Overview

overview

4

Static

static

1

URLScan

urlscan

http://i

windows7-x64

1

http://i

windows10-1703-x64

4

http://i

windows10-2004-x64

1

http://i

windows11-21h2-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/02/2024, 11:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://i

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://i
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1940
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1940 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2056
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2544
    • C:\Windows\system32\wininit.exe
      "C:\Windows\system32\wininit.exe"
      2⤵
        PID:2272
      • C:\Windows\system32\wininit.exe
        "C:\Windows\system32\wininit.exe"
        2⤵
          PID:1804
        • C:\Windows\system32\cmd.exe
          "C:\Windows\system32\cmd.exe"
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:2052
          • C:\Windows\system32\wininit.exe
            wininit.exe
            3⤵
              PID:1932

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          d177d2d4fd74964c1a8119e8bcbd1cde

          SHA1

          ddba015a0b691412fca255a7a20dc6535bf08b2c

          SHA256

          e321009a5ea15766b6861e8fed3c3182fe3450aba74070ab1e46ed3a05f270ad

          SHA512

          a3f967dd5b90743edaf957cd57c8eff1109d8dab84f7331603d865a1851c266891f113dac6b3b2cfcff61ca26bd9ac9279bb4895bb0e05a9a82578af6e903356

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          5a7c655df8e5ca80d4921560275d1895

          SHA1

          cad52b3792a320234b33baa217c4cfccb657da58

          SHA256

          66df38fd4e1b02158edce10c83f46d3deb08f87a4de7109f7ff176023017596e

          SHA512

          f9ee0eae8f28b44fc7d2a1c32518f75e62e91f7a876726ee55ca6bacc9b6e777b187d916fff7c4342cb1d41f7713553aff35cc5355518cc0c7796f43e659ebac

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          070a3df43f32e2100dbf7d31e8e54d82

          SHA1

          a441d32ce7b2939a3ab4d3e746c21af7056fc618

          SHA256

          f981b8c9b805c6525b62cae2ccadfcebd2858cb60241178b5af4966536765086

          SHA512

          bcc69ab95524caab749d2c8765a458cbc18fb4510055f2afee95dd68a23d257f584276ad07817b00af9fb6dfeaab8dcdf877c95e0aafff6c9a43801375bf047b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          638a32ecdb67b7643d1368796b7ff574

          SHA1

          16f16c323d4ab11cc2d70e3d297d536f7346dee9

          SHA256

          a1435e000b3cd296bc67c2780dd3840beeb4eedb0dc27b50c5c86b7fdd7ae20b

          SHA512

          43a767f335173a127f07e45ef82070e2af913a37951e39f3328cfbf1e78d8054c777adfa8ee0c9f1c469c56924a7d6b8a23174c2af7fafebe1339069aaa82aa3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          9082d98bd9fe3dfe949d479e4a1cf466

          SHA1

          11866fda7f5048b051cb5fe8b806abcadeeb026c

          SHA256

          6d190223b285312262bec8c812758336a684e324d734d1c31f089acaec7925c7

          SHA512

          23eb664aaaa0a188fdca8d22414986bcd365ddf8a8179a84d6f75ed93b87b11e946b4b5d179a9bba10de428d29f1c7c1d8837019c5feb7cf14adad0c7ba43500

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          a3a352070494e8aca512ce4b06b73ce0

          SHA1

          472522e29e84cb089be90242b4caecb17d2d6c16

          SHA256

          811896fce96102c262cebe4ac54dc844e450b82d608232bf2fb1a7d97598d82e

          SHA512

          d587d3cf3c085b304e1b295ad79f11360c00ad3518e7584dd073fac34a29be0dad0ca9f6b19951e48a47a2123adb8f79ea520c8e13a710aba2e4706a55fcc6d0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          5c4f652ac7c8ea0ff9466f34cc9db1b3

          SHA1

          a306f671c65f8282c761498a3c8f0acb305b338e

          SHA256

          eeed3d46e224dda998c1b341c1a3d760fd35bef7c26a947cba9ac9f0f8eb8233

          SHA512

          598b039c7c62ac269f7d141f70d7176faa7282e74bf1e95ba4a9d53c8da540af39416cb24d96cec9b44f102bb3ace76ed25dccc1c023246e104f25c10fbdd0eb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          0edefba2265df890e683e8e17f73f7df

          SHA1

          c37cb052672414a60a1a5df836f41f8a712b10d1

          SHA256

          1ac6591afdd8e7bb476fec4ca672c5c742574500fe0bebcecdb1f5c552eaf711

          SHA512

          01c4635f2c80adc21740aafa33337ad10d162151f7740e51f67063406924b806a9babaca411f670de36c4319ac642b77b914068d9a37c4454a0f3fa35e3fc328

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          1d68fba5297d783ada82283358c974f2

          SHA1

          11cc2085aea6fc136b279b1a99cd53e530796554

          SHA256

          93d2caef221279c8c73837ad62f6c60075ec78e1d9155649d2fc3776dc1b57f4

          SHA512

          d9e05727dd96548baa99d3ee954f50a574efd8b6155ec63bfa4fc5d43f52e1d8488d93908e3baa3d8c28e26fe09cf7d453a266f1b3c9addedca97b4cd31079aa

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab47CD.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar487C.tmp
          Filesize

          171KB

          MD5

          9c0c641c06238516f27941aa1166d427

          SHA1

          64cd549fb8cf014fcd9312aa7a5b023847b6c977

          SHA256

          4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

          SHA512

          936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

          Download Submit

        • memory/2544-10-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download

        • memory/2544-439-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

          Download