Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://mrr01.extra.r...

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-05-2023 11:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://mrr01.extra.rbc.ru

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://mrr01.extra.rbc.ru
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4680
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4680 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4220

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    3b2daafe6506b789e6b8b0a9c4eb42cc

    SHA1

    da166c0ddf9e4065561b8849c8a841148797bd46

    SHA256

    65c2f718c41a8b2a8bfa7709fcd48d70ec0546c7e8ff80d83076fec0d8db1943

    SHA512

    2398cb5a868b7fc6638531994ffb1f149db0f231e89fcdc53e4d5a0b44c81cb12aed855675893e27e3b5b48a3e2e10076d403bb697a3319af702ddff62de4173

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    ef21ca03ce34f02a47aeb89899e86e29

    SHA1

    cab52d20b7d7b3466f8199999cd798e748b13dbd

    SHA256

    e7d5ec9f622f7b87189b2adc362b2f6d04db3d3b84371c15cb98e366d8d5a417

    SHA512

    b26567c06a349e119b726aacc2211250ca19edb152d2f25ed363448552994df07215ccf51a29d8d5e962e432edcc75efbb6a0c17d646fec4d9d3277f838e9ea6

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\4C5W1P54\tv.rbc[1].xml
    Filesize

    120B

    MD5

    abc756decd35b38947872c54fbae96d5

    SHA1

    7453eb13b658450bc5d5587c9446ee4f83327468

    SHA256

    0c11801ae021dbe7c959e4da52aa1677a15c1a74dbc18871cacf1d174b467085

    SHA512

    f0140ca118327243a6b43ad28ac76de6293506ba4ed3de8ff0fce82431f12c8d0e53467df69bbe222d01c6914a8aa74ce08e821d737bfe8394aada376bab86d6

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\4C5W1P54\tv.rbc[1].xml
    Filesize

    356B

    MD5

    a83b05d216c3d2d22d3b501673e136b7

    SHA1

    571a0aa2a9d9bfab662458bbd8f7a26051ee08c1

    SHA256

    5476155f0413b521e3e821bca06b5db3bad7130b4d7336b8d10aa3eca725e8fa

    SHA512

    3bad4042ec07bd4bc19d4866befd9497b68ffd40fab532b8dac54df835f12006793e4e9ab20c93fb22807e85cbc484bcfd218d662480d8a64d117c07455df6ce

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\H2HYZ87N\www.rbc[1].xml
    Filesize

    355B

    MD5

    8143f470c91770622e1ce807538847ba

    SHA1

    5bec1401cc1866d718b3be1daff16b02cc041a5e

    SHA256

    0b545285355418c68e38ad0b52fa4fb22fc35b5be39e96fc9ef3f8ea7a7881a7

    SHA512

    017fa8180b369880b5cbe7e4c80b38b5a4b8340c5f08a1d48ac5b92cc3e0e3bf17b3007c04278f1fdd04d3f1368639058e1781107877aa28cf5435f84e1fb416

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\H2HYZ87N\www.rbc[1].xml
    Filesize

    355B

    MD5

    8143f470c91770622e1ce807538847ba

    SHA1

    5bec1401cc1866d718b3be1daff16b02cc041a5e

    SHA256

    0b545285355418c68e38ad0b52fa4fb22fc35b5be39e96fc9ef3f8ea7a7881a7

    SHA512

    017fa8180b369880b5cbe7e4c80b38b5a4b8340c5f08a1d48ac5b92cc3e0e3bf17b3007c04278f1fdd04d3f1368639058e1781107877aa28cf5435f84e1fb416

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\H2HYZ87N\www.rbc[1].xml
    Filesize

    1KB

    MD5

    b7d78d2d72991019eb5e35c42286a0f4

    SHA1

    8779dd402052b11d8e65baebd8c499e5076532dc

    SHA256

    39c6acb2fa03953344a779d3f966be4cc5ff100a569351136866bb675f6743a0

    SHA512

    d576c506c3a896e815e3378558c129ec25a13f0983aae5a8e807600fdc17c28ffae7028fe799c1360f45b4747297a2646abc80f44b7f41424690eab56c82f41d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\H2HYZ87N\www.rbc[1].xml
    Filesize

    1KB

    MD5

    7cd94b6ea6228f2ec1e4d055e449fdc0

    SHA1

    43b54fe8575306bb6dd904821664d0f573458454

    SHA256

    c08800f3aaf7484d8641de3ed2b29b2b75a1004444fde33b0445ca35a752d7ca

    SHA512

    7a1515bb3b95c09a10e3d9c8c826c39ddc60f34bbf0ff5d581e4afd70f7f127b482b35cff1fd4c8f25c163253a6bce6b69a01721d3432b4987024db0a8c872cd

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\feo4h2u\imagestore.dat
    Filesize

    542B

    MD5

    dc34ab44026646982bcc61b0f4e3fa24

    SHA1

    5ee3f831edee316ff57214cd7dbf02ca18b43d48

    SHA256

    53f6bc26fc5d50c55bfa7ce14b238787aec4a0b9338f84fc2b8e987afe7927d3

    SHA512

    e63cb4472fe789ba69a8f3a5d7c2b0cd5148c9a73508d5320bf4858898073e3be2d652673e4c28eaa692cbb31a16dd733b580c19d3d68dafceb4c297bae2a9d3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\feo4h2u\imagestore.dat
    Filesize

    1KB

    MD5

    aa560a685368254f066d3b056e066d52

    SHA1

    cf1c482bec200bf959d545d8a12c95aa946eeaff

    SHA256

    727b3e14d410ede8bec3b7bb2b43529990fc0643f935b275bc4b28eb9131c62d

    SHA512

    9cda442cf89fdd041d244416dba0a6910fe5d329c863c42e9ae2af172126696c0f47275ea42680b8bb995cf0101a10de92455596fa8ba7d02c3220b6bf8ad768

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\_paywall[1].js
    Filesize

    7KB

    MD5

    85704b153bfcc6fe7b638897eb9d10cf

    SHA1

    9e9372c13e1939a4f72e4f8132a8a26363fd11ed

    SHA256

    f59282b66d6a3cf29a0330b5bc920da31b9b8de43eb0d6043aeca102fdd8468f

    SHA512

    1f4b5b010b664c132ef41ac265853d8a4386d96f015c796cebd161d92bbfb76b33f8f4c7011d11f493404262d735bb6b0842f52f5872cdf09f4cfb3ffb3b86b8

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\analytics[1].js
    Filesize

    50KB

    MD5

    4507839525a19180914799b08fb5fa5b

    SHA1

    738d7e47e47a102e67d09efa63408d21aaf02245

    SHA256

    e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44

    SHA512

    124bb24b26ede426ac7ef14db40ff894ddea6eb9c7a5bf408fd83b116bd55ec86b51b6839d5eec7ec0f481aab940795006005b4534dff6cc0f3a6560f7cf9bea

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\app[1].js
    Filesize

    99KB

    MD5

    e4fad94627e5b041337b68ff22d91826

    SHA1

    8de1b6c8cd69acf832a320f54ce24818782732db

    SHA256

    de3e0825ae9a25bf2336fa3eff4cd6abd193e27e408d561a3a7c4b54b0a6a13b

    SHA512

    861d03f1e596242a9497ba082dbc909ee7a2a556455576c9d21aab456fe284af2dd47fd8a877939308df642a77f89aff4957e83dce35c40bc592e3dda0a13b89

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\external_libs.v2[1].js
    Filesize

    7KB

    MD5

    f508be4c775424457bcc75b355da3f8a

    SHA1

    b4dfbb828a54d6b83213485e99bd4ce012986565

    SHA256

    724d685239669ac4db6763d8fc4ff79d629067941a7bc5b738ef8a46f3970df1

    SHA512

    4d106ff65efd455aa079d8578ae4b7e149ea380fff7450eae7bc31051ed9289b0dee517109dfd840de8e8a1d7dd03343e9f987258a38fad858ab663069bbe0e1

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\jquery-3.5.1.min[1].js
    Filesize

    87KB

    MD5

    dc5e7f18c8d36ac1d3d4753a87c98d0a

    SHA1

    c8e1c8b386dc5b7a9184c763c88d19a346eb3342

    SHA256

    f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

    SHA512

    6cb4f4426f559c06190df97229c05a436820d21498350ac9f118a5625758435171418a022ed523bae46e668f9f8ea871feab6aff58ad2740b67a30f196d65516

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\wamfactory_dpm.wildcard.min[1].js
    Filesize

    17KB

    MD5

    7c87f93ad62eb738968b8784b09a919c

    SHA1

    09b799cdb08ab4d381d223aaabfb2eda86fb381f

    SHA256

    39c3920c12750e0cd51c9c71076108b5d7965acdf4b9303cbb38ecf2e9ce1d3e

    SHA512

    92183fcb06550bdb1cd368950d1304da85e66eb7cae6bd227f16b8bccbe030d0919c23f74a3287090a6e23dbc83cf5f4c059f13f15b76a70029b231482e7a059

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8OI4IV75\_core[1].js
    Filesize

    24KB

    MD5

    1ab9e6f01a5d96fd874ed54114a599a3

    SHA1

    d323690e24caadd7f0a15749c38189d009cc3032

    SHA256

    06192b80464f1f6989bde27cf47196ab97d3dd4fdf042ccaeead133a3067f213

    SHA512

    78bdf644df3e3c7fc1086bc021525a3d4cbada17577a129348f3cea3fe1568a68c59ad3c67ee15c0ab73513a1bc615053e4752812311b9349c99b9461ee37256

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\GraphikRBCLC-Bold[1].woff
    Filesize

    63KB

    MD5

    b68dddd3400fa4faa6da350e1a351218

    SHA1

    d83cae7cb8a25d7463dd47515f89bca4af4312ad

    SHA256

    82f686e62fe4a83265b133254528fc2f0791e74403cf20c7984c01bcc7086c3e

    SHA512

    b4ecb8261b4c57a87294feaf700a0f9b20015b3dd4d2f528799f6c3e9d31e39d99b83c2c916e2bb346da532cd2908c099cf8c90f10442b4d6cc88c3e372bf5ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\GraphikRBCLC-Medium[1].woff
    Filesize

    60KB

    MD5

    306bc60df8ad53a9263a4d97e999b6b0

    SHA1

    8c656ef56ca2018b0e14877b042a3c9bd03db55d

    SHA256

    7f0a4473b594b03b055acc20f4d092b29ca3b9490840dafd41d2cec491651862

    SHA512

    d040dd3945be75fb41fe8900676a0175d45d84f3f0414dc9f5db8a3157faf2c6eee41285d64136e5c56bef70eee0db31490be21981d587eaaafa760cb3cedf22

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\GraphikRBCLC-Semibold[1].woff
    Filesize

    62KB

    MD5

    a06358d0d6ddc31793922df0844211f4

    SHA1

    debae6264aa7da1c6786c2d28965da8d2687535a

    SHA256

    e4e4d1b8b3de4ecc92bfb9214ca88893421630ba3f174246b1340b96d13f50aa

    SHA512

    11c030dff8a0ffbf22ec1d45697a457df60b36e7bfe001853de64f56e83b6d2b01fc82aaff448b9f79ca655168dceace2197d22a72ba6eb1b41edf17fc1ed591

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\favicon[1].png
    Filesize

    342B

    MD5

    da61e05e5564873216e54f055888a8a2

    SHA1

    4de0a1e6d4d865544835844fbfccbead9b9d2a30

    SHA256

    41e315711d50bb82a5b8aea1b7247a51453b51c170dd7cf77a60ceba6d0b2ae4

    SHA512

    661ec835a6bcc85f2e492c4ef1d16fa5eb0a2181e561f1af8ac6b588b2e847076aeadfba18382197a1dca8665c48a30cc748dcc83dca8cede3b74902815cd915

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\GraphikRBCLC-Regular[2].woff
    Filesize

    59KB

    MD5

    9a72f420fd567db825e0670b81e08f14

    SHA1

    6af3cc5e2bf04c5fd6ac0d771f3064a931617d46

    SHA256

    54a5e6b83a2f0044603054100eb715579bdda4547aacae73ab9e54db3cb07eb3

    SHA512

    383d075a5cbd428b0f305731ec90b03ea2deff9d0e77f66a86eb677101ddc26e4e5407eb2c3d7df594c2a241aeda9759882c18d8086a06b6a85d9de2c66acaa1

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\_core[1].js
    Filesize

    19KB

    MD5

    691acb04f78e2d34830e5e5eba4b094c

    SHA1

    6c94aed1c1734be84deac7313d182ba50bd8e77f

    SHA256

    804335d64eca84bc4c86887094484b00f2d6d3673145da9000d9bde723674f80

    SHA512

    059aba951dbc1b9016aa80c43abc6764a6309230640a31473edb5063af87c1b5c756ddae8c0ebf15c8560aabe081fe7335bd660fa8c9d8c0801dcf3e471a1263

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\topics[1].js
    Filesize

    1KB

    MD5

    3de78150dc428dbc65209b52bc6b62b3

    SHA1

    43d9dd37ccb9de9304ba992a061f9266047bbe82

    SHA256

    daa6e706a0764c808758a080119ca8c914f453bb753686d2255518d7c3d93a84

    SHA512

    001c67148dc558c1c9907415e2270f9473d0e1fc73e83308b3b3e7bc1b103d7945b99ff8aaaa6851767a4217186f930f3a9b233d209aac56a1f2ca3a8bdb376f

    Download Submit