Overview

overview

1

Static

static

1

URLScan

urlscan

http://1221974d6c5e1...

windows10-2004-x64

1

Analysis

  • max time kernel
    61s
  • max time network
    64s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/06/2023, 22:44

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    http://1221974d6c5e128a599829062e08c4776b4a434b7db25af663068a87ee480c17

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://1221974d6c5e128a599829062e08c4776b4a434b7db25af663068a87ee480c17
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1116
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1116 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4516
      • C:\Windows\SysWOW64\msdt.exe
        -modal "720968" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDFF4F4.tmp" -ep "NetworkDiagnosticsWeb"
        3⤵
        • Suspicious use of FindShellTrayWindow
        PID:4368
  • C:\Windows\SysWOW64\sdiagnhost.exe
    C:\Windows\SysWOW64\sdiagnhost.exe -Embedding
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4020
    • C:\Windows\SysWOW64\netsh.exe
      "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
      2⤵
        PID:2400

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
            Filesize

            471B

            MD5

            da2215c4410102096b859c34641c1c55

            SHA1

            1c9e6edf895edce383afcdbace98888ed04d8504

            SHA256

            59a9869f27af892cbee4a1dc648dd61c43b1375940194844538931b0e436784f

            SHA512

            4ec3790b3f811fe3499af6ea2ac94849a7e174b94d8c7613fc5f9bcd00e2a391fa0be8855a8a577cb029b73f7d15bd55d0049c326cddf64cbe5afb3ab733e2e8

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
            Filesize

            404B

            MD5

            9511ed52158ecd1647e188997751d781

            SHA1

            df8e42bf98a93782901ba55335e5d83a043cd4fd

            SHA256

            ca1023f0171e0e22cf5c87a0d1c80c19efa12dd09d03c7f701f75727d2dd5733

            SHA512

            39dfb34925cb86f8d30f4f90ebedec2c1824fccdfb7d20e4bc25f366e971be78bcd856ace0365aa519f48558b5cf7a467cc530550d2ced860a7fbbc895211c24

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\NDFF4F4.tmp
            Filesize

            3KB

            MD5

            71b03ff3c3860951148813e6803102bb

            SHA1

            6a6a57ca4aef0291ef5afd559d177de602b1e889

            SHA256

            60a0991e8bd0eff6607ab1e81008d058fcbd3eaeb67847d6de675dfca72dd471

            SHA512

            47bdb5ee0f37b91c96b0d44bc9edcfcd28bd952d75d05c879aafeed5ad548d5f61cacd4fb4a7e1694be3942b1a92440533ac92e13a66e9a3e782472fae9c7685

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_je0vwz41.sx4.ps1
            Filesize

            60B

            MD5

            d17fe0a3f47be24a6453e9ef58c94641

            SHA1

            6ab83620379fc69f80c0242105ddffd7d98d5d9d

            SHA256

            96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

            SHA512

            5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

            Download Submit

          • C:\Windows\TEMP\SDIAG_075e6e2a-ce73-4da9-8050-0d1433a12125\NetworkDiagnosticsTroubleshoot.ps1
            Filesize

            25KB

            MD5

            d0cfc204ca3968b891f7ce0dccfb2eda

            SHA1

            56dad1716554d8dc573d0ea391f808e7857b2206

            SHA256

            e3940266b4368c04333db89804246cb89bf2073626f22b8de72bea27c522282a

            SHA512

            4d2225b599ad8af8ba8516f12cfddca5ec0ce69c5c80b133a6a323e9aaf5e0312efbcfa54d2e4462a5095f9a7c42b9d5b39f3204e0be72c3b1992cf33b22087c

            Download Submit

          • C:\Windows\TEMP\SDIAG_075e6e2a-ce73-4da9-8050-0d1433a12125\UtilityFunctions.ps1
            Filesize

            53KB

            MD5

            c912faa190464ce7dec867464c35a8dc

            SHA1

            d1c6482dad37720db6bdc594c4757914d1b1dd70

            SHA256

            3891846307aa9e83bca66b13198455af72af45bf721a2fbd41840d47e2a91201

            SHA512

            5c34352d36459fd8fcda5b459a2e48601a033af31d802a90ed82c443a5a346b9480880d30c64db7ad0e4a8c35b98c98f69eceedad72f2a70d9c6cca74dce826a

            Download Submit

          • C:\Windows\TEMP\SDIAG_075e6e2a-ce73-4da9-8050-0d1433a12125\UtilitySetConstants.ps1
            Filesize

            2KB

            MD5

            0c75ae5e75c3e181d13768909c8240ba

            SHA1

            288403fc4bedaacebccf4f74d3073f082ef70eb9

            SHA256

            de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

            SHA512

            8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

            Download Submit

          • C:\Windows\TEMP\SDIAG_075e6e2a-ce73-4da9-8050-0d1433a12125\en-US\LocalizationData.psd1
            Filesize

            5KB

            MD5

            380768979618b7097b0476179ec494ed

            SHA1

            af2a03a17c546e4eeb896b230e4f2a52720545ab

            SHA256

            0637af30fc3b3544b1f516f6196a8f821ffbfa5d36d65a8798aeeadbf2e8a7c2

            SHA512

            b9ef59e9bfdbd49052a4e754ead8cd54b77e79cc428e7aee2b80055ff5f0b038584af519bd2d66258cf3c01f8cc71384f6959ee32111eac4399c47e1c2352302

            Download Submit

          • C:\Windows\Temp\SDIAG_075e6e2a-ce73-4da9-8050-0d1433a12125\DiagPackage.dll
            Filesize

            478KB

            MD5

            580dc3658fa3fe42c41c99c52a9ce6b0

            SHA1

            3c4be12c6e3679a6c2267f88363bbd0e6e00cac5

            SHA256

            5b7aa413e4a64679c550c77e6599a1c940ee947cbdf77d310e142a07a237aad2

            SHA512

            68c52cd7b762b8f5d2f546092ed9c4316924fa04bd3ab748ab99541a8b4e7d9aec70acf5c9594d1457ad3a2f207d0c189ec58421d4352ddbc7eae453324d13f2

            Download Submit

          • C:\Windows\Temp\SDIAG_075e6e2a-ce73-4da9-8050-0d1433a12125\en-US\DiagPackage.dll.mui
            Filesize

            17KB

            MD5

            44c4385447d4fa46b407fc47c8a467d0

            SHA1

            41e4e0e83b74943f5c41648f263b832419c05256

            SHA256

            8be175e8fbdae0dade54830fece6c6980d1345dbeb4a06c07f7efdb1152743f4

            SHA512

            191cd534e85323a4cd9649a1fc372312ed4a600f6252dffc4435793650f9dd40d0c0e615ba5eb9aa437a58af334146aac7c0ba08e0a1bf24ec4837a40f966005

            Download Submit

          • memory/4020-526-0x0000000005950000-0x0000000005972000-memory.dmp

            Filesize

            136KB

            Download

          • memory/4020-531-0x0000000007590000-0x00000000075F6000-memory.dmp

            Filesize

            408KB

            Download

          • memory/4020-524-0x00000000068D0000-0x0000000006F4A000-memory.dmp

            Filesize

            6.5MB

            Download

          • memory/4020-527-0x0000000005AD0000-0x0000000005B36000-memory.dmp

            Filesize

            408KB

            Download

          • memory/4020-528-0x0000000006F50000-0x00000000074F4000-memory.dmp

            Filesize

            5.6MB

            Download

          • memory/4020-529-0x0000000005A90000-0x0000000005AAE000-memory.dmp

            Filesize

            120KB

            Download

          • memory/4020-530-0x0000000005B90000-0x0000000005BDA000-memory.dmp

            Filesize

            296KB

            Download

          • memory/4020-525-0x00000000059C0000-0x0000000005A56000-memory.dmp

            Filesize

            600KB

            Download

          • memory/4020-532-0x0000000007860000-0x0000000007882000-memory.dmp

            Filesize

            136KB

            Download

          • memory/4020-523-0x00000000058E0000-0x0000000005916000-memory.dmp

            Filesize

            216KB

            Download

          • memory/4020-522-0x0000000005880000-0x000000000589A000-memory.dmp

            Filesize

            104KB

            Download

          • memory/4020-512-0x00000000055E0000-0x00000000055F0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4020-511-0x0000000005C20000-0x0000000006248000-memory.dmp

            Filesize

            6.2MB

            Download

          • memory/4020-537-0x00000000055E0000-0x00000000055F0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4020-538-0x00000000055E0000-0x00000000055F0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4020-539-0x00000000055E0000-0x00000000055F0000-memory.dmp

            Filesize

            64KB

            Download