Overview

overview

1

Static

static

175bfstrategiv.exe

windows7_x64

1

175bfstrategiv.exe

windows10_x64

1

Analysis

  • max time kernel
    149s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    31-07-2020 08:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    175bfstrategiv.exe

  • Size

    250KB

  • MD5

    1bb5125e34a785bd35e858dd0c5e94bf

  • SHA1

    6ba376629835a9b30f0e39f61faa878989b5a73f

  • SHA256

    9a24d2bf46bc598d118af68f87f2bee78f4fd94375b722a9c9339426335a2df3

  • SHA512

    5158481a7fe0d7b4072a233516b7c41b99283ae11c38190998262e421e9de2a6df1f4395a4b0dd9eb206dbdc835f1ddd72a242db680ff1465e591396d03fb51a

Score
1/10

Malware Config

Signatures

  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Checks whether UAC is enabled 18 IoCs
  • Modifies Internet Explorer settings 1 TTPs 222 IoCs
    adwarespyware
  • Suspicious use of WriteProcessMemory 40 IoCs
  • Suspicious use of SetWindowsHookEx 36 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\175bfstrategiv.exe
    "C:\Users\Admin\AppData\Local\Temp\175bfstrategiv.exe"
    1⤵
      PID:1144
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      PID:1064
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1064 CREDAT:275457 /prefetch:2
        2⤵
        • Checks whether UAC is enabled
        • Suspicious use of SetWindowsHookEx
        PID:1792
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1064 CREDAT:209938 /prefetch:2
        2⤵
          PID:1932
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Suspicious use of WriteProcessMemory
        • Suspicious use of SetWindowsHookEx
        PID:1084
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1084 CREDAT:275457 /prefetch:2
          2⤵
          • Checks whether UAC is enabled
          • Suspicious use of SetWindowsHookEx
          PID:764
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Suspicious use of WriteProcessMemory
        • Suspicious use of SetWindowsHookEx
        PID:1732
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:2
          2⤵
          • Checks whether UAC is enabled
          • Suspicious use of SetWindowsHookEx
          PID:1756
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Suspicious use of WriteProcessMemory
        • Suspicious use of SetWindowsHookEx
        PID:2040
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2
          2⤵
          • Checks whether UAC is enabled
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:624
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Suspicious use of WriteProcessMemory
        • Suspicious use of SetWindowsHookEx
        PID:1880
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1880 CREDAT:275457 /prefetch:2
          2⤵
          • Checks whether UAC is enabled
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:660
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Suspicious use of WriteProcessMemory
        • Suspicious use of SetWindowsHookEx
        PID:1456
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1456 CREDAT:275457 /prefetch:2
          2⤵
          • Checks whether UAC is enabled
          • Suspicious use of SetWindowsHookEx
          PID:792
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Suspicious use of WriteProcessMemory
        • Suspicious use of SetWindowsHookEx
        PID:368
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:368 CREDAT:275457 /prefetch:2
          2⤵
          • Checks whether UAC is enabled
          • Suspicious use of SetWindowsHookEx
          PID:1536
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Suspicious use of WriteProcessMemory
        • Suspicious use of SetWindowsHookEx
        PID:1364
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1364 CREDAT:275457 /prefetch:2
          2⤵
          • Checks whether UAC is enabled
          • Suspicious use of SetWindowsHookEx
          PID:1560
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Suspicious use of WriteProcessMemory
        • Suspicious use of SetWindowsHookEx
        PID:1072
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1072 CREDAT:275457 /prefetch:2
          2⤵
          • Checks whether UAC is enabled
          • Suspicious use of SetWindowsHookEx
          PID:1044

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Persistence

      Privilege Escalation

      Defense Evasion

      Modify Registry

      1
      T1112

      Credential Access

      Discovery

      Lateral Movement

      Collection

      Exfiltration

      Command and Control

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/624-5-0x0000000000000000-mapping.dmp
        Download
      • memory/660-6-0x0000000000000000-mapping.dmp
        Download
      • memory/764-3-0x0000000000000000-mapping.dmp
        Download
      • memory/792-7-0x0000000000000000-mapping.dmp
        Download
      • memory/1044-10-0x0000000000000000-mapping.dmp
        Download
      • memory/1144-0-0x0000000000440000-0x0000000000457000-memory.dmp
        Filesize

        92KB

        Download
      • memory/1536-8-0x0000000000000000-mapping.dmp
        Download
      • memory/1560-9-0x0000000000000000-mapping.dmp
        Download
      • memory/1756-4-0x0000000000000000-mapping.dmp
        Download
      • memory/1792-1-0x0000000000000000-mapping.dmp
        Download
      • memory/1792-2-0x0000000006A20000-0x0000000006A43000-memory.dmp
        Filesize

        140KB

        Download