Overview

overview

1

Static

static

294bfstrategiv.exe

windows7_x64

1

294bfstrategiv.exe

windows10_x64

1

Analysis

  • max time kernel
    150s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    31-07-2020 08:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    294bfstrategiv.exe

  • Size

    250KB

  • MD5

    ee9c73c03c7c5a28ebbbd2d22812d401

  • SHA1

    d96107a858a4589e1999fbc807446b8b9e2f11dd

  • SHA256

    23886b6f4a8e361711392340cf4115ea310d69b17c5b1abeca4523d8f28585e0

  • SHA512

    eb27c4cbb63d25cad41c402d256054e551f267bb8b5e0f8b8c25029be7603e38c35c19daab5bbd388056185b5843f5742ef5d46f70fcdc5ff42a587b71e143a3

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 40 IoCs
  • Suspicious use of SetWindowsHookEx 36 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Checks whether UAC is enabled 18 IoCs
  • Modifies Internet Explorer settings 1 TTPs 222 IoCs
    adwarespyware

Processes

  • C:\Users\Admin\AppData\Local\Temp\294bfstrategiv.exe
    "C:\Users\Admin\AppData\Local\Temp\294bfstrategiv.exe"
    1⤵
      PID:1104
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of FindShellTrayWindow
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      PID:640
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:640 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        • Checks whether UAC is enabled
        PID:1832
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:640 CREDAT:209938 /prefetch:2
        2⤵
          PID:1924
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of WriteProcessMemory
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        PID:1984
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1984 CREDAT:275457 /prefetch:2
          2⤵
          • Suspicious use of SetWindowsHookEx
          • Checks whether UAC is enabled
          PID:2004
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of WriteProcessMemory
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        PID:1360
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1360 CREDAT:275457 /prefetch:2
          2⤵
          • Suspicious use of SetWindowsHookEx
          • Checks whether UAC is enabled
          PID:1240
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of WriteProcessMemory
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        PID:1996
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1996 CREDAT:275457 /prefetch:2
          2⤵
          • Suspicious use of SetWindowsHookEx
          • Checks whether UAC is enabled
          • Modifies Internet Explorer settings
          PID:2008
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of WriteProcessMemory
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        PID:1812
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1812 CREDAT:275457 /prefetch:2
          2⤵
          • Suspicious use of SetWindowsHookEx
          • Checks whether UAC is enabled
          PID:1708
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of WriteProcessMemory
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        PID:1592
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1592 CREDAT:275457 /prefetch:2
          2⤵
          • Suspicious use of SetWindowsHookEx
          • Checks whether UAC is enabled
          PID:1236
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of WriteProcessMemory
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        PID:1960
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1960 CREDAT:275457 /prefetch:2
          2⤵
          • Suspicious use of SetWindowsHookEx
          • Checks whether UAC is enabled
          PID:1208
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of WriteProcessMemory
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        PID:864
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:864 CREDAT:275457 /prefetch:2
          2⤵
          • Suspicious use of SetWindowsHookEx
          • Checks whether UAC is enabled
          PID:1812
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Suspicious use of WriteProcessMemory
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of FindShellTrayWindow
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        PID:1940
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1940 CREDAT:275457 /prefetch:2
          2⤵
          • Suspicious use of SetWindowsHookEx
          • Checks whether UAC is enabled
          PID:1544

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Persistence

      Privilege Escalation

      Defense Evasion

      Modify Registry

      1
      T1112

      Credential Access

      Discovery

      Lateral Movement

      Collection

      Exfiltration

      Command and Control

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1104-0-0x0000000000290000-0x00000000002A7000-memory.dmp
        Filesize

        92KB

        Download
      • memory/1208-8-0x0000000000000000-mapping.dmp
        Download
      • memory/1236-7-0x0000000000000000-mapping.dmp
        Download
      • memory/1240-4-0x0000000000000000-mapping.dmp
        Download
      • memory/1544-10-0x0000000000000000-mapping.dmp
        Download
      • memory/1708-6-0x0000000000000000-mapping.dmp
        Download
      • memory/1812-9-0x0000000000000000-mapping.dmp
        Download
      • memory/1832-1-0x0000000000000000-mapping.dmp
        Download
      • memory/1832-2-0x0000000005FA0000-0x0000000005FC3000-memory.dmp
        Filesize

        140KB

        Download
      • memory/2004-3-0x0000000000000000-mapping.dmp
        Download
      • memory/2008-5-0x0000000000000000-mapping.dmp
        Download