Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://educapital.ac...

windows7-x64

1

http://educapital.ac...

windows10-2004-x64

1

Analysis

  • max time kernel
    48s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    07/01/2024, 17:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://educapital.activehosted.com/proc.php?nl=37&c=581&m=762&s=6f0bf38169b2308bf9148b804d814260&act=unsub

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://educapital.activehosted.com/proc.php?nl=37&c=581&m=762&s=6f0bf38169b2308bf9148b804d814260&act=unsub
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2824
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2824 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    31KB

    MD5

    1e2de780e1b9ca854e52ad35a84f86aa

    SHA1

    d602585ae1ea58903935b4d82bc0c9b743a89774

    SHA256

    811e8e4bab58633097112812cb1f1876ae32b9ac4acb66143f015a2625467539

    SHA512

    cdb471f3fe57bd39de0ff0bcdd91a2c544900d3fa1b740cfc74b2a3bb7a4d5439deecb5a4d86f54079d4ff3e0ecb7f02c837969ffced80486da47be0012ba053

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    7ba6f589793b7f173be1ccafcc3e8506

    SHA1

    c024fe3a85b384bd1341c0404744f86dcd1c909d

    SHA256

    a50c743f697ee88c51630fe3fe34866f5f29abccd6dce07c0ed6dd0947329ca8

    SHA512

    fc516d5cac8541d2e1bb9569e46dfd19a9e244d007192f7c9dac82d3eff1db3fd9e7dcc74f6308170282e59a3768216079ef3faf64a704628aea34e2c7f211fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    63862373990c7441e438e09d9dac63ef

    SHA1

    2116abdef3266f734bb2811314b6dd1491416c34

    SHA256

    ceac14a929986554b22e7662980e01877c2882ed7cbec0a3c75957f080d0c7c6

    SHA512

    fc14c8d3173c98db649ad99a106e7a92e306b5cd605c1c59ab6c4259fc127f91f7c844d4b9d960074fe89ef56887860598ea5d401f24c0c1e52577306a27601e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2620be91d453bab3e7d903aede5dd19e

    SHA1

    b583931c56d07c5cf2326dc0ab79da0e561db5f1

    SHA256

    ef447eb56189609dafd2f414f6b0d0a1b1225e0aa67d21cdb29092cb1e05d0c5

    SHA512

    3cb2a91a85509930adfddb9bb70db29473ef294a7dc49db877f083cb9171bc88488039a804512318eea3d4f1292890c5d64f60373f623c45356cfe719404fa79

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5f271870eb9a3053747a4d021dfd48e0

    SHA1

    53c39e511ab32fd5454e8d6ae2107a6af3141e0b

    SHA256

    9e99f92d7f17b943788fa065d6a68584602912fe7dba3e7ac9e5ed36d2918640

    SHA512

    fd4abdff8ef12ec6b0e55a90458528500b6005bcee57d7153546e747177d3348cfee7c8292874a54b5219891c046977821cdce116d7eae1fe0fdf1a2d7a2aee5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2485eb531f8fd48dc6cc24e742d0139d

    SHA1

    45d5f8c6efaaf0d508cb4dfd628f2fd761f73e24

    SHA256

    b1ca598b3cb85a01cd119d4116b0d7c5859d32e4ee150dac097076eb6b90c66e

    SHA512

    28953e8d0a709d9dd23dfdf252a68a25d842e5121c185982564ec3c6c6ae4f2d9baccec35829f65fe85d4407a2e13c793e8bbb3bbe351da57f27c57bf8e1081d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    96538cdf112e69d8b8961c5a9d1847cc

    SHA1

    b58ad0aa7963d2cf37d6776b93a3bdbbbc17d28b

    SHA256

    c4023a4ec193720775f5999c1c47e053ed5f3b50f379ddc385b3c2f3abfcd67b

    SHA512

    e0e8c37d1debee77c602a0618c357f5526fe063e905c9b001d3d21d40cd9abe9943eb0a197262ded433d0fdffa71c4f15b905f343d2ca36cb155780780460054

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    9124210a79e39b349069f67e14e664c0

    SHA1

    a55c83105c97bd87d25d3facd0bd21872e18b76d

    SHA256

    88ec68f041d00cae96c691cbe7cd63e0531f57eeb13eeacd26de19fbe7775d9e

    SHA512

    cba9d3b7d2f1faf9887ec8b9db9e50181bea08e40368c129612da4286dd539c1616a7b08fb2cd28b74a829d6a0e7f665e906093a7bbd0660d993ff9b622b57f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4C80.tmp
    Filesize

    3KB

    MD5

    32bcde456b80402938ae30caeb9d48f6

    SHA1

    9581aa6745f1add2c9944028d911fde62232d27d

    SHA256

    5a78f99864cab22f721b448cbec391046a48cf0a29dfd8254e0bffe231669bde

    SHA512

    5173feecb3b90c69159a610bf0e00a91a272b184fbed00e5d8a4e2f65b01015cf5110966d753241e96ff303a851a298ac6966166aac75fe5e35c70e1c50d93ce

    Download Submit