Overview

overview

10

Static

static

1

URLScan

urlscan

10

http://go.onelink.me...

windows7-x64

1

Resubmissions

20-03-2023 21:57

230320-1t9glafe76 10

20-03-2023 21:38

230320-1g731ahd91 10

Analysis

  • max time kernel
    100s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    20-03-2023 21:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature&af_web_dp=https://pawura.com/on/off/nnn/nnn/mzpchf%2F%2F%[email protected]

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature&af_web_dp=https://pawura.com/on/off/nnn/nnn/mzpchf%2F%2F%[email protected]
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1196
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1196 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:596

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f009e78541e2b2603a1848413b0771f

    SHA1

    99e5bfc35a38782b60166477b71b554326ec77c9

    SHA256

    37ef1c281b8003378440593b0d9465e3f2b0d252ca187aa9dbc45c2d6cfb21f3

    SHA512

    31e5c0f0924ca4df5b5c828487b239c62cf54651b92a925af5a4c284ff605bac3dcf7c34cc78895ea01cd8f41a561da1c4b09b2bcb19365f5785b757ed702eb6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d862d9ad27d129379f1d92d450b841e0

    SHA1

    bcb23d9be1e0a04d3a1fcaa6096270ac82dfa4ab

    SHA256

    185490167b50a0b01fc2b3ae617c41054b14d9da867f07eeea58d6d2befd481c

    SHA512

    cc08b1412ba2a3d58040fc9730a2a0416629834e4bf1d04fc04f890f881bad1e8c3f9e6f4ab0e893cfc02aab886cca3c433559905bed3b6d1538804968dd36b5

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    80c44fa38663a0cf06680a632a260614

    SHA1

    195f37a87a7355688ad8da11904ccc4fdadc6724

    SHA256

    80ebc3bdbf5287b2a8fad12c6868ec8f939ff0d3b3148ee7ddb1af6d976255ec

    SHA512

    5eb734474cc26764b13c5a66a043cd36be9a388c40f6d34b2f2da7baccd1a241e6d08c020f9addd859b03ddb10dbeec158977a0065cf47d85d605e6a34d65383

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    82930827850b74dcbe16e1fa10769b86

    SHA1

    b7a1b2c901a40562e3bdd83ad6a81a450cf628dd

    SHA256

    d8f71c5aafd0f5e4fd6c70b97dd8a1445efc9e11fed5cd0d256f4709229528e9

    SHA512

    625c520f8196e3ba4459583c169fe91b75b6fc53201a2041ade6850696e452858e5338f9af641694033ce36e500c3c5c2c091a3df8cde3a6e2e5151bdb3d6f55

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7df7d824f9fa83e28d99e192d7ac8b37

    SHA1

    f678962e2c91e4cf93a5aae4324a60a1443e5aa5

    SHA256

    5972499ae380244acebfef163c37bcb8541980ab39a00161b49e748ba043f3a8

    SHA512

    488f54f33f8e4e56d0abf4bbc10657ebbe424e88a037212d2ab18c6beff00873a08fb063ae2cf1f40b2824e879635cb8950bdc7a86801c152f4c2c41d885bf2e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    db9c826cf74131838649ce9b5dd8190f

    SHA1

    95b5fe2eb7ac6fd635fa0e3758e15a525b85395b

    SHA256

    d9672ed77dc1990e709058f54b8f519c464e63d3d78ac20003e1ce9305fe6121

    SHA512

    f8c5d6948b9f5b06b970fafaa3752613bc8ae455e69f59ffec1cdf89784810437d1ee810cd1ebe2e6ea5ea5ba40e3682edb60a8f2d4d4c744750a9a2e824f817

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    732b0c86d83223c27f5b7a4eb2743333

    SHA1

    4de867513ebf076eca40fdb55f5ec90c842d911d

    SHA256

    70ce1614218a35ce60ffaabc36473b5e80c9d2210646fcc79b85676399cffcd9

    SHA512

    edeb26cb5419e4023d76804f722351075e6ffe2928711f3754f09afc7965a3e644e487291466fcd8d4789231a704fe201d630fb97053592954beca3800edae87

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    76d26db01e3213239ea33f3384901258

    SHA1

    52730e5558391f2fa2354bdb3aa75cc0ee30470e

    SHA256

    eb6cccf80fb4c22ab4cd5aa0ae9d8fb7c79a2bfb14d107bf8b066eeb95e4d3cd

    SHA512

    cd03873b3761352ccb4f9fb6dc5335340aea652760afdd49153d91f77c042463bfaecf7d56f2686ec8056c02998307f856ffe85e129035ce000b86091286af60

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    97fc36b63759a194d92efdc3581b7faa

    SHA1

    f0f3000bf9bae92967c537118da94d829e04968c

    SHA256

    360e26f66825c8545ec0cdfcffb8dc3bcfe60dc38e49bf6538d855ff495d7b76

    SHA512

    27916a54a0086cead3f1a8b317f3ea6bbc1705f8c597e9891c647a61b73af01c0f4751a181620dfea82878fc93c783d9b09a95da34eab990f33a3b3a4a2f818d

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QCNSQOTT\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab79E4.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab7C95.tmp
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar7D46.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\MKS29FG0.txt
    Filesize

    608B

    MD5

    d191485bf5f82a19e765d7008e1ac16d

    SHA1

    13f0833e2964dbd35f5820ba45153a74b0b33426

    SHA256

    21cac9616d85994d7e0dba8fc728c109661e263cc3f620fb2340fdf318595d5a

    SHA512

    049debce6ba0b3f97775dbe37c16f246b119a215e629cfbcd018f3eb27a06a6868ee373038f1788a54d0ebad436a37a012dc638888fb0e38ad90bf6316509b42

    Download Submit