Overview

overview

1

Static

static

http://91.232.105.24...

windows10_x64

1

Analysis

  • max time kernel
    111s
  • max time network
    149s
  • platform
    windows10_x64
  • resource
    win10v200217
  • submitted
    02-04-2020 16:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://91.232.105.248:8080/download

  • Sample

    200402-gt42w5xkpj

Score
1/10

Malware Config

Signatures

  • Modifies system certificate store 7 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Checks whether UAC is enabled 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://91.232.105.248:8080/download
    1⤵
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of FindShellTrayWindow
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    PID:3908
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3908 CREDAT:82945 /prefetch:2
      2⤵
      • Suspicious use of SetWindowsHookEx
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      PID:3912

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
    Download Submit