Overview

overview

6

Static

static

https://7news.com.au...

windows10_x64

6

Analysis

  • max time kernel
    151s
  • max time network
    157s
  • platform
    windows10_x64
  • resource
    win10v200217
  • submitted
    18-02-2020 16:38

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://7news.com.au/travel/coronavirus/coronavirus-scare-in-bali-as-chinese-tourist-tests-positive-on-return-home-two-in-isolation-c-694816

  • Sample

    200218-5r7wsqj7wa

Score
6/10
evasiontrojanspyware

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Modifies Internet Explorer settings 1 TTPs 95 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 4 IoCs
    evasionspywaretrojan
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of WriteProcessMemory 3 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://7news.com.au/travel/coronavirus/coronavirus-scare-in-bali-as-chinese-tourist-tests-positive-on-return-home-two-in-isolation-c-694816
    1⤵
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Suspicious use of WriteProcessMemory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of FindShellTrayWindow
    PID:3952
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3952 CREDAT:82945 /prefetch:2
      2⤵
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      • Modifies system certificate store
      • Checks processor information in registry
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of AdjustPrivilegeToken
      PID:3908
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{7966B4D8-4FDC-4126-A10B-39A3209AD251}
    1⤵
      PID:3932

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    2
    T1112

    Install Root Certificate

    1
    T1130

    Credential Access

    Discovery

    System Information Discovery

    2
    T1082

    Query Registry

    1
    T1012

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\NN4A830X.cookie
      Download Submit
    • memory/3908-6-0x0000000019090000-0x00000000190A0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/3908-4-0x000000000AEF0000-0x000000000AF00000-memory.dmp
      Filesize

      64KB

      Download
    • memory/3908-5-0x0000000019090000-0x00000000190A0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/3908-3-0x000000000AEF0000-0x000000000AF00000-memory.dmp
      Filesize

      64KB

      Download
    • memory/3908-7-0x000000000AEF0000-0x000000000AF00000-memory.dmp
      Filesize

      64KB

      Download
    • memory/3908-8-0x000000000AEF0000-0x000000000AF00000-memory.dmp
      Filesize

      64KB

      Download
    • memory/3908-9-0x000000000AEF0000-0x000000000AF00000-memory.dmp
      Filesize

      64KB

      Download
    • memory/3908-10-0x0000000019090000-0x00000000190A0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/3908-11-0x0000000019090000-0x00000000190A0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/3908-12-0x000000000AEF0000-0x000000000AF00000-memory.dmp
      Filesize

      64KB

      Download