Overview

overview

5

Static

static

1

URLScan

urlscan

1

https://lovelearning...

windows10-2004-x64

5

Analysis

  • max time kernel
    55s
  • max time network
    59s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-03-2023 19:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://lovelearningscotland-my.sharepoint.com/personal/janet_miilsmart_com/_layouts/15/Doc.aspx?sourcedoc=%7Bf65699b7-ac44-4c7b-823c-9b8287aede6c%7D&action=default&slrid=6d74a2a0-004a-6000-631c-ba59786b6d0f&originalPath=aHR0cHM6Ly9sb3ZlbGVhcm5pbmdzY290bGFuZC1teS5zaGFyZXBvaW50LmNvbS86bzovZy9wZXJzb25hbC9qYW5ldF9taWlsc21hcnRfY29tL0VyZVpWdlpFckh0TWdqeWJnb2V1M213QmtZcjhhdHdtY3J0SDhhSEpPUmg1YVE_cnRpbWU9MFg3aVBwNHMyMGc&cid=51ee4ad6-be37-4d26-a370-b0762faf9760

Score
5/10
microsoftphishing

Malware Config

Signatures

  • Detected potential entity reuse from brand microsoft.
    phishingmicrosoft
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://lovelearningscotland-my.sharepoint.com/personal/janet_miilsmart_com/_layouts/15/Doc.aspx?sourcedoc=%7Bf65699b7-ac44-4c7b-823c-9b8287aede6c%7D&action=default&slrid=6d74a2a0-004a-6000-631c-ba59786b6d0f&originalPath=aHR0cHM6Ly9sb3ZlbGVhcm5pbmdzY290bGFuZC1teS5zaGFyZXBvaW50LmNvbS86bzovZy9wZXJzb25hbC9qYW5ldF9taWlsc21hcnRfY29tL0VyZVpWdlpFckh0TWdqeWJnb2V1M213QmtZcjhhdHdtY3J0SDhhSEpPUmg1YVE_cnRpbWU9MFg3aVBwNHMyMGc&cid=51ee4ad6-be37-4d26-a370-b0762faf9760
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1556
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1556 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2040

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\osplltc\imagestore.dat
    Filesize

    18KB

    MD5

    14dee4929b2b0dd28f66789ac351372b

    SHA1

    22f6aa0da9e95c92e5d213f0bddddce82c83e6f1

    SHA256

    8fdccae628e9a6f7772574ec969e5183ea11b076442a7026a7816f6b58d47cf7

    SHA512

    5a1747ed79410a307d9b9a1e01d716cd11bd455b87d4e71f132be4fee42b23d0dcfb67fd120da4c686401fc7b43248bcbab2acf326227c57227b62751615880f

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\osplltc\imagestore.dat
    Filesize

    18KB

    MD5

    14dee4929b2b0dd28f66789ac351372b

    SHA1

    22f6aa0da9e95c92e5d213f0bddddce82c83e6f1

    SHA256

    8fdccae628e9a6f7772574ec969e5183ea11b076442a7026a7816f6b58d47cf7

    SHA512

    5a1747ed79410a307d9b9a1e01d716cd11bd455b87d4e71f132be4fee42b23d0dcfb67fd120da4c686401fc7b43248bcbab2acf326227c57227b62751615880f

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\osplltc\imagestore.dat
    Filesize

    35KB

    MD5

    2ed51c82372b7ef1ff5fe102de96571e

    SHA1

    98637bbf41a20567e914ca11cddd28d48f8f154f

    SHA256

    eab478352ebf3d13f4f680234da4926e7d290e43b3892336282c75cfb6e7ea60

    SHA512

    e885c74beec5135f91c53dedc29d869dfdb788d09872ead4fad81046e3a2740716a31cea1a24ee57a422c31bc120250e97997a49811c40cdf849e9ffec516c11

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\osplltc\imagestore.dat
    Filesize

    53KB

    MD5

    1d9be4fa00c47f6d5dc6a9f56d880cab

    SHA1

    2396b19487b0189cbec45a4a111bfed2a39c76ee

    SHA256

    a19d4dd66264ba2da124a2d8c58d2ce1fdb38a0a045b51d0604579deab1fef92

    SHA512

    9cc0e48dbe4cf42bd83c6deb7157eb18bd3de04ec59b494fb61ce7a251baf5cc2442b5368bae216d4a5460ae76fcf4284bc5bf15e10c84108782022794af9da0

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S1Q31HZS\Converged_v21033_Ouf1esRqI-5-K85Q2hruAw2[1].css
    Filesize

    108KB

    MD5

    3ae7f57ac46a23ee7e2bce50da1aee03

    SHA1

    150159f85a646f3f4cc88115bd0d3ad6db66f14d

    SHA256

    257d51dc38cf3695b024433ffcb6d66e3e21db0660ef379f9c3006b5602c82d6

    SHA512

    6c55af8dd5ee5113a252bde0ebe40b0e7a2c988f6339c46275d717123a29c239d53baf3ce76d6a63c42166ac0fbdd5eac15f38f1e8d43fc294cdd348baa005af

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S1Q31HZS\accountcorepackage_a5ARGmJHpEcannOQPbqa4A2[1].js
    Filesize

    53KB

    MD5

    6b90111a6247a4471a9e73903dba9ae0

    SHA1

    fae6581c7c89d99af03cfe3e3c1464952942b013

    SHA256

    67885352dc13ea6e8a29e38aad9510f2795bb25f675ab2a9d33eb08742ce23aa

    SHA512

    7b53defd8ccacd757ee9a8083dba79a167b6e01cea1e1907ef4345668e508513bc1e1de4b7f7a4269f2dbb1c4f9f2cc9db7937255d2f819249764386abcb2e27

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S1Q31HZS\knockout_old_GJ62c6D9R5HuKFdkoO8XYw2[1].js
    Filesize

    76KB

    MD5

    189eb673a0fd4791ee285764a0ef1763

    SHA1

    13273a13087f0b15c2d9e8c72ea1caf2e1256b07

    SHA256

    c58e92c3abac24575f36960372e39f10ac0e20b3c33b605f2b3d3e1498acf025

    SHA512

    c59597872f1a972d6f2e08b51c95f1e497b4765bc468086f0aa98f8f9d31504e17349ee114d17c35be31b2784ed3f3d4097954142e7d9a6cc75c97cc3faa0838

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TUIJN6ZA\ConvergedLoginPaginatedStrings.en_ue7_tebB8aNEoJb7sWFBTw2[1].js
    Filesize

    35KB

    MD5

    b9eeffb5e6c1f1a344a096fbb161414f

    SHA1

    c884867054387c103176f3db834464ba69a538f6

    SHA256

    51269f9128588ba269aad95eeadda121ea55954d28abb1e917427ef7f44e8170

    SHA512

    3b13181b3a3897dc549c549402a0f34d761b518a0f75446e881c9088d5fca3adb63e8b573d150a0533a7a10b025dc41887a5d263005f2ec5b15e8355571ff6e4

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TUIJN6ZA\convergedlogin_ppassword_87e9bfbe6f36f03b8d90[1].js
    Filesize

    23KB

    MD5

    cf9c39fdf159129ad4a7e144b6cd9e4f

    SHA1

    3e756db1ce78705d87aecb137e1eeb3cf1b48f85

    SHA256

    11f815b0ca78d1baf2b3aeb882e5504160dc2355f1788c9b00d8253b28a85c37

    SHA512

    860fc53004f4acca39f482b0fd37cf1cb56ca085da1038cc5ecc67616a2b452322391f9d2a9ba94e45eecc49e4048d398d44db543337e6d8666a3416c24e9af5

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TUIJN6ZA\datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2[1].js
    Filesize

    7KB

    MD5

    87effb0bb533c1d79f5c94fd9e30c14d

    SHA1

    4e4f5f3cddddbfddb46a1626d7ce579a639de389

    SHA256

    617e32ca57507098771fd30af6b9dcab063448f6d7e0bc6d6557dd1895f80543

    SHA512

    cb107c09f9a32d85bf2af714ee9bf7ce2649aa33e63c2255d4bbd281e3cda8fbdfa2e58212e8004aeeaab4dd8c94543f82187c7673189cacbdd5cd8c26c563f7

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TUIJN6ZA\favicon_a_eupayfgghqiai7k9sol6lg2[1].ico
    Filesize

    16KB

    MD5

    12e3dac858061d088023b2bd48e2fa96

    SHA1

    e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

    SHA256

    90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

    SHA512

    c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TUIJN6ZA\oneds_CBxZrnSxLbjHuOGn7pHqpg2[1].js
    Filesize

    81KB

    MD5

    081c59ae74b12db8c7b8e1a7ee91eaa6

    SHA1

    aac2907452310c7487346691851ddaf0f767cac1

    SHA256

    93ab478d7a7a79e7723b0d968b7a98230c8f991bd4e2cea5798e23dfca7280e3

    SHA512

    5fa4a0e8c7ba5125e1b7d42367073591d704f3de111faec8bd5ecdbb0865ac515ae9bc758c6db6f2d10b5e4c05d6507da61bc50cea00c62c8be18bb9bdaea762

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YYL8D8JJ\2_vD0yppaJX3jBnfbHF1hqXQ2[1].svg
    Filesize

    1KB

    MD5

    bc3d32a696895f78c19df6c717586a5d

    SHA1

    9191cb156a30a3ed79c44c0a16c95159e8ff689d

    SHA256

    0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

    SHA512

    8d4f38907f3423a86d90575772b292680f7970527d2090fc005f9b096cc81d3f279d59ad76eafca30c3d4bbaf2276bbaa753e2a46a149424cf6f1c319ded5a64

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YYL8D8JJ\ConvergedLogin_PCore_CCOnsQWjWWxQEjnmEQGZCg2[1].js
    Filesize

    397KB

    MD5

    0823a7b105a3596c501239e61101990a

    SHA1

    f947b06887108c0ff80c7452e0aabdab1ce338db

    SHA256

    857cc11c3d3c0e7c56dd8ba4c185b9a3dc4024a695a0587c5a2438c935f9d71f

    SHA512

    89f7fe66d6f681f377ca24436104bbdb14cc5a8b7cf80638a851eea0c2a28459cb59a6b8ecf474b1941fa5acdc9b7b72499bde36efbda7944a054085a7657c0f

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YYL8D8JJ\microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2[1].svg
    Filesize

    3KB

    MD5

    ee5c8d9fb6248c938fd0dc19370e90bd

    SHA1

    d01a22720918b781338b5bbf9202b241a5f99ee4

    SHA256

    04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

    SHA512

    c77215b729d0e60c97f075998e88775cd0f813b4d094dc2fdd13e5711d16f4e5993d4521d0fbd5bf7150b0dbe253d88b1b1ff60901f053113c5d7c1919852d58

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YYL8D8JJ\wlivepackagefull_stPwvW3-5mShoxrbkAw2qw2[1].js
    Filesize

    58KB

    MD5

    b2d3f0bd6dfee664a1a31adb900c36ab

    SHA1

    b2c8604dfad18a8f5a581645a3074345b84cf618

    SHA256

    bed1919fefef746642c8a8cb3259e1c2bf797e345d5f0932c1d32970ab6293eb

    SHA512

    341efeef51d8c7f03dba9c5f40e04288fb49f5b6903d197b8a777009475f6824121bde22ab4e1a0ef28463994582ebbcd15d4f1e432bbcb8634639b0fa106f47

    Download Submit