Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10_x64
  • resource
    win10v200430
  • submitted
    12-05-2020 10:42

General

  • Target

    562b6f9799bf19a42aa840a2f7178cc11bce20110ade85cf354a57dd0b569824.exe

  • Size

    1.2MB

  • MD5

    4529c68eb1c7a905d1a2549b18671adf

  • SHA1

    f4cccf934ee66a05e1d5cbe11778b896ee533e2b

  • SHA256

    562b6f9799bf19a42aa840a2f7178cc11bce20110ade85cf354a57dd0b569824

  • SHA512

    8149166e620c1ba49c5ab3571351c151ae6d1e08ac643ffc0f2ae3035bc6fe2cb23a77ce8f4faa56ae4b5b891a8ac9154c6a3b15082f8bc09f2f1d23676ae9df

Score
1/10

Malware Config

Signatures

  • Suspicious use of FindShellTrayWindow 7 IoCs
  • Checks whether UAC is enabled 11 IoCs
  • Modifies Internet Explorer settings 1 TTPs 86 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Suspicious use of SetWindowsHookEx 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\562b6f9799bf19a42aa840a2f7178cc11bce20110ade85cf354a57dd0b569824.exe
    "C:\Users\Admin\AppData\Local\Temp\562b6f9799bf19a42aa840a2f7178cc11bce20110ade85cf354a57dd0b569824.exe"
    1⤵
      PID:672
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      PID:2084
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2084 CREDAT:82945 /prefetch:2
        2⤵
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3732
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2084 CREDAT:82948 /prefetch:2
        2⤵
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3796
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      PID:3484
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3484 CREDAT:82945 /prefetch:2
        2⤵
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1948
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      PID:4024
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4024 CREDAT:82945 /prefetch:2
        2⤵
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:380
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      PID:1620
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1620 CREDAT:82945 /prefetch:2
        2⤵
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:636
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      PID:1936
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:82945 /prefetch:2
        2⤵
        • Checks whether UAC is enabled
        • Suspicious use of SetWindowsHookEx
        PID:3736

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Defense Evasion

    Modify Registry

    1
    T1112

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
    • memory/672-0-0x00000000006D0000-0x00000000006E1000-memory.dmp
      Filesize

      68KB