Overview

overview

1

Static

static

1

URLScan

urlscan

http://8.8.8.8.53

windows10-2004-x64

1

Resubmissions

10-08-2023 15:36

230810-s115ssec83 1

10-08-2023 15:36

230810-s1ypnsgb2s 1

10-08-2023 14:43

230810-r3nrtadf39 1

28-04-2023 11:07

230428-m7zyesde62 1

10-04-2023 05:23

230410-f3az6shc3s 1

02-04-2023 14:20

230402-rnva2saa8x 1

02-04-2023 14:20

230402-rnns9saa8w 1

02-04-2023 13:38

230402-qxwpsshh41 1

05-07-2022 11:46

220705-nxsa9saga5 8

Analysis

  • max time kernel
    255s
  • max time network
    400s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-04-2023 05:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://8.8.8.8.53

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://8.8.8.8.53
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3700
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3700 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:5108

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    35b0dcab0a964fcf8faea73026f0acf2

    SHA1

    69e50d8858dd39abdd3f59fcdc94087ba1ab6103

    SHA256

    278df06df11a323bcb6989b641c67047f032b3d4b80c69bda9573fe852458006

    SHA512

    01c7fab1839ba35ba9fda12448690700d26afd37b89d3fc9f7bae5e633d199a70b0701ecdbf655d392f9d7e4d73afdc9a12b4728d227fc762c8cfd573d545f96

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    434B

    MD5

    c5a0a286bb3f1b0c9420554cf7270bec

    SHA1

    fd27d204eb597dc5efc37447d93d25d25404ca09

    SHA256

    f1ab9191579b10d0c30805937b7df81e0409dbb680b272979c0cba899e643d39

    SHA512

    5d6a3c44a08e6714246c5c82341aaa4d5f43d6f80ce03d592651a91d6e6d53e15374deac8c3c94f2687d9b3d77a2f59b7c98618e672c78eb48e8893a01ef398f

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verE479.tmp
    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YYL8D8JJ\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit