Analysis

  • max time kernel
    144s
  • max time network
    147s
  • platform
    windows10_x64
  • resource
    win10v200430
  • submitted
    27-05-2020 17:07

General

  • Target

    1f4236670c3d92ca85fbe208a0ef57e1a24f1def32e341cf015cdb7ff1b070e1.exe

  • Size

    230KB

  • MD5

    e7eeabf6ffae57f6170360b9683af2ab

  • SHA1

    f9cf5bffc9124dc0987c7174c73c7d8985827de7

  • SHA256

    1f4236670c3d92ca85fbe208a0ef57e1a24f1def32e341cf015cdb7ff1b070e1

  • SHA512

    7683a8226bac4f8997d290c6bb4a026e20b33b4041cd10f292b1115b4b9bdd2aa71c6a9cdf47979977b74ad6eacb3bc8d307f78f1417fbf82a20eeeb5bb25add

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 79 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs
  • Suspicious use of SetWindowsHookEx 24 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Checks whether UAC is enabled 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f4236670c3d92ca85fbe208a0ef57e1a24f1def32e341cf015cdb7ff1b070e1.exe
    "C:\Users\Admin\AppData\Local\Temp\1f4236670c3d92ca85fbe208a0ef57e1a24f1def32e341cf015cdb7ff1b070e1.exe"
    1⤵
      PID:2916
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      PID:1104
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1104 CREDAT:82945 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        PID:1364
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1104 CREDAT:82948 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        PID:2132
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      PID:2080
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2080 CREDAT:82945 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        PID:2648
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      PID:2296
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2296 CREDAT:82945 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        PID:2856
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      PID:3784
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3784 CREDAT:82945 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        PID:2500

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Defense Evasion

    Modify Registry

    1
    T1112

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms
    • memory/2916-0-0x0000000000710000-0x0000000000720000-memory.dmp
      Filesize

      64KB