Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10_x64
  • resource
    win10v200430
  • submitted
    09-07-2020 11:24

General

  • Target

    fea27a041a45b4f5fd5fb49c50f0dd538e3fc2448374a2cde475204fc7cdd454.exe

  • Size

    239KB

  • MD5

    9c355034f7aa77a9e7820c72ccebe512

  • SHA1

    465f04cb52a702100e9084e1ed0361cdd36fcc48

  • SHA256

    fea27a041a45b4f5fd5fb49c50f0dd538e3fc2448374a2cde475204fc7cdd454

  • SHA512

    1d812b2453de1dabb4d65c835fd3cd5066dc7da9b5d5306b61b0875a9a0146522ea55061bd663d1bd334338e2f6fcccd28f2a90bbe8d3b6abed84404afb39493

Score
1/10

Malware Config

Signatures

  • Checks whether UAC is enabled 10 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 81 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fea27a041a45b4f5fd5fb49c50f0dd538e3fc2448374a2cde475204fc7cdd454.exe
    "C:\Users\Admin\AppData\Local\Temp\fea27a041a45b4f5fd5fb49c50f0dd538e3fc2448374a2cde475204fc7cdd454.exe"
    1⤵
      PID:1624
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Checks whether UAC is enabled
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Modifies Internet Explorer settings
      PID:3860
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3860 CREDAT:82945 /prefetch:2
        2⤵
        • Checks whether UAC is enabled
        • Suspicious use of SetWindowsHookEx
        • Modifies Internet Explorer settings
        PID:3820
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Checks whether UAC is enabled
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Modifies Internet Explorer settings
      PID:3356
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3356 CREDAT:82945 /prefetch:2
        2⤵
        • Checks whether UAC is enabled
        • Suspicious use of SetWindowsHookEx
        • Modifies Internet Explorer settings
        PID:3688
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Checks whether UAC is enabled
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Modifies Internet Explorer settings
      PID:1876
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1876 CREDAT:82945 /prefetch:2
        2⤵
        • Checks whether UAC is enabled
        • Suspicious use of SetWindowsHookEx
        PID:1936
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Checks whether UAC is enabled
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Modifies Internet Explorer settings
      PID:2676
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2676 CREDAT:82945 /prefetch:2
        2⤵
        • Checks whether UAC is enabled
        • Suspicious use of SetWindowsHookEx
        PID:64
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Checks whether UAC is enabled
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Modifies Internet Explorer settings
      PID:3044
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3044 CREDAT:82945 /prefetch:2
        2⤵
        • Checks whether UAC is enabled
        • Suspicious use of SetWindowsHookEx
        • Modifies Internet Explorer settings
        PID:2064

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/64-4-0x0000000000000000-mapping.dmp

    • memory/1624-0-0x00000000021D0000-0x00000000021E7000-memory.dmp

      Filesize

      92KB

    • memory/1936-3-0x0000000000000000-mapping.dmp

    • memory/2064-5-0x0000000000000000-mapping.dmp

    • memory/3688-2-0x0000000000000000-mapping.dmp

    • memory/3820-1-0x0000000000000000-mapping.dmp