Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://rosmap-it.co...

windows10-2004-x64

10

Analysis

  • max time kernel
    77s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-05-2023 13:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://rosmap-it.com/

Score
10/10
microsoftphishing

Malware Config

Signatures

  • Detected phishing page
    phishing
  • Detected potential entity reuse from brand microsoft.
    phishingmicrosoft
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://rosmap-it.com/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3384
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3384 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1200

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    080320bb3fe7e7f860019942e6f77f9c

    SHA1

    2d6f3813b1ed7972c01df6330eb3b0c30339eda9

    SHA256

    9eb11d5a62c35054e50d193211638a08c9b94d5b360f943df4124e28ab793a6f

    SHA512

    9def7fa57fc58af72dc374f0ca010107585a355ffcb3c1d3b99064a455acf3fe8ed7d42052234fe2d042b5ccda8af4ba16a8b2dd882b01f0be7edb8cf7aa8944

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    f3034e093547e40de3d19d53a08fa350

    SHA1

    83a354d3ca9a2a6ea6bab402def8ee2fdd28e52d

    SHA256

    bf5f21fd4ff36b6a0ed2c02efb3c73e69661cee69877b8098a86dbc4d28512cc

    SHA512

    0ac96b4fb4b11c4fcaac34350d1d7278672efd7962580d0a935b55700fdc75162e619b901f49c713c002de4b7e503b940f2cb7233e3aa0ce6d0e870b01b8bbef

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dcpq11e\imagestore.dat
    Filesize

    17KB

    MD5

    290e81812be727934c66f91d21093e51

    SHA1

    214827a4f85d15e03a499e532a0e19229cfba8a3

    SHA256

    2f31be5c34b243176dd9d3d1becbf8d727415ee845142de3a2c8de3e5c77f58f

    SHA512

    b3d81dcd8fbd91eb2c2ef73efde99b95f36fb86e6f9d525d970ad1d19dfc46f0e83546a8c3b2c830d19fa22d88de049fd1b26f7322fc8c8f12dd98b4d33a721f

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dcpq11e\imagestore.dat
    Filesize

    17KB

    MD5

    379796997d51cf7322a3927d3a41fdca

    SHA1

    58d82c6dc295a8cd173977f97c6c58e9a7f24115

    SHA256

    a089c6b2c2eb43592e324dc3ec75853cf20d3e6dc48ed61ec99a22df5e74641a

    SHA512

    14ff899d5fce25a993788f3191130d7e77ebc96a53db10072020209390d1a45eff640bfa97a95fb7d83b90c96206858d8f333d3a2e3e85d9fa531be2e70c1891

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LZ0AI98S\invisible[1].js
    Filesize

    27KB

    MD5

    bf0cae231b7c28d1b0e5dc3b9eb7e556

    SHA1

    ccf0341bd090c9a91097e1e5112376f9f64e4041

    SHA256

    1b5e677e934d2f36f77c9f08ed559227fafa1ec943c91e9f6b927ee12548e5d2

    SHA512

    1bc35ca4f2ffaf6fd6cc183b92f2e3f538d8604a09d56a63dc37ef2c9ac05d02c483383c623a3a7b635c3b99c8fbe926e17864bd9754c0fe365c52baa8962109

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LZ0AI98S\jquery.min[1].js
    Filesize

    83KB

    MD5

    2f6b11a7e914718e0290410e85366fe9

    SHA1

    69bb69e25ca7d5ef0935317584e6153f3fd9a88c

    SHA256

    05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

    SHA512

    0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LZ0AI98S\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\favicon[1].ico
    Filesize

    16KB

    MD5

    12e3dac858061d088023b2bd48e2fa96

    SHA1

    e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

    SHA256

    90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

    SHA512

    c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

    Download Submit