Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://sites.google...

windows10-2004-x64

10

Analysis

  • max time kernel
    84s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-03-2023 18:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://sites.google.com/view/dcomrefr/

Score
10/10
phishing

Malware Config

Signatures

  • Detected phishing page
    phishing
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://sites.google.com/view/dcomrefr/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1724 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:524
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1724 CREDAT:17414 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3968

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    1fcc10720c843f6603490145bb6369ae

    SHA1

    bcdccd807446f061a9a6aed47fcb687668a3ffd7

    SHA256

    bf8d204e51e5e78aca46a7de2a16083977bd562e123b78c00972516158b02529

    SHA512

    794e90bd7732729ebb83828e26b3f84be39c5b8ea5849fa3bef6b53973d03fb817a4dd932d6a3d6e1a0a250c7cea47107a9c433b3326023b67fac65ec0e489ae

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    bb4cd9db319e8007cd72aa17af4b76a0

    SHA1

    8951973b028c09c71a792feff54e3096454a8c42

    SHA256

    aca8049efb96040e2124d06db9c9b2f3c5ce4166c831dabaa421e14cb5da1295

    SHA512

    6187a2b310a672f9080b9865115f44ea827a4f013f791105efc1f7641f11f9759877d61f5c50140fcf892b95318f1276eace9f78161dbcaf6e011f31e34f0729

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_78EA4F8D63D8B30DA71A216641B52FD1
    Filesize

    471B

    MD5

    338c42e4ccd475333da107485955b1cf

    SHA1

    89223f304f86cb8c292a3acb7c640b5002b39690

    SHA256

    333964f3284089e231f7cade16ba160392dd24eab8516c55588be6f513c7306d

    SHA512

    fa81016f8331a6a9f1ed6ce277e977d57c6b20caf9a15cd7284b15b7c42f85411df617b62e8815219a0bf88f938c0191d464d8625c66089c667575763f4ae139

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    f569e1d183b84e8078dc456192127536

    SHA1

    30c537463eed902925300dd07a87d820a713753f

    SHA256

    287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

    SHA512

    49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    d2d2f08e084923332788680190b41b66

    SHA1

    d2c0d7658647eb4024f75e0a9f1a10ba71bd984f

    SHA256

    ecd60fca4b6466b56ede4ed1b30b609ff18b6081c3eeb96308aea2ce3efa79dd

    SHA512

    d4e58bf9e12e74d7ad55d3b188cf42c99c552b9189560dfa043bd17450cb04e76f61bd1c09797d35b0bd785edb4ea3dddc9c38ae2bea56a973ec9dfc8d6bd3f1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    2536a08a915ab2bf2080f959b94462dc

    SHA1

    ec314390b521976debcc0761edbbea2c942a393b

    SHA256

    d4f89a0e6ae11a7fff4d8ab9e6a4da2fe306fa5fb4d0aa4d5af323d3911b33d5

    SHA512

    7b12baaa00e4555e19c89b1478ecd2995a21c71480d93cf8288d9e915a22533e7f1c52b76f1846340931f3b294d7ee2ad166e69f0d355e8db4e64eb31ef7c416

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_78EA4F8D63D8B30DA71A216641B52FD1
    Filesize

    406B

    MD5

    99e8bdafb4ed75fe0e7d58b79a067b8c

    SHA1

    93538b9c6e4a4b823cee9d3f1f73a1252bd06e59

    SHA256

    982068dd45747551ded1a87e576d46a3d644a024429a0990acea6f7b14d288b8

    SHA512

    82d368479ea8f3bbafae0cdab47f4ea27b5f16e0ac675a7c1e7a0aba87eecf006f584adcc3484b55e0e93a66015d3ed329c10569ef676bd56faae2005cd01ec8

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    3d8a4934fe681fdcacbabf67b6c8c809

    SHA1

    b8d74b0553a09eaf00a876131f94e54683de7bc1

    SHA256

    817cf63c30105647fb0a8617c1c15e6bd4ce544ca101abaa522ee50c1e49038b

    SHA512

    5e407432c7d6eaf4cfabac1d81a56211d5992aabd42b435fce2a9e5bcd22fa7671432852c8e9a664411ed9fb0fa1410cc7d2f9db55e0a7f4ee9c85693cd29f20

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9afmek3\imagestore.dat
    Filesize

    1KB

    MD5

    2393273102de0ac23f7af557528d0f1e

    SHA1

    44120dc92002bd2842db82237e345430a1767fcc

    SHA256

    f1cd45cfdfedbc4756dc0352bf1dd1af1cdb64eb8d141bc7e209b1219f571ee2

    SHA512

    8822c3af16b90283f3fdb103248d828e23ded530cba223b2a089b2d6ba5887e267214ba391d9b21ba041b12ed5ddeb12b531e6e5b1e5d34946357df40a69f1aa

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9afmek3\imagestore.dat
    Filesize

    6KB

    MD5

    e597ab42bd5855a24826158a5013e930

    SHA1

    961c266ef59b594902fa744dc21af85abe50682b

    SHA256

    c7e7ebaccf848395cf31180d2fec97582a77981a274d5e58af495600ec1e9c7d

    SHA512

    af9c556ab15581d904eb88e87b69eb923be8db5fe9ed5d94264e85c2299a9401b5ebb73f3809d35dca8e34fba05ae2877d2175437b0178b243ef1b1ad141f804

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\favicon[1].ico
    Filesize

    5KB

    MD5

    f3418a443e7d841097c714d69ec4bcb8

    SHA1

    49263695f6b0cdd72f45cf1b775e660fdc36c606

    SHA256

    6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

    SHA512

    82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKFP9JBL\favicon[1].ico
    Filesize

    1KB

    MD5

    ea69a3f95dd5484853d128186db7e13d

    SHA1

    5fdb5fe05108fd6e5386bbda06778af4b446dc6a

    SHA256

    8179e80bcfef62154d1ff7371a1c60bd2c6c1e71c3da2f4a8b1db518a1900ec2

    SHA512

    2169d31065059c3677d025f27a5650c1e35bf83b6d6b3d80842b0809ff67e85388cb00213a4bd3fa76f71909a21298c824b39299a3980ba3b11c0297db472610

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKFP9JBL\jquery.min[1].js
    Filesize

    83KB

    MD5

    2f6b11a7e914718e0290410e85366fe9

    SHA1

    69bb69e25ca7d5ef0935317584e6153f3fd9a88c

    SHA256

    05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

    SHA512

    0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\jquery-3.1.1.min[1].js
    Filesize

    84KB

    MD5

    e071abda8fe61194711cfc2ab99fe104

    SHA1

    f647a6d37dc4ca055ced3cf64bbc1f490070acba

    SHA256

    85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

    SHA512

    53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit