Overview

overview

1

Static

static

213bfstrategiv.exe

windows7_x64

1

213bfstrategiv.exe

windows10_x64

1

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    31-07-2020 08:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    213bfstrategiv.exe

  • Size

    250KB

  • MD5

    fc6471a62a9e26f81c605cfd8d181cc3

  • SHA1

    505d5f5ca27c833ba5e402d3e2c28cf999f95887

  • SHA256

    fafd9c70af7f996bd966dbda4a0d780c0f6606f95a138aa2368ddf845773bc23

  • SHA512

    37021334b68b21295c2b5d85d0335becf560473dac0f377b81edce9c6fbce28b14570d94d835f6bd49377d5a9a09be516c393e0d85f9de0d8a2861e08d41668a

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 27 IoCs
  • Suspicious use of SetWindowsHookEx 36 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Checks whether UAC is enabled 18 IoCs
  • Modifies Internet Explorer settings 1 TTPs 144 IoCs
    adwarespyware

Processes

  • C:\Users\Admin\AppData\Local\Temp\213bfstrategiv.exe
    "C:\Users\Admin\AppData\Local\Temp\213bfstrategiv.exe"
    1⤵
      PID:3904
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      PID:3156
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3156 CREDAT:82945 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        PID:344
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      PID:964
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:964 CREDAT:82945 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        PID:2100
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      PID:2148
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2148 CREDAT:82945 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        PID:2668
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      PID:3560
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3560 CREDAT:82945 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        PID:3728
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      PID:488
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:488 CREDAT:82945 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        PID:2976
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      PID:2860
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:82945 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        PID:2788
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      PID:2368
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:82945 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        PID:1452
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      PID:812
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:812 CREDAT:82945 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        PID:2904
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      PID:3616
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3616 CREDAT:82945 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        PID:540

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/344-1-0x0000000000000000-mapping.dmp
      Download
    • memory/540-9-0x0000000000000000-mapping.dmp
      Download
    • memory/1452-7-0x0000000000000000-mapping.dmp
      Download
    • memory/2100-2-0x0000000000000000-mapping.dmp
      Download
    • memory/2668-3-0x0000000000000000-mapping.dmp
      Download
    • memory/2788-6-0x0000000000000000-mapping.dmp
      Download
    • memory/2904-8-0x0000000000000000-mapping.dmp
      Download
    • memory/2976-5-0x0000000000000000-mapping.dmp
      Download
    • memory/3728-4-0x0000000000000000-mapping.dmp
      Download
    • memory/3904-0-0x0000000000630000-0x0000000000647000-memory.dmp
      Filesize

      92KB

      Download