Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://gzi5dwy4.pag...

windows7-x64

1

Analysis

  • max time kernel
    100s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    21/03/2023, 11:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://gzi5dwy4.page.link/c2Sd

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://gzi5dwy4.page.link/c2Sd
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:904
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:904 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1568

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
    Filesize

    1KB

    MD5

    55540a230bdab55187a841cfe1aa1545

    SHA1

    363e4734f757bdeb89868efe94907774a327695e

    SHA256

    d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

    SHA512

    c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2ff72377652b59ab694ee28e52ce630b

    SHA1

    979b7fa00885125906340dbee9a9e1ee231a4db1

    SHA256

    2c444fc73f35eeeda4a4e284e96600c64555c292acdb090ed653fede2da11e57

    SHA512

    da3e78d4b880fce18c5f9f88c169da0af690bb785a3592f3ba4dcd6dec2375a213a8fc4d89bed6be1606a5563c5705e3eb08d74538b8d7de57d7406b4f831493

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    30826031511ff6ed784a029ff01d296b

    SHA1

    5ba91d2af75ecbc7003cca0550f539ec1ce69906

    SHA256

    b5224e5c9c7256ef6d8f1948da580e5637a2c703963e5b7ef96071f088dff27d

    SHA512

    3799cdf57048086dd9f0ae0e55ddb496a9259f1dfe24a5202ead90bc26dcb9525a375a5c083a0f536778d0387e432afed0d159e684ce47cef9af0d312a18afcc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b3031bdadb72a259c6c0c55b1a00950c

    SHA1

    112029b9816e1dc42f7c15bee220e4df10827f4a

    SHA256

    5a49216fea999f50b667e2a249a2d98267b747317a38be05cab0c42f7ad2d9d0

    SHA512

    6dc4cfb0b2f15b96a727b1e56687af4f2400b7d97538daa8fdd348097d2779dd2973516aa7f52f6c6c46fc77a5cb96124cdca636987665c90c659f57c261fa5a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    46a241527f3f629349de5ba1104eed48

    SHA1

    974fb3ea1e4e828073603a917dd44819d248f748

    SHA256

    0036683639e2ae6019fe628fd8537bc59e6954948197cea406eb4033a6660406

    SHA512

    93cb4a396046cb07ddc52a0895f300a741441bf543b5ce28a6c62d1f36394635d6720aa043035ae26794b8e1eb10120d752ab78824110052521851e14088aa08

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6b52658e06e1c66d6752b6bd3c770a4e

    SHA1

    eeb5933005c37594a14a84fe9b4f48fc03823112

    SHA256

    84f38f0e96422b1af4b1c1b9bcdd1658177cc7c9de91d3884b4b61cda4e6325b

    SHA512

    9dfa26d6eb0ea60fb161576a3c403dec0a551035855dc197447657c7e7166518f3c96083c5e666d780b5dfb1287dd3ac12f525a318e61396b93f48181b94d534

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9fc39f5b30f6ca15d87b4e02eaac14df

    SHA1

    0b6f653662e699c557ed2f940717a887e1ed39eb

    SHA256

    c9e86da42047f09059f2210673dc341fcc71c6edaeeaf14f085bbfc2d175cc3b

    SHA512

    4496db39245d83e728d519ce0873ed78d16df30aac35bf4854521e8258f1c9e47e1fdf34e49701382f4c1e73cbfed6d20378c1b1246cdbf577954f249c5fbff9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5b9126e4785e484160d02c021466fbec

    SHA1

    aeefb7f020e40ee6e7e4badc52a8ab16c9868b3e

    SHA256

    9c5dc1d8184ca11272f2efb62dccc75b200a16638ab32dd24087213c36210851

    SHA512

    7d2ba16e4e7e8655ddaf3b236a8a0ddafe554de1396272e25f38625a6cbc9e2fe91d4ffa843c2555b36f0edc631aec65896c46afa21d389c4b3dfc89b7b151c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f785bdc39e5543938e36c9bf144421c0

    SHA1

    e4324213fbea97d37ab80b3ace1d7e281ea449c0

    SHA256

    754025310b0466a75eaa0f2067c3416542cb93a1e79518fd3c4492dbb6facfe9

    SHA512

    76aa8ad437300440cce38c9e072c36d0fca99ac8ecdb4bff44541325a706a371ec7b947a9a93bd1badcf63280e8b293ff05df6cdad4476f833374964afa97248

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    856a5daed8b53f9ab25100e7573d2afa

    SHA1

    ad8fc75337d2e5d2f5a3a31673c76154c7d1f207

    SHA256

    842d863e90a39c72444e7e7c713804a651f1a0a5c40f3f110c17fb46861bb373

    SHA512

    12f913a99a67db5842e953b7cf87a99fa30f171fdc210e6af60767771943e170be90348ca06d377dd489d90ced644f90c87599e4db2e9499f4db391cb8bd240e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d72ecbc7b9996a0668bc6608f407785a

    SHA1

    e73b8d8aaa1379e719195baa4242155395801a78

    SHA256

    d2bf227968181aeadfad301c6ecca2a825715865b2ec2629439c20cbeb399f27

    SHA512

    6962a3f6eddb6c8666554f33eff16180cc22be48cbe9fd61f511660362fb3936ce4ef802b5b61d4719fb85018568ed4ef01ca9bfff9cc03bfaf75e3000bb3d0e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\x4s3ygl\imagestore.dat
    Filesize

    9KB

    MD5

    05c20fd1f42ec6f14b1bef8a6c184adc

    SHA1

    cbe25b811aff86aebdb593dc90955d92bcbd5594

    SHA256

    2f452c0214d932b1ccebe359b3bc3cd3f74ac7e823ee1e5b4f11cceeb94cabdf

    SHA512

    5c0fcb8fa70bebd905b7b0c9c926a0d84bdcb006f930ea4de276adda2981450011215c5e66d32965c59c395681eef81152e76dc5e56f75ba06bedc21cfa1223c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EV74ZOZO\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R2EIRHNV\favicon[2].ico
    Filesize

    5KB

    MD5

    16c289c3678631cd238d96d5a659178e

    SHA1

    af6f9dfe4e365e659371d5b8ec11271daaf0c3ca

    SHA256

    3ec69a44bd0df1b1e6da6a2a7ec8a5aa53cfc6a3149841c52aeefeb61f5ba923

    SHA512

    30e8157b1739aad5696a1a8fcc7b983c7648639186d310bde3072eb62703f1c0a3818c2e665d9436cdc57b38d01156f4a955eb2f0c27c99a354a8f2897cff774

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6DE3.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6DF5.tmp
    Filesize

    161KB

    MD5

    73b4b714b42fc9a6aaefd0ae59adb009

    SHA1

    efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

    SHA256

    c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

    SHA512

    73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7174.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\AL5BO3AS.txt
    Filesize

    607B

    MD5

    42dfbed310e78250717bff181761cec2

    SHA1

    5173cceb86dee3036a5b5081fcb2d0faa281ee43

    SHA256

    d3e0868edbee0142ee692bc6900ab0b6f2cee32d7f13fb287bfca91c1117c8d9

    SHA512

    2c805e1a40bafee1be8684ea1f14c4585b04e3febf02f56087e4463fd1d2d9ad7d815bfe367643e1630b236d69464db5ade536fd08795c8a1e67b30247e95a36

    Download Submit