eaade50085327ba8ed5f1f59e39359ce5fb77d8456f30f4a2ff3d14aff3e2c7317f0dd94e089ce9ce8152987df96e65a5015c0def190a170752c949953fcff8

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1CSWJNG1\consent-pref.trustarc[1].xml
    Filesize

    513B

    MD5

    589f39e8f082f18392367b891f84175e

    SHA1

    70dc713c236cbbb9a8a77ad3f34a173239bffac9

    SHA256

    6d95a3b08dc52f288e81c7ab21ee278fabd46919b724a50ec1dabdab8f35e5e9

    SHA512

    56527e0b1ce7863876aeb3db0b7767114f328e3daa60ae2298413fedde049d8a4fc60c0495c72f3156622dbe77e4b71a36bed8136ec472a29c99154dfc326f88

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1CSWJNG1\consent-pref.trustarc[1].xml
    Filesize

    521B

    MD5

    eae47a096d1e1ebb8dbd34741e304e0b

    SHA1

    4629878a122ba7904f451558e8899970f2d9426c

    SHA256

    309c51f79c5bbb6e6540ce8e6dd27c65ae5028b850a5474c20ec58c39b3502b4

    SHA512

    dea0c79da015a33bf3e24e8b53801aa91db3d5d39703e4a29b7bd5743458842eb33e837ac3ca154e2b8b68902727e77765b30e92ca6dfb76009867004e9cb458

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1CSWJNG1\consent-pref.trustarc[1].xml
    Filesize

    529B

    MD5

    9326d31822423f5f05e8e736faee56a5

    SHA1

    424c230ff39d1096e06681f26da1bfecca0444a5

    SHA256

    329734707ae753bacdf574a7df60d314c815f5e3769cb167faa426511b29a76d

    SHA512

    0dd2f374aa7813fc6e0244a650df3d2bad4531ebb92474ea4d10e6b5568a5279bed6dea4023c2149216859e8100159e421da302c1922ccac1e211024b9c4c2f6

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1CSWJNG1\consent-pref.trustarc[1].xml
    Filesize

    539B

    MD5

    38a465076cd6e38ab57df22dea1e5207

    SHA1

    e47f06ef698759e4a28b2534bded1c76e946cb11

    SHA256

    6a2a69889e8a934bb007fdfe46c6a1e8dc88c1d10ffebba31fc26fec7e3e7ef9

    SHA512

    f75574329e7768eae0251bc66f54a10ff6670596a967ea20b8e785dd543d3fd10d1bace2f75b28e820700ed61a7bb8cbe72dd195ebcb046b4091643c8caf413e

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UVY0OWXK\go.concur[1].xml
    Filesize

    16KB

    MD5

    a34f9d53f6c1ee0eca0d9f6fbced436c

    SHA1

    fe62d9a7b7724f4b2dc6d8154c8a120714cb5c42

    SHA256

    74c6ed543b02d88278b250da5576f22d7e626fa7ebb4e1bb1c90eec88a1e3363

    SHA512

    79a05d0988ad1f97495f5bb2693a936c9978244fdf211071fc41a1ff600611693ad251e645245c2624fd78e362384410d428821a4d2a4ac6560c7ce55545cf5d

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\osplltc\imagestore.dat
    Filesize

    901B

    MD5

    f68c4671cf67797dc192675923181293

    SHA1

    0b8c11ac4f4369409dd5eaa5e207d2b421d3eaad

    SHA256

    14dad5b79f8dac207fdd7b06196a3009dea3400327b26c1649f09f76fd138530

    SHA512

    96bb7c210fe6155ffdc5522ff009172b2da24ed5f78befee756db37f7a65f05826851961b41ab6eea40208cfb3009c39649e1ad0f47eaed57c86f214de3abec8

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1IYUAPIF\jquery.cookie.min[1].js
    Filesize

    1KB

    MD5

    4412bf8023109ee9eb1f1f226d391329

    SHA1

    c273960aa874a87dd022b5e597887142f1b8e34f

    SHA256

    d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6

    SHA512

    de3dd553a582e6b3d00782ddd639cb57b29de71afe72af5abef870ab36c7fed68244d511a1e129a0f04af690f27ae9304b1c113c9f1f0e0bd85dde9291a6764c

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S1Q31HZS\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TUIJN6ZA\form-ef1bb82d6c31160e3c2ab3455aa57bc45905aebe0977ed1d2ff644929076d497[1].css
    Filesize

    7KB

    MD5

    8beea677daf26e09ae8d6359eb29b924

    SHA1

    0da943eef88aa18c5e51bc5fda51c5a3cb1cc654

    SHA256

    ef1bb82d6c31160e3c2ab3455aa57bc45905aebe0977ed1d2ff644929076d497

    SHA512

    840ec30ec465eeb7ae680202efbcf233ec2357492411f6f48b86764e4f3bb718b06a64695367504f3e3d537821ec884a7a3b4c91dd695e4d09708f844bb01e4e

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TUIJN6ZA\opt-out[1].htm
    Filesize

    311B

    MD5

    1b17ebe451fc7634aa1976aabcd3e258

    SHA1

    246443711cda323bbe186f13f965a922ed10fbf3

    SHA256

    8e3bd3d06dcf76fdca5affd8c719c095e467a7ee6f3abd368fa660a3b627fa24

    SHA512

    34fe2f60c6944dc2896c959813443c3f64df55f1bf810f2c88834a9dce398e9130beb258453952cb7d2d527d5784284a9c8c7e4009596f3122417e2a962b4007

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TUIJN6ZA\optout[1].js
    Filesize

    9KB

    MD5

    5209a12a68f8096a21f5af7007642043

    SHA1

    665bb1596c512f8da4ab443c1b1e88ba4454e8af

    SHA256

    c868eb0300543d253fcc83d604c6e1b6425937bb7ebf47bc1217fd7abdef9d8a

    SHA512

    70dc1c65168c5e7e80cd56ed433082bb2f741a1141da9a74b2a6f0e69a82e55ddd9d0455808247c3c737911220754855fac30cdbd637968fd360b101accea47a

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TUIJN6ZA\v1[1].js
    Filesize

    76KB

    MD5

    eb8d4680952f44da2e4467d6eb3ac6ce

    SHA1

    57c66e30928a4cb6f71b540ae4013fff017d43f0

    SHA256

    903a46ee5c7582595197c74cbda644ca7e45ef90e0f89bdfce0d3d6cb3a3bc77

    SHA512

    4e6c9907f8398bd07437ed7fe5ac01b70d278ff3bdbf374bca4a958386cc34b1cc6638a0cc540b50d7b513effe7fdf33cace9cac90289cbebb5cac3e114a9d09

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YYL8D8JJ\favicon-32x32[1].png
    Filesize

    733B

    MD5

    9973e59957a882a4f213adb29eb0ed67

    SHA1

    cf2049deef78f85efa9e5845ef938bb2a16627b1

    SHA256

    bdab6e97443d58cf2c956d54ca7f966da0089cf0fa220692453b9536112bc04c

    SHA512

    9b9e51c3d2c29fdf1e5804cdbaeb374b0114f4b5887b24ccab8f01c3e7651f9ec8fb2c5f368fca627f87dacfb2d63b6c363b5b0cfdb07eb38b1005183d1aa5ab

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YYL8D8JJ\favicon[1].htm
    Filesize

    15KB

    MD5

    09ebe5e9b00a20b8d89c8a621fe2b2e9

    SHA1

    a45b5e052430a700f77eb64272fd8f66f72fab30

    SHA256

    c5466e617d000f8c6bcde4896db93b483eeb7d7482d43e90ce813161df9eeec6

    SHA512

    f7027cb96f819b25bdf99b2088cd1983d71849118358f1e1d4fd372ef3409a4d8901cfcc8e1f33952e0c02b6f8ffd0ffc45fc64505f37c422c052f312f48a1b0

    Download Submit