Overview

overview

7

Static

static

favorites_...0.html

windows7_x64

7

favorites_...0.html

windows10_x64

7

Resubmissions

05-11-2020 01:22

201105-g62xn2nnt2 10

05-11-2020 01:17

201105-lj69wwasf6 7

05-11-2020 01:11

201105-ajwh7dz4gn 9

05-11-2020 01:07

201105-wexjpqxels 7

Analysis

  • max time kernel
    150s
  • max time network
    144s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    05-11-2020 01:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    favorites_10_30_20.html

  • Size

    410B

  • MD5

    dadb7dbc14491c4a8455a2f7c55807d7

  • SHA1

    70665fce8130d091c50519e214f5423224eef0e8

  • SHA256

    1fc3cabbb795381877c9724be6c815e80890eee322dce82be1994a3cd9ec22ca

  • SHA512

    b05f0cb29422be6900a3f0129fa11a92268387d3f9ef30cf76dfb083f7a340dee3191ef408acf07b81d113cf8d743ebbaf6e31c036c7d73ac112877e4643e40f

Score
7/10
spyware

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 68 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\favorites_10_30_20.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:576
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:576 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3672
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3824
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3824.0.131080636\1059630136" -parentBuildID 20200403170909 -prefsHandle 1508 -prefMapHandle 1500 -prefsLen 1 -prefMapSize 219631 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3824 "\\.\pipe\gecko-crash-server-pipe.3824" 1588 gpu
        3⤵
          PID:580
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3824.3.1402893932\1512955485" -childID 1 -isForBrowser -prefsHandle 2284 -prefMapHandle 2256 -prefsLen 501 -prefMapSize 219631 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3824 "\\.\pipe\gecko-crash-server-pipe.3824" 2312 tab
          3⤵
            PID:3012
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:3152
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          2⤵
          • Checks processor information in registry
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3996
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3996.0.632764524\1920403183" -parentBuildID 20200403170909 -prefsHandle 1408 -prefMapHandle 1396 -prefsLen 1 -prefMapSize 214080 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3996 "\\.\pipe\gecko-crash-server-pipe.3996" 1492 gpu
            3⤵
              PID:1264

        Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/580-294-0x0000000000000000-mapping.dmp
          Download
        • memory/1264-246-0x0000000000000000-mapping.dmp
          Download
        • memory/3012-656-0x0000000000000000-mapping.dmp
          Download
        • memory/3672-0-0x0000000000000000-mapping.dmp
          Download
        • memory/3824-1-0x0000000000000000-mapping.dmp
          Download
        • memory/3996-52-0x0000000000000000-mapping.dmp
          Download