Overview

overview

1

Static

static

245bfstrategiv.exe

windows7_x64

1

245bfstrategiv.exe

windows10_x64

1

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    31-07-2020 08:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    245bfstrategiv.exe

  • Size

    250KB

  • MD5

    006a81bc63231ca9aa3867ef143bff82

  • SHA1

    02c7bb275c262c20dd4657f066f6d133e2c27a25

  • SHA256

    ee4b2459c040e77ef8d702fe98677c4a1f3f402d04763c50f9522a0f4f8f04c6

  • SHA512

    2e63d9c9e8fea626337f4dda0972ffdac88ba03c854d6820987ce8a4bf1e521171a0f8f313ae4ba5191902d731287a62485b36e197d807983b07cc5d339a0078

Score
1/10

Malware Config

Signatures

  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Checks whether UAC is enabled 18 IoCs
  • Modifies Internet Explorer settings 1 TTPs 222 IoCs
    adwarespyware
  • Suspicious use of WriteProcessMemory 40 IoCs
  • Suspicious use of SetWindowsHookEx 36 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\245bfstrategiv.exe
    "C:\Users\Admin\AppData\Local\Temp\245bfstrategiv.exe"
    1⤵
      PID:1124
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      PID:744
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:744 CREDAT:275457 /prefetch:2
        2⤵
        • Checks whether UAC is enabled
        • Suspicious use of SetWindowsHookEx
        PID:1812
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:744 CREDAT:537619 /prefetch:2
        2⤵
          PID:1892
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Suspicious use of WriteProcessMemory
        • Suspicious use of SetWindowsHookEx
        PID:1912
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1912 CREDAT:275457 /prefetch:2
          2⤵
          • Checks whether UAC is enabled
          • Suspicious use of SetWindowsHookEx
          PID:1932
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Suspicious use of WriteProcessMemory
        • Suspicious use of SetWindowsHookEx
        PID:1360
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1360 CREDAT:275457 /prefetch:2
          2⤵
          • Checks whether UAC is enabled
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1780
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Suspicious use of WriteProcessMemory
        • Suspicious use of SetWindowsHookEx
        PID:464
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:464 CREDAT:275457 /prefetch:2
          2⤵
          • Checks whether UAC is enabled
          • Suspicious use of SetWindowsHookEx
          PID:596
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Suspicious use of WriteProcessMemory
        • Suspicious use of SetWindowsHookEx
        PID:816
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:816 CREDAT:275457 /prefetch:2
          2⤵
          • Checks whether UAC is enabled
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1892
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Suspicious use of WriteProcessMemory
        • Suspicious use of SetWindowsHookEx
        PID:1560
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1560 CREDAT:275457 /prefetch:2
          2⤵
          • Checks whether UAC is enabled
          • Suspicious use of SetWindowsHookEx
          PID:1940
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Suspicious use of WriteProcessMemory
        • Suspicious use of SetWindowsHookEx
        PID:464
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:464 CREDAT:275457 /prefetch:2
          2⤵
          • Checks whether UAC is enabled
          • Suspicious use of SetWindowsHookEx
          PID:1508
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Suspicious use of WriteProcessMemory
        • Suspicious use of SetWindowsHookEx
        PID:1112
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1112 CREDAT:275457 /prefetch:2
          2⤵
          • Checks whether UAC is enabled
          • Suspicious use of SetWindowsHookEx
          PID:320
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Suspicious use of WriteProcessMemory
        • Suspicious use of SetWindowsHookEx
        PID:2024
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2024 CREDAT:275457 /prefetch:2
          2⤵
          • Checks whether UAC is enabled
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:300

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Persistence

      Privilege Escalation

      Defense Evasion

      Modify Registry

      1
      T1112

      Credential Access

      Discovery

      Lateral Movement

      Collection

      Exfiltration

      Command and Control

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/300-10-0x0000000000000000-mapping.dmp
        Download
      • memory/320-9-0x0000000000000000-mapping.dmp
        Download
      • memory/596-5-0x0000000000000000-mapping.dmp
        Download
      • memory/1124-0-0x0000000000470000-0x0000000000487000-memory.dmp
        Filesize

        92KB

        Download
      • memory/1508-8-0x0000000000000000-mapping.dmp
        Download
      • memory/1780-4-0x0000000000000000-mapping.dmp
        Download
      • memory/1812-1-0x0000000000000000-mapping.dmp
        Download
      • memory/1812-2-0x00000000068B0000-0x00000000068D3000-memory.dmp
        Filesize

        140KB

        Download
      • memory/1892-6-0x0000000000000000-mapping.dmp
        Download
      • memory/1932-3-0x0000000000000000-mapping.dmp
        Download
      • memory/1940-7-0x0000000000000000-mapping.dmp
        Download