Overview

overview

10

Static

static

1

URLScan

urlscan

https://jrsp-cmpzour...

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-03-2023 06:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://jrsp-cmpzourl.maillist-manage.com/click/1c311a0864fa39e/1c311a086414c25

Score
10/10
phishing

Malware Config

Signatures

  • Detected phishing page
    phishing
  • Modifies Internet Explorer settings 1 TTPs 43 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://jrsp-cmpzourl.maillist-manage.com/click/1c311a0864fa39e/1c311a086414c25
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2656
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2656 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3612

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dcpq11e\imagestore.dat
    Filesize

    15KB

    MD5

    95bb7bbc34202f26fd416b57722f3d63

    SHA1

    09bf6be4a3afb2d4fd4e8d6aca4f3fab8f4947bd

    SHA256

    43d6d132f55eb9bad2dda258e5c5c16534d346a08fc2ad78bddff1295e324edb

    SHA512

    cf814bee95b58226c61501966065042c7fc24a6875a922dd9f9fb2af1c290f5bc14b37715b5b90c34c2e8b5d9da6ac30bba1a98cf4ea7a042beacd3913838b58

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\favicon[1].ico
    Filesize

    14KB

    MD5

    3691a7e782c685b44023c9c4e3f3a31c

    SHA1

    68c2cfbe1233c391d73a16f3b10b763d9d491b7b

    SHA256

    9c39ab9b766f89b7c9c078fd0fa0f4c095931d09c505428e6b2cb3dd3f19a8a3

    SHA512

    b60ad86c8174b62439fd139ed820a0db4e705ae1254d8c444e89e153c962460f41b2d42fef9774db3740817013eb420c7b3fb09d3f41aa2756dcc10efba74683

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\zoho_puvi_bold[1].eot
    Filesize

    55KB

    MD5

    863af2667bd90df92bf84974d40621fb

    SHA1

    e8757cce5b799444167ddf2e4c1a7f0a69a315e3

    SHA256

    19d47cbeffe149090a7c35702b9e9df811d55474f7652ad4f13c78db80eac1ab

    SHA512

    e6cb6a8351d191451ee1a6423437d37be5eb4621fe55e896293ee4368adcdea269b5525734fa6ca8a15afa082711a6f9ea8661249996a274662c953fa9ecb45d

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\zoho_puvi_light[1].eot
    Filesize

    59KB

    MD5

    5351daf4def92e051e21c33b1c01e421

    SHA1

    190556ec758358d7dbe87dd73e843efb2a93a41c

    SHA256

    7d67af93390da4bc340ebe5aea8da43addfe129d3f59571821c2e66dbda7d777

    SHA512

    6e716cf5b9dab871f9de6def4279bd7b1d95ef528e9ed36fa39544ece5b65777738c242e8ca322073043c3075ad47b6f86618102f6ba1884ce0eeda73c39174d

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\zoho_puvi_medium[1].eot
    Filesize

    58KB

    MD5

    d3721ce4119fbf073c2175c7079f9a3b

    SHA1

    bd5ee3ec90a620491f35b30d0b1fd9ca249cfda6

    SHA256

    b7cef1af86325fbf4c104ff74fc66e4f2a53e257870879269bb5b6737ccfcc79

    SHA512

    6e0e9ae245b582fb8366a5d3415e2f9f5ece42c2658ca10b6a289c832d2b5ef6b069341913638528163bb12edc0378d500e4bb69516b1f1a10e147a25b0da3a3

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\zoho_puvi_regular[1].eot
    Filesize

    50KB

    MD5

    cdda956b52a848ecb4d75cf91fea5737

    SHA1

    c7136eaa7579f4b662d819406ffe98fd2f4ac07a

    SHA256

    f74fb269f4339bcd84b3034bd6f48f8db6a60103084f4f17aec5396996c67bb0

    SHA512

    124d8c908654c3dc1749114522a3917f89a870ea71035539e9deada88e0634523018b15042bbd40003f69b4ecbeb61d8c353288908f1e0c8eade874abb86dd1d

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\zoho_puvi_semibold[1].eot
    Filesize

    59KB

    MD5

    5a4543010df2bf08f459d8f8af468421

    SHA1

    039413592a460ef4614f6c5e377178cc00ea3e7d

    SHA256

    068d94603729696a8ce5709e9d35462d6b896a09fc3f943f618420ca652effaa

    SHA512

    32188b956b7eb608ce4f62898e33cb8d5b14339d410683ca43eebe7a0f21476e8dfe9201c3f26921cca2484f11aee6ed350d3ab7c366bf5d170b6242d9f2347c

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\jquery-flexslider-new[1].js
    Filesize

    23KB

    MD5

    12ba677ca8d53b08643801ce0764ed4b

    SHA1

    42296192aa25c117fa8ce357bda40a710d2e1468

    SHA256

    fc51014c3f4bfcc7847fd0f9552af88afca6afef767a6afdbc87128766a64c99

    SHA512

    abc30cd66494f80a7a8c5fcb66d16345df0ab496f227a1ea90c36033e5f9e25ab90a16ea15e861702a4f1e2209434a7cdefe06373e2741e40bf7392757e6eebf

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit