Analysis

  • max time kernel
    141s
  • max time network
    147s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    27-10-2020 10:58

General

  • Target

    94bb5ce324e3dbf3b2f19b85d33b77b376539ef51dce95443803c9036ffb2be3.exe

  • Size

    1.4MB

  • MD5

    cf960a758eaedcd2b6e110a3ab359d9e

  • SHA1

    54bd36675e88cc21dc125942c1474625a86cd83f

  • SHA256

    94bb5ce324e3dbf3b2f19b85d33b77b376539ef51dce95443803c9036ffb2be3

  • SHA512

    06277298a92a283f21e8c2e8b095723d84ee758de86c0c3684ee0316d2b3f5c13dcf7263f7b7d9c53387ebe9d32c2c056cd8eebc43124d9a45dcc9df116b7086

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 86 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\94bb5ce324e3dbf3b2f19b85d33b77b376539ef51dce95443803c9036ffb2be3.exe
    "C:\Users\Admin\AppData\Local\Temp\94bb5ce324e3dbf3b2f19b85d33b77b376539ef51dce95443803c9036ffb2be3.exe"
    1⤵
      PID:3892
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2024
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2024 CREDAT:82945 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3896
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1780
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1780 CREDAT:82945 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3868
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3488
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3488 CREDAT:82945 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2500
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1288
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1288 CREDAT:82945 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:928
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2052
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2052 CREDAT:82945 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2324

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Defense Evasion

    Modify Registry

    1
    T1112

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
      MD5

      9c8803157da472557f25514b484e123e

      SHA1

      0c6f830fe60b615f1543eee6755bbe7bad1fc25b

      SHA256

      c0e6e5ae60ed8ed5918f5bec491bdf51a3c47ccd46d4cb0e4ac1e8896fa5551b

      SHA512

      c41dcc9c756c102c6521e44f1937e054de804a20378443733463a754dd944bcbac97ca9ff7b0b649e5b5c2072826877081871808b442ac5a7a92ba335daa6c78

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
      MD5

      141b0cdcad0d58d42ed5894154dadf30

      SHA1

      0957a566850bd72ba873868a02e0845b98ddce49

      SHA256

      2ec1c49e69aef34c0f9768f0404801fe933354e4440178053d11a256fec67497

      SHA512

      5454f1370976f5382b80e4d021ef0a4d0bf9624410ce4286debf7b86b63575d595e63eea6c0baa5acec4dbe64b0709cf0ee3355fa52e261dd6263518d5370ed8

    • memory/928-6-0x0000000000000000-mapping.dmp
    • memory/2324-7-0x0000000000000000-mapping.dmp
    • memory/2500-5-0x0000000000000000-mapping.dmp
    • memory/3868-2-0x0000000000000000-mapping.dmp
    • memory/3892-0-0x00000000001D0000-0x00000000001E2000-memory.dmp
      Filesize

      72KB

    • memory/3896-1-0x0000000000000000-mapping.dmp