Overview

overview

1

Static

static

247bfstrategiv.exe

windows7_x64

1

247bfstrategiv.exe

windows10_x64

1

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    31-07-2020 08:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    247bfstrategiv.exe

  • Size

    250KB

  • MD5

    c994648ae8de71188133b048f59dd379

  • SHA1

    21658eec79f93b62c9f72f670689a10e5ff818b4

  • SHA256

    29e9868a1c30d321b8faabde473671a4c4156abe943346aae334f9303c0ffc26

  • SHA512

    319e81362f3fba1685f0652e7cc0485d3bd90d41223dde1e9084ed3c76749b45ab1e9dbe2217a34942714ac9f6a9c02d5df8aaffdd3523030ef3bda2fad46c33

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 146 IoCs
    adwarespyware
  • Suspicious use of WriteProcessMemory 27 IoCs
  • Suspicious use of SetWindowsHookEx 36 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Checks whether UAC is enabled 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\247bfstrategiv.exe
    "C:\Users\Admin\AppData\Local\Temp\247bfstrategiv.exe"
    1⤵
      PID:3104
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      PID:3456
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3456 CREDAT:82945 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        PID:3472
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      PID:1752
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1752 CREDAT:82945 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        PID:3744
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      PID:900
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:900 CREDAT:82945 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        PID:1164
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      PID:1672
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1672 CREDAT:82945 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        PID:4028
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      PID:416
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:416 CREDAT:82945 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        PID:3732
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      PID:1332
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1332 CREDAT:82945 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        PID:1812
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      PID:2884
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:82945 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        PID:3828
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      PID:1932
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1932 CREDAT:82945 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        PID:3860
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      PID:2268
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2268 CREDAT:82945 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        PID:1692

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1164-3-0x0000000000000000-mapping.dmp
      Download
    • memory/1692-9-0x0000000000000000-mapping.dmp
      Download
    • memory/1812-6-0x0000000000000000-mapping.dmp
      Download
    • memory/3104-0-0x00000000020A0000-0x00000000020B7000-memory.dmp
      Filesize

      92KB

      Download
    • memory/3472-1-0x0000000000000000-mapping.dmp
      Download
    • memory/3732-5-0x0000000000000000-mapping.dmp
      Download
    • memory/3744-2-0x0000000000000000-mapping.dmp
      Download
    • memory/3828-7-0x0000000000000000-mapping.dmp
      Download
    • memory/3860-8-0x0000000000000000-mapping.dmp
      Download
    • memory/4028-4-0x0000000000000000-mapping.dmp
      Download