Overview

overview

10

Static

static

1

URLScan

urlscan

10

https://jolfree.com

windows10-2004-x64

1

Analysis

  • max time kernel
    40s
  • max time network
    45s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-06-2023 10:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://jolfree.com

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 22 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://jolfree.com
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:964
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:964 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1420
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:2272
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
      1⤵
        PID:2104

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Persistence

      Privilege Escalation

      Defense Evasion

      Modify Registry

      1
      T1112

      Credential Access

      Discovery

      Lateral Movement

      Collection

      Exfiltration

      Command and Control

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\anq17kf\imagestore.dat
        Filesize

        23KB

        MD5

        0f88b493ad3d46afcc78c502436a0815

        SHA1

        422ac4053a8ef3d200c11d4fa4c30731e0b27cc9

        SHA256

        d181015654b9d3893e265f1842989ab35f1f7277a0ed62702b5763cef2c7680d

        SHA512

        e0a1c2f15f0025c593bcecf8f4334badd2fb65786ae3640181394d3222f482be359b9295c34aabfa9eaa931c3b1aeaa11582b19d29299d5a4d921596a8423712

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EVX3E502\favicon[2].ico
        Filesize

        32KB

        MD5

        c3dfd147f45b5e2fa32fad03a62a7b1f

        SHA1

        a02f6e0ea7b242eb89a4b6d5b548d543b0e23adf

        SHA256

        96647d6bd18c7a0e03ae658d15ced03797ef17a6e575e623409cade1ca46744b

        SHA512

        834f79df8b22daa96758c4aef78fd321720f3fa242e133e2844e75d38b692d787267441e181d12faa84ec986113c23fba69e8c415e18e27c47b4d1436ddc3196

        Download Submit