Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10_x64
  • resource
    win10v200430
  • submitted
    21-05-2020 11:58

General

  • Target

    B7Ai1.exe

  • Size

    326KB

  • MD5

    bf793bccc14cb7fc28c567eff08f7ea3

  • SHA1

    2d1d514e181ef557bd71f7986f401f7a52d567f8

  • SHA256

    c03f0ab451000aa4799772f609653d690d60ca68adbcb9b3c1f3eed26d075ff4

  • SHA512

    06aa9f46b152e8d00c39dcdb65b4661b9f705f5f1b39c3abfb432dde8ab2d253c306d3cac5fe5ecbae6a6ec73e2a4930a7ca16848447f5e1bc8b1a551fe801cc

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 28 IoCs
  • Suspicious use of FindShellTrayWindow 7 IoCs
  • Checks whether UAC is enabled 11 IoCs
  • Modifies Internet Explorer settings 1 TTPs 86 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\B7Ai1.exe
    "C:\Users\Admin\AppData\Local\Temp\B7Ai1.exe"
    1⤵
      PID:1516
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      PID:1504
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1504 CREDAT:82945 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        PID:1424
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1504 CREDAT:82948 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        PID:2052
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      PID:3080
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3080 CREDAT:82945 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        PID:3076
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      PID:3924
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3924 CREDAT:82945 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        PID:3740
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      PID:3984
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3984 CREDAT:82945 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        PID:3944
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      PID:2180
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:82945 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        PID:2200

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Defense Evasion

    Modify Registry

    1
    T1112

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
    • memory/1516-0-0x00000000001E0000-0x00000000001F0000-memory.dmp
      Filesize

      64KB