Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://quiiedoogqqai...

windows7-x64

1

Analysis

  • max time kernel
    131s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    15/04/2023, 02:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://quiiedoogqqaidu.xyz

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://quiiedoogqqaidu.xyz
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1704 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1668
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1704 CREDAT:1782803 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1980

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a6457c0dccec3284ebfde354656b3581

    SHA1

    b04b46fbc333cc512b2a0d2a0ee6c98e42adf034

    SHA256

    3cd35d55e168685fd4a4e6f245e709a0a0920a8e07d280662f134f338da8e797

    SHA512

    e84fddedf5694ad320ea72d754d771fb227139135e49ec11a249638461d6bcd7a1c46bec47238794f0f8bf0c78493edd45da6d99ac2de2c82d271c71e050efb2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    574e0d4f9c920a0fdf2ecd64a1611e06

    SHA1

    816387326927fa05990541427249ce81c7a8ea35

    SHA256

    0d9de8399131b73ab2bbedec4ba3b6192fd83d2b3397dccd7267c9400bcdec5d

    SHA512

    720fa9fa7c5f6fb10b2df641b80b32efd482e338d38c1f65bc3410b8f6ac3346c41cd03347ffaacf0fa0fc3d51c02128856cbf900a847ba555862064f2833c10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5373ceb7c8684c2dc8571c6c8766d29a

    SHA1

    4769ec5a43dee0b2d610d9db98fac2746159a8af

    SHA256

    e608b2fdac558eb81b6b5baeb3fdb1bca0464579858778992c4f4fc68cbb7b59

    SHA512

    695bdf980bbd142cc90f3112d46be5a31f22160730d668e8ebfce439a23fff3fe4c70397cc3ca3a06758aa864a014f0d7c1feb89e97ffe02d2ef74ecec994aeb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b4056580c01db3576edc790f485210e1

    SHA1

    acfaa637ce1a872fd5b958173329d2ccbcde1105

    SHA256

    90f0c6ef22d04355b256cd24a4deda76cc7070c50da7a0e0cf4e825b2f35583c

    SHA512

    7b05e4a16417c75f1211e567588e1b623a638631e492775470445fc0ab853f02f149993b03c7dfca8d2570d7324b1e70de1b7a7043ed14d036cc3262c57c983c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6201471d5716ff9a5806bfb96d6f6e8b

    SHA1

    3a1cf82bc94594b20243ead4717a63d2538ab376

    SHA256

    765befb928484f9920e2f44d122e971e2a2d60c406b9e2cfb97bfcef7794a711

    SHA512

    6c855b66921cd9b7a34a281112047a3d3a4a8f3011327774be4fd3ef8abceaf499cabdd57c28f113864a962e85bab7de936ff02aab38ddb0230e39a488de046f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    322371ab268db9f413738064fba2175b

    SHA1

    0d39bcfeff516ac1af555b1eaa646c7ba9189a87

    SHA256

    910382d4c7a9d10ec79700dcfd14615a2bd9a098210f5a719907cb7df70bc738

    SHA512

    5f0fa574f135a016b03d90a64e0b5fa83c6e1b30163491d62dbec272e587bebc3485b3028a35c0dc996783e30e7b774fc8a4afb6f6c50981d82ad35e7540ae79

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    03bc18318ac9fecb49c4a42feb367aec

    SHA1

    6e495699643b6a51b17678094853ec1458c33197

    SHA256

    2557d7d4abb250cab3366a793729441cdf4052044f340b3f71880e69aa320a3f

    SHA512

    d10f367f8ddcc96ea966f29e68932cdaabe40eb317601ab7789c9e9367e76a96bf354653118766bc8d35ad9cd4e46b44cd881122c7e6bf5d7b201ee9beb93084

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    97017737c10483d4e01d903b647cb775

    SHA1

    03dc2f385a6c0586079d01e6a6c7ea4bb2754788

    SHA256

    817e34c429cdeeb32575cc2a39616f565f0b4bbca6576283ee10dfb7f3c92c69

    SHA512

    0131c7745d02db7d252bf911ffd23f42d40ca654deeaa85fd3c426cece71c357f7660217ae5f8554d9cad316aef4ed292288afb27ee020227828860981cf5224

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    93d8e1c6aa2cb23861009ef59d253dcd

    SHA1

    ff7b2a1588f84ebae913675b4bc313a864813b5d

    SHA256

    1f76eee9a9b19dbcf1fe3e5994ae2b663a835ae050d4401f77751b920b693cec

    SHA512

    69cf2f242bfb45f26baa1143912e120ba2bdff04535ac5cfac73794ffb2060a71123646f8790e365ca6385439883f8d1b4b7df55ea9f15aafa47bf97966fa1be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c86e64cede46034fc81c723c9bb2e24c

    SHA1

    de868768ff28b236a199823a1366a0c80e174680

    SHA256

    e386990fb884c2c93eb3bbb738b0ae3f4bc335d648d0f1bdba44427161e411de

    SHA512

    b9e26d191d40e0d5f29f9aed7f71480f98c45cfff72316deeff1723e830950f0de996b8fbc89bc5e75c91b44603c2659d8ff255e70e938095b51349614d92bbb

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EV74ZOZO\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7DE8.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar8061.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZMWF28RG.txt
    Filesize

    603B

    MD5

    9457d1f5962c9545ea4472ab91279b51

    SHA1

    60617883844b766be9c82ec74dfd29589fe08eac

    SHA256

    08407de9e388e1a48bbd1422e16e6836f1157c1a3ac2dfa6ae41fecdca39d8f8

    SHA512

    55a201cffc769039a6fd29242213b139534081c382885534ada6a9bd151f1be6d4eafb6b98f5804e4c9d8fd70aa38d69e82fd77a02a8d72c29bd45597b454a5f

    Download Submit