Overview

overview

1

Static

static

290bfstrategiv.exe

windows7_x64

1

290bfstrategiv.exe

windows10_x64

1

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    31-07-2020 08:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    290bfstrategiv.exe

  • Size

    250KB

  • MD5

    fef72d738ee3a77e25f1149eef51ce97

  • SHA1

    977e640406a44db0011b0a0a80b12f66bcc83420

  • SHA256

    89ff37abe56437ef578809fd40ee79001d1173b2d7a00c53ae37d7c0a4c57149

  • SHA512

    6fa11232bc90c0751e460bb596fab883f8a855a67ca7c9f52dcb66fd7481778db75ee5820c2b1a2aca97dd4e3089a96cd83b62c0d436f40fbb9f76bb6daafc84

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 36 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Checks whether UAC is enabled 18 IoCs
  • Modifies Internet Explorer settings 1 TTPs 222 IoCs
    adwarespyware
  • Suspicious use of WriteProcessMemory 40 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\290bfstrategiv.exe
    "C:\Users\Admin\AppData\Local\Temp\290bfstrategiv.exe"
    1⤵
      PID:1496
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      PID:1752
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1752 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        PID:1892
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1752 CREDAT:799749 /prefetch:2
        2⤵
          PID:1948
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Suspicious use of WriteProcessMemory
        PID:1056
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1056 CREDAT:275457 /prefetch:2
          2⤵
          • Suspicious use of SetWindowsHookEx
          • Checks whether UAC is enabled
          • Modifies Internet Explorer settings
          PID:1388
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Suspicious use of WriteProcessMemory
        PID:808
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:808 CREDAT:275457 /prefetch:2
          2⤵
          • Suspicious use of SetWindowsHookEx
          • Checks whether UAC is enabled
          PID:1532
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Suspicious use of WriteProcessMemory
        PID:1460
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1460 CREDAT:275457 /prefetch:2
          2⤵
          • Suspicious use of SetWindowsHookEx
          • Checks whether UAC is enabled
          • Modifies Internet Explorer settings
          PID:316
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Suspicious use of WriteProcessMemory
        PID:1936
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:275457 /prefetch:2
          2⤵
          • Suspicious use of SetWindowsHookEx
          • Checks whether UAC is enabled
          PID:1860
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Suspicious use of WriteProcessMemory
        PID:1504
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1504 CREDAT:275457 /prefetch:2
          2⤵
          • Suspicious use of SetWindowsHookEx
          • Checks whether UAC is enabled
          PID:2012
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Suspicious use of WriteProcessMemory
        PID:1056
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1056 CREDAT:275457 /prefetch:2
          2⤵
          • Suspicious use of SetWindowsHookEx
          • Checks whether UAC is enabled
          PID:2000
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Suspicious use of WriteProcessMemory
        PID:568
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:568 CREDAT:275457 /prefetch:2
          2⤵
          • Suspicious use of SetWindowsHookEx
          • Checks whether UAC is enabled
          PID:1532
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Suspicious use of WriteProcessMemory
        PID:2040
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2
          2⤵
          • Suspicious use of SetWindowsHookEx
          • Checks whether UAC is enabled
          • Modifies Internet Explorer settings
          PID:1160

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Persistence

      Privilege Escalation

      Defense Evasion

      Modify Registry

      1
      T1112

      Credential Access

      Discovery

      Lateral Movement

      Collection

      Exfiltration

      Command and Control

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/316-5-0x0000000000000000-mapping.dmp
        Download
      • memory/1160-10-0x0000000000000000-mapping.dmp
        Download
      • memory/1388-3-0x0000000000000000-mapping.dmp
        Download
      • memory/1496-0-0x00000000003B0000-0x00000000003C7000-memory.dmp
        Filesize

        92KB

        Download
      • memory/1532-4-0x0000000000000000-mapping.dmp
        Download
      • memory/1532-9-0x0000000000000000-mapping.dmp
        Download
      • memory/1860-6-0x0000000000000000-mapping.dmp
        Download
      • memory/1892-1-0x0000000000000000-mapping.dmp
        Download
      • memory/1892-2-0x0000000005B90000-0x0000000005BB3000-memory.dmp
        Filesize

        140KB

        Download
      • memory/2000-8-0x0000000000000000-mapping.dmp
        Download
      • memory/2012-7-0x0000000000000000-mapping.dmp
        Download