Overview

overview

5

Static

static

1

URLScan

urlscan

1

https://jssresearch-...

windows10-2004-x64

5

Analysis

  • max time kernel
    64s
  • max time network
    63s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-12-2024 22:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://jssresearch-my.sharepoint.com/:f:/p/Jfragos/EsQbqtYPynVAsCTKAmZNrNEBHVGrOfF9IF_dnJDwqXSS-w?e=5%3aMMI4qY&at=9

Score
5/10
microsoftdiscoveryphishing

Malware Config

Signatures

  • Detected potential entity reuse from brand MICROSOFT.
    phishingmicrosoft
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://jssresearch-my.sharepoint.com/:f:/p/Jfragos/EsQbqtYPynVAsCTKAmZNrNEBHVGrOfF9IF_dnJDwqXSS-w?e=5%3aMMI4qY&at=9
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5056
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5056 CREDAT:17410 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:224
    • C:\Windows\system32\TokenBrokerCookies.exe
      C:\Windows\system32\TokenBrokerCookies.exe <no_string> https://login.microsoftonline.com/ 0 tbauth://login.windows.net/?context=https%3A%2F%2Flogin.microsoftonline.com&request_nonce=AwABEgEAAAADAOz_BQD0_-R2dZkjfCJRmVhkC6enlryE4zXvgSBqS99OC7mivlt9PxuaKqRwt7W-mv-tSwUP6x64-54mJqXPa3hDqGg7lLwgAA&rid=829d5330-c470-4ca3-ae99-748c02905500 ESTSUSERLIST %7b%22users%22%3a%5b%5d%7d login.microsoftonline.com / 0 1548824605 31150697 1
      2⤵
        PID:3616
      • C:\Windows\system32\TokenBrokerCookies.exe
        C:\Windows\system32\TokenBrokerCookies.exe <no_string> https://login.microsoftonline.com/ 0 tbauth://login.windows.net/?context=https%3A%2F%2Flogin.microsoftonline.com&request_nonce=AwABEgEAAAADAOz_BQD0__GCuh8eUyf68OLdC5PbYo20tjQOHX9EfTWb9KJ3gQifLXGl44sZ99vfIUtX2Hzx3wNKhPItBxgz7pNgYbZLwYQgAA&rid=1952f45d-4ebb-4b72-bb6d-200418ed4701 ESTSUSERLIST %7b%22users%22%3a%5b%5d%7d login.microsoftonline.com / 0 1917280754 31150697 1
        2⤵
          PID:464
      • C:\Program Files\Microsoft Office\Root\Office16\NAMECONTROLSERVER.EXE
        "C:\Program Files\Microsoft Office\Root\Office16\NAMECONTROLSERVER.EXE" -Embedding
        1⤵
          PID:2064

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          471B

          MD5

          8ccf65b127d0608732734b96b79d8a12

          SHA1

          f50e2ff848a61949c79f1bca80fa174dc04e448e

          SHA256

          761614367687e75bf56abe14b096a9dc92f4eea785bb07077e521d8047396453

          SHA512

          89de5a300af7dd2204f11a2a1f86787b2778bc33e9a601d889736063e37bdf8b81e7a32c4ec2aaae4e7a18ce5814c72fb0e2857bb76c08ec24a0917864584f34

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          404B

          MD5

          8edd35483dd30e0c4617fb601d8b1dc9

          SHA1

          0c332d2e7e1e7ae54b3822a640fcc6a116400ffb

          SHA256

          ef6cc549a4894a1d93f18db8a1cdb1253a210df8e0483aa64f26b9c5e46141e5

          SHA512

          59f37259802448de4695f3219da1fb0fe61cc603164d3d5dd92e9859dab6191cd4923bfdac439a357457eb3b1c7a6cc5c7906c087d49e6b2261ca76c49273679

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\F4GFQ4M2\jssresearch-my.sharepoint[1].xml
          Filesize

          13B

          MD5

          c1ddea3ef6bbef3e7060a1a9ad89e4c5

          SHA1

          35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

          SHA256

          b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

          SHA512

          6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ag8sj98\imagestore.dat
          Filesize

          43KB

          MD5

          b17336bb2f0a314ac93063a9b363eb74

          SHA1

          7836591c0ea11dbd970dfd0b8a9c4dfef41d4c9d

          SHA256

          b06e52d5eb8e322c5329496c637254558d2a4dc5df2ff61c56ee973c66e9a93d

          SHA512

          6ba86fbdd393abd0d5b0a87b9b8ce286413f3ebfbd357efa2613166648e48fb0b42d06e5584f60f4a456514d6b2045cf04a34473ecda70749def7bdbe8e9e770

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ag8sj98\imagestore.dat
          Filesize

          8KB

          MD5

          8c92002bc152ae6d48894be04011f8aa

          SHA1

          5d17a3c0dfb860360c47c9aa80ffcbff8f787175

          SHA256

          a8dbfc8e7b61598746f6fef03f8eaf252c8303f86c665ad483a08aaca6a11f99

          SHA512

          e96c09656037f02c90fa44f534b5df880941f3825a0f112b4e904fc99783eeed756e5efe07ad2fd3f3ade74cdd3ed4606196c3c6d25e25978d98291dbe5907d1

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ag8sj98\imagestore.dat
          Filesize

          26KB

          MD5

          e59634dbb888dd4d59dc1234f4bc9627

          SHA1

          386b15cc2af05bd3bfc66fe83503bbe7afb0eb27

          SHA256

          4f1f86281919b20f3389d37524cbaa7f6aa004004b889fdbd7f24c7acf655ed4

          SHA512

          3606baf6b3f7eb8891320fbc9edcc6bffe112a80be438612dcf4db20b3c611ccac1044520dfc6b214831c078f879ba15e0ec5f8c9727d8818e014f2849676892

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DQ67RYHS\ConvergedLogin_PCore_i5YupurhQAo9inu_OetqHw2[1].js
          Filesize

          439KB

          MD5

          8b962ea6eae1400a3d8a7bbf39eb6a1f

          SHA1

          a3f7d74a3acd43d454a6f0b5ae6863e7cd8b88c7

          SHA256

          c8123f7ef42d7b45509b8e632fd575f4dc14bb1826188005fef312c819b1bc3f

          SHA512

          bb1f1d831863a99aa81dc8e9b4b22d6789520f3f8e5396c6584bf9c4383f424f2f14e258222761dcad0068e50ff3145da935c1d558e7217a3644e02b1312d52d

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DQ67RYHS\converged.v2.login.min_81imvbluez-v5hbzpkxfcg2[1].css
          Filesize

          110KB

          MD5

          f3588c5412d4119f95e47073a4a5df72

          SHA1

          3c4b1652e71c25e1ce7de611fbd17edbaae411d9

          SHA256

          6cc79c59f00478ce5d8eaa982efdd8fc3cc205a7ea023a564bb2688fa206a087

          SHA512

          62886f8bfb32d2be842a23eca157556c30ec1d616e2607d9df1894f702bb7a982eeb3576c95f859b4b8e9183a84d70149a8802f31317f80d4845b02ccfa018f9

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DQ67RYHS\ux.converged.login.strings-en.min_i8f-75gfk3tbsm8bmatnqa2[1].js
          Filesize

          56KB

          MD5

          23c7feef919f9374c1b26f019804cda8

          SHA1

          3e22ba24cfd4f5a1c4d189aaadb1a82a867377c0

          SHA256

          993a5748db7b6bc125f88788845a7599234130bce2858b528071035488cb886d

          SHA512

          93d4d19ca4bacfc0ad64690e2426d573d47991daf772d178d5c477369675539274a5e97c666a97a49ad0ec82e566ef4b71e967e7d7ffc575fbd2171e06791276

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EFY08QA2\convergedlogin_pcustomizationloader_117b650bccea354984d8[1].js
          Filesize

          397KB

          MD5

          e40761677762eab0692f86b259c7d744

          SHA1

          34a9b50cec6e1163ceefcd4d394db6524c89a854

          SHA256

          da4a8df0c326292b5bee9c732b3c962fd67aaf2f99d850f1bf65068d573c5619

          SHA512

          04fa1d6074ad24e3abab53d1de116a6b39b4be3dfabc082427f1c5a169e50527561f160cc133c2ac4aedc4e7ac404572f60e531a4618111ea74d138b2b0dd034

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EFY08QA2\favicon_a_eupayfgghqiai7k9sol6lg2[1].ico
          Filesize

          16KB

          MD5

          12e3dac858061d088023b2bd48e2fa96

          SHA1

          e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

          SHA256

          90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

          SHA512

          c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G94T3PNL\favicon[1].ico
          Filesize

          7KB

          MD5

          0b60f3c9e4da6e807e808da7360f24f2

          SHA1

          9afc7abb910de855efb426206e547574a1e074b7

          SHA256

          addeedeeef393b6b1be5bbb099b656dcd797334ff972c495ccb09cfcb1a78341

          SHA512

          1328363987abbad1b927fc95f0a3d5646184ef69d66b42f32d1185ee06603ae1a574fac64472fb6e349c2ce99f9b54407ba72b2908ca7ab01d023ec2f47e7e80

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PTWQX4L2\convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d[1].js
          Filesize

          111KB

          MD5

          c6c029ba88d52e5312fec69603a00340

          SHA1

          079011f6f0662c11ae907c773efe8e0c9338ead0

          SHA256

          ddd0bb1c19b3d2d045bfcde85d2020bba57854c887a6691b66dba3da1bb3afbe

          SHA512

          7df09cd949a43d53d62d9013718158966508dec2338491ffb38dc33d2eb85ff5c699792ae578975da0e4f03cc7ea03774624208d06924eea4c2eac92e6e22c60

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PTWQX4L2\oneDs_f2e0f4a029670f10d892[1].js
          Filesize

          185KB

          MD5

          4877efc88055d60953886ec55b04de34

          SHA1

          2341b026a3e2a3b01afa1a39d1706840d75e09b3

          SHA256

          8405362eb8f09df13ae244de155b51b1577274673d9728b6c81cd0278a63c8b0

          SHA512

          625844edc37594d5c2f7622bd1b59278bf68abb2fa22476c56826433c961c7b1924858a7588f8b6284d3c5ac8738ecb895eec949de18667a98c04a59cb03dac0

          Download Submit

        • memory/2064-74-0x00007FFED1CF0000-0x00007FFED1EE5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2064-73-0x00007FFED1CF0000-0x00007FFED1EE5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2064-72-0x00007FFED1CF0000-0x00007FFED1EE5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2064-71-0x00007FFED1D8D000-0x00007FFED1D8E000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2064-70-0x00007FFE91D70000-0x00007FFE91D80000-memory.dmp

          Filesize

          64KB

          Download