Overview

overview

1

Static

static

1

URLScan

urlscan

http://slack.com

windows10-2004-x64

1

Analysis

  • max time kernel
    173s
  • max time network
    201s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/03/2023, 22:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://slack.com

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 54 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://slack.com
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1884
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1884 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:732
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x47c 0x300
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1724

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\69C6F6EC64E114822DF688DC12CDD86C
    Filesize

    779B

    MD5

    9384ab7f52e0e78d1d16a44577f4a394

    SHA1

    ef6bd7d905251a84fc9c8855677d7a374e00a381

    SHA256

    805a55c4aa3a02174c5c96e8a7ad2c47f45b151cb87a3a6f89da7cc17b4a4fc8

    SHA512

    9f8a0786b55f02c0279e9bef90068a34c2cc2713b103a47fbfa13825942e0835d25c2f837bc34b2f31859fa14c888a403c6b30926ad2332ae6ef9b222c1fd8b3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F
    Filesize

    7KB

    MD5

    dd50a5d6139e6d8b6992797ccd04818a

    SHA1

    7350c9c059d598c83af220ca6d30f1b13540cfa0

    SHA256

    b117851f48442b165516bc5b29d58ba0efac8b73ea78bfa676d43be87d9d5df3

    SHA512

    273265d2df03adf0284203a021f2f1f1d13d7b3e3154a7837d8112a27db591bda198f074ce9d2ca743c400a2c90b180b4f0be03fb950c8d342624a7590aab976

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\69C6F6EC64E114822DF688DC12CDD86C
    Filesize

    246B

    MD5

    92df2b6fbe8a988c20dc983a89305f37

    SHA1

    7a310e1dc9abaacaf8e902744f07b8c617cf7bfd

    SHA256

    cec3ce47d1f98d7f667121278922433195feed32c1ad0e264d2e9e07184aaad2

    SHA512

    e219b9e3d83bde26971e0d68ee63239df3319b8be29f5a58c190bf04db0154bcd867bfb32d9dd7fc4cda5aab0ba006aa150f3c4fd82b43b2d307a13fe0a6e9c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F
    Filesize

    232B

    MD5

    233c857569116408792021df1e11f2aa

    SHA1

    f7d677f120a97d6880160f1372ff338178e195ac

    SHA256

    69b49874d51ab0afd74b059febb8956776829e23a279032c6eb7ee67bf1af5ad

    SHA512

    df93abc38f2515b68f505337dcadc70042de1967f851644da754c28e8145db77be2cfa7e282c0dfa8489d6d6a851c41ca3624d9172b359b4163f059800aee61d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verDBE9.tmp
    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1IYUAPIF\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S1Q31HZS\favicon-32-ua[1].png
    Filesize

    1KB

    MD5

    4d93fee05ad86462c5af801dae6b8d7f

    SHA1

    0d1a4ad2274e00123f146e04e25d300cde546a4b

    SHA256

    b064e0d943b3ebf1b2106fc898ef98168bc4ac3787e296822796863c8e907082

    SHA512

    20c61ccb2a7b8201214ba35c09329472a13ffb29b4eb37df63a01e2027488e1ff59098e60cd01133887658b91071a71636f1c368907dfde8055347c87ebb4343

    Download Submit