Overview

overview

7

Static

static

c20a9d454d...e7.exe

windows7_x64

7

c20a9d454d...e7.exe

windows10_x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    08-11-2020 18:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c20a9d454d283dc7a9deae26cb115686b02de38aead61faf1ba48c6768f7cae7.exe

  • Size

    108KB

  • MD5

    e393dc4e7c91543ce3b36b26846de333

  • SHA1

    1d4f21e434ff9c937a78baa762d68e823aa847bc

  • SHA256

    c20a9d454d283dc7a9deae26cb115686b02de38aead61faf1ba48c6768f7cae7

  • SHA512

    c76621f1f87036d57e8fd9db9b80677f90f8db9f5efba7d595b5c38786e761851bdd805bab10d5d8460060ff986b3909dde64efea88879979ed9a1815a627aa4

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c20a9d454d283dc7a9deae26cb115686b02de38aead61faf1ba48c6768f7cae7.exe
    "C:\Users\Admin\AppData\Local\Temp\c20a9d454d283dc7a9deae26cb115686b02de38aead61faf1ba48c6768f7cae7.exe"
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    PID:1056
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1636
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1636 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:584

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\HMSZ0STP.txt
    MD5

    6ab64b951e80f1e12f93a99dc256d68f

    SHA1

    e81084a0c46471c652748372f7be393d2d7f1fd5

    SHA256

    18ca0dbbbec3d2f652c57aae391d26d303e4138cacbfdc28879ae7fd508bca7a

    SHA512

    cc97872b768edda1fd450af83bca5cd07916b116536c06e619e74ee42ff4a6294f2b8a02512a0821965864686bdcae8f9309bf337768e0c29db8af3adb137b89

    Download Submit
  • \Users\Admin\AppData\Local\Temp\nsc16EB.tmp\System.dll
    MD5

    0ff2d70cfdc8095ea99ca2dabbec3cd7

    SHA1

    10c51496d37cecd0e8a503a5a9bb2329d9b38116

    SHA256

    982c5fb7ada7d8c9bc3e419d1c35da6f05bc5dd845940c179af3a33d00a36a8b

    SHA512

    cb5fc0b3194f469b833c2c9abf493fcec5251e8609881b7f5e095b9bd09ed468168e95dda0ba415a7d8d6b7f0dee735467c0ed8e52b223eb5359986891ba6e2e

    Download Submit
  • \Users\Admin\AppData\Local\Temp\nsc16EB.tmp\nsisdl.dll
    MD5

    365e712eafd3fbfedcd9cd711526c977

    SHA1

    e5984443d51c95daa8ad3a7ea8c16e4f8b3e3466

    SHA256

    939e81ad5c29211790e5a1a8f6bea7b258bf37b55224631feb71dd31bb0ef852

    SHA512

    848f2fba59a2c19ee8d98d2ec7f8bc5132014601bb641179eea6d52695290d7ef21908bfd03482e065eb797dcb0f9f87591a9696c1ab399c739cd0348f2a67de

    Download Submit
  • \Users\Admin\AppData\Local\Temp\nsc16EB.tmp\nsisdl.dll
    MD5

    365e712eafd3fbfedcd9cd711526c977

    SHA1

    e5984443d51c95daa8ad3a7ea8c16e4f8b3e3466

    SHA256

    939e81ad5c29211790e5a1a8f6bea7b258bf37b55224631feb71dd31bb0ef852

    SHA512

    848f2fba59a2c19ee8d98d2ec7f8bc5132014601bb641179eea6d52695290d7ef21908bfd03482e065eb797dcb0f9f87591a9696c1ab399c739cd0348f2a67de

    Download Submit
  • memory/584-4-0x0000000000000000-mapping.dmp
    Download
  • memory/1740-3-0x000007FEF6930000-0x000007FEF6BAA000-memory.dmp
    Filesize

    2.5MB

    Download