Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://58.22.2.105:1...

windows7-x64

1

http://58.22.2.105:1...

windows10-2004-x64

1

Resubmissions

26-05-2023 12:02

230526-n7ne3afc89 1

26-05-2023 12:01

230526-n62w3afc87 1

26-05-2023 11:46

230526-nxb92sfg3z 1

26-05-2023 11:44

230526-nwensafc53 1

26-05-2023 11:39

230526-nsn32sfc34 1

Analysis

  • max time kernel
    194s
  • max time network
    220s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    26-05-2023 11:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://58.22.2.105:18080

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://58.22.2.105:18080
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1204
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1204 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1676

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    26ebbfc447130f3f080c4787a8b241b8

    SHA1

    cbe7c3cccd1fbeab63f768f2b722bacf19fbcb80

    SHA256

    6a8bd7d25023848585da0f6a57dd697e7fc7d2d8a098d4bd929f2692e280ba2d

    SHA512

    b733a8813c58fa66aaf9a650d8e1af8be7b7b4ce15dbb075183c79343043b768d3227deb6b46c23bdeaeb63cbbc7eec96572e26a2bf351f5be3dce5320d324db

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    744969be80e9a9be27835a247fb97523

    SHA1

    1a44ae725e2905c2c2db73ef0e019dec8b405d9b

    SHA256

    af347327e222b79ecbb2cc03f95551911981c9d862ccca566968934c7c520d5b

    SHA512

    2bb4a2c28cc5833894e5071f47b20ae95d5906d298d8b543eb40cffe6e9f2983b62b4ef28d674a149e4d8629ad0192b48bae328828c26d0ac0356f5c9dd18495

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e94fbdcc0a967b79744276ddd7d3ea04

    SHA1

    d9312825b445704e743d6d619b1b3c9c223f427a

    SHA256

    f8a06ad7acfadf2760bf24b95509a673cea6811ac6f0f260bd84cfe45df07372

    SHA512

    3797e2608d02b86d3830451e5d45735b37bc8430dd4839f429e046b5d04506d1bb36dda36120662690078444720683314a159dada47c51bcde08a06e759b48af

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    42821238efb841237cdc1b699921ca0a

    SHA1

    b9dbf4b34338f56f0da76895d9399a09ba8c13d0

    SHA256

    3be75214852676a21ebc465330409647dc2b46db8630833e09ed3f23986a9320

    SHA512

    c4e4eba7beeec8102527a2e32c30d5e60cbc707da5f12da0cbfada1b94a28b63a2db6fbda0d06efd021186eacfab8af24f4d0f85b33424247544ebcc1b7e77ef

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    423a72fa0e2809775d315084aca73a07

    SHA1

    4e33a300eb1b281fc99978e4feea6ab3587d472f

    SHA256

    bf7c11f7bf48d80d06f14a29b72d6e90a27de3fd0366dc5b807b9e634c16b99e

    SHA512

    fcc21f1ec7f7458d4c897c6d523735207e5defecd61e87a6cb927c0f1ffbb40dba7b71a3720c7b1bda1a3fb50ba02946f62b37b9e44aed9e0766a0a83f5fea9e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    326baaf762543785236cf42d6cc88725

    SHA1

    8673b266eaacfb2661d0f441b231415241e6168c

    SHA256

    8d3223759802006d54f45d7376f1a9a329b25a35eaec7e0b29dfc25c4726b9e3

    SHA512

    39a934fcbb5ecbea3f45f640f721e20fe6a7f262de5d9c4412e747ed9409fa7ee92d50a102661bf71765bf4d81891fd649a0e40252ff47bcc6ae251c18e100ed

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    787570e68808c82712a43df54dd60049

    SHA1

    dd797f5d1027c4aa2d6a488b0db1c398e6c42d72

    SHA256

    8f1480a1cb121fa001f081206907b7d4dc99ae37bcda9ff8de7baf5e7e71c06c

    SHA512

    d76943ea81a95158bc6e890d01e8df3c3463681df535f3cde014b747ae832828d2bf3f3954bf7123131f2d37d372ef0ed677d141b7a7fcec96d3d9ef3c620419

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7aa09201eacecbbb4efa73557dedcb84

    SHA1

    abefa65247196434e4d0da183f24cc4e25d67ce9

    SHA256

    053299bf263fb2c29bad028c5e6a90393466ea5b0e68485027f62b2267dba513

    SHA512

    f7dd800ca484271f02674247cbb86cb7bcc7a29ae4f41e80cc6e0fc05d60684c847981018e740aa4605e5eb9491868c65b0d107ae470f766880350f1ef22584c

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7FIT0B8\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab430B.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab43DC.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar443C.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\TYIPQ0LX.txt
    Filesize

    602B

    MD5

    1ee7cd52d7baf7916de9d43640ca6568

    SHA1

    ed11191a461e8ae0fda6f2cea3e785266a192079

    SHA256

    908b7183eb6327d104cd128a6bb76cc53348b3c389bc5b12fe7252fbf9e56a79

    SHA512

    c947b30491c3171137d385a3a295cd1311cea1e2f865b9cc390a73cb1647b7584c8dda373c690036b98dafdf98dcdd05c61645411eaf7f3abcb6873c4c57e941

    Download Submit