Overview

overview

6

Static

static

URL

windows10_x64

6

Analysis

  • max time kernel
    40s
  • max time network
    61s
  • platform
    windows10_x64
  • resource
    win10v200217
  • submitted
    18-02-2020 20:22

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://softfamous.com/jre6/

  • Sample

    200218-9xqgadmemn

Score
6/10
evasiontrojanspyware

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Modifies Internet Explorer settings 1 TTPs 125 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 6 IoCs
    evasionspywaretrojan
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://softfamous.com/jre6/
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of FindShellTrayWindow
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:4052
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4052 CREDAT:82945 /prefetch:2
      2⤵
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of AdjustPrivilegeToken
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      • Modifies system certificate store
      • Checks processor information in registry
      PID:2812
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W70IXR76\Installer_jre6747_1647726247.exe
      "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W70IXR76\Installer_jre6747_1647726247.exe"
      2⤵
        PID:3640

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    2
    T1112

    Install Root Certificate

    1
    T1130

    Credential Access

    Discovery

    System Information Discovery

    2
    T1082

    Query Registry

    1
    T1012

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CBB16B7A61CE4E298043181730D3CE9B
      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_74167E25E5476CCA2A5946AAA61BF9E1
      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CBB16B7A61CE4E298043181730D3CE9B
      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_74167E25E5476CCA2A5946AAA61BF9E1
      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W70IXR76\Installer_jre6747_1647726247.exe.qhe23vq.partial
      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\HZT5HOBZ.cookie
      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\VBDU7RTG.cookie
      Download Submit
    • memory/2812-19-0x000000000BF60000-0x000000000BF70000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2812-21-0x00000000175D0000-0x00000000175E0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2812-22-0x00000000175D0000-0x00000000175E0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2812-23-0x000000000BF60000-0x000000000BF70000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2812-20-0x000000000BF60000-0x000000000BF70000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2812-0-0x00000000096C0000-0x00000000097C1000-memory.dmp
      Filesize

      1.0MB

      Download
    • memory/2812-12-0x0000000019120000-0x00000000198A1000-memory.dmp
      Filesize

      7.5MB

      Download