Task
task1
Task
task2
Task
task3
Task
task4
Task
task5
Task
task6
Task
task7
Task
task8
Task
task9
Task
task10
General
-
Target
test.zip
-
Sample
190821-b2h8n5wv9n
-
SHA256
72b228f51cf5a1b7600f0e0848145e4e54e54838977a5a5b1c85f69b64b92cf5
Score
N/A
Malware Config
Signatures
-
Modifies Internet Explorer settings 1 TTPs 18 IoCs
description \REGISTRY\USER\S-1-5-21-3036946624-713005404-4182576195-1000\Software\Microsoft\Internet Explorer\MenuExt (CreateKeyEx) \REGISTRY\USER\S-1-5-21-3036946624-713005404-4182576195-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel (CreateKeyEx) \REGISTRY\USER\S-1-5-21-3036946624-713005404-4182576195-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\Program Files\\Microsoft Office\\Root\\Office16\\EXCEL.EXE/3000" \REGISTRY\USER\S-1-5-21-3036946624-713005404-4182576195-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" \REGISTRY\USER\S-1-5-21-3036946624-713005404-4182576195-1000\Software\Microsoft\Internet Explorer\ProtocolExecute (CreateKeyEx) \REGISTRY\USER\S-1-5-21-3036946624-713005404-4182576195-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\excel (CreateKeyEx) \REGISTRY\USER\S-1-5-21-3036946624-713005404-4182576195-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\excel\WarnOnOpen = "0" \REGISTRY\USER\S-1-5-21-3036946624-713005404-4182576195-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\ms-excel (CreateKeyEx) \REGISTRY\USER\S-1-5-21-3036946624-713005404-4182576195-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\ms-excel\WarnOnOpen = "0" \REGISTRY\USER\S-1-5-21-3036946624-713005404-4182576195-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" \REGISTRY\USER\S-1-5-21-3036946624-713005404-4182576195-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\ms-powerpoint (CreateKeyEx) \REGISTRY\USER\S-1-5-21-3036946624-713005404-4182576195-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\ms-powerpoint\WarnOnOpen = "0" \REGISTRY\USER\S-1-5-21-3036946624-713005404-4182576195-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\powerpoint (CreateKeyEx) \REGISTRY\USER\S-1-5-21-3036946624-713005404-4182576195-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\powerpoint\WarnOnOpen = "0" \REGISTRY\USER\S-1-5-21-3036946624-713005404-4182576195-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\ms-word (CreateKeyEx) \REGISTRY\USER\S-1-5-21-3036946624-713005404-4182576195-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\ms-word\WarnOnOpen = "0" \REGISTRY\USER\S-1-5-21-3036946624-713005404-4182576195-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\word (CreateKeyEx) \REGISTRY\USER\S-1-5-21-3036946624-713005404-4182576195-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\word\WarnOnOpen = "0" -
Suspicious behavior: AddClipboardFormatListener
-
Suspicious use of SetWindowsHookEx 1 TTPs
-
Suspicious use of WriteProcessMemory 1 TTPs 1 IoCs
description pid Process PID 3300 wrote to memory of 3796 3796 Process not Found -
process_martian 1 IoCs
description pid Parent 1012 is not expected to spawn this process 1012 -
Suspicious use of WriteProcessMemory 1 TTPs 1 IoCs
description pid Process PID 1012 wrote to memory of 3780 3780 Process not Found