Overview

overview

7

Static

static

c20a9d454d...e7.exe

windows7_x64

7

c20a9d454d...e7.exe

windows10_x64

7

Analysis

  • max time kernel
    97s
  • max time network
    149s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    08-11-2020 18:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c20a9d454d283dc7a9deae26cb115686b02de38aead61faf1ba48c6768f7cae7.exe

  • Size

    108KB

  • MD5

    e393dc4e7c91543ce3b36b26846de333

  • SHA1

    1d4f21e434ff9c937a78baa762d68e823aa847bc

  • SHA256

    c20a9d454d283dc7a9deae26cb115686b02de38aead61faf1ba48c6768f7cae7

  • SHA512

    c76621f1f87036d57e8fd9db9b80677f90f8db9f5efba7d595b5c38786e761851bdd805bab10d5d8460060ff986b3909dde64efea88879979ed9a1815a627aa4

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c20a9d454d283dc7a9deae26cb115686b02de38aead61faf1ba48c6768f7cae7.exe
    "C:\Users\Admin\AppData\Local\Temp\c20a9d454d283dc7a9deae26cb115686b02de38aead61faf1ba48c6768f7cae7.exe"
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    PID:3988
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3948
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3948 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4048

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
    MD5

    a0c055f33d1075d1399388fa891c49d3

    SHA1

    b454cda0134375bc26e94e536515b02aeb8dc17c

    SHA256

    c0c37bbe273f349da77cd97f7d2338134532ff1f3fd61d7a4a90f810084385d0

    SHA512

    7ee8616b77f67ecca73186c05967a047c9ae41e93d9b36adc7d232ee7fd881c4b89e1d09e8f254eb856c15264e2c40dedebc98fcb55423be581b1776f19815a6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
    MD5

    a047625f14d935b3f6c7a042765e4cde

    SHA1

    98c4ec5410e11a754de6ab5913d79dbf701dc727

    SHA256

    a0a5d62e1b1df0c5b6f3860282352432ee9d7f942e00527b7cc8beb2a06cbc36

    SHA512

    a7e2c05596ae0592d457c940089bc44c04487b6dafd8c061068d0c80b9391287a56aa84bf2be4401157242a5505ec211d41131be21e3f21fc68e9604534b24ae

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\5YH3SSP1.cookie
    MD5

    ea6ecc0ccd8c4a1fec2f64df37db90a8

    SHA1

    8b68034e039b4c7fef39cda4ec3dc339bcadbfd1

    SHA256

    97d2355d230ab0b2a5d9c3ce80e103282f9c7121a20a0a0bbca356963298eff1

    SHA512

    935f3e0c4bb08d1a4797c562415735e1432f37e130da80f18de27ce98e80bae0acf7d84adb5af85769bf319a34f9c82a116f7c10aedfe737cd44dca73ad51c17

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\J26QNXWT.cookie
    MD5

    64559735ef7e354e4b77157a4c9f999e

    SHA1

    b29fb9c1bbcc949f31de136dcc133a65d09f4789

    SHA256

    f7bde6ebf734da67c890644959340f240609b184b798c46ca62f44abc2f67556

    SHA512

    353e95e6e45645cec5a16538416d1521154e7ba7cc33b581f91835d5e7833335fd22c97e006819d2f08b80a66ad9ea50a206fed41a1c27b986bff20a3f2707b9

    Download Submit
  • \Users\Admin\AppData\Local\Temp\nssEDB.tmp\System.dll
    MD5

    0ff2d70cfdc8095ea99ca2dabbec3cd7

    SHA1

    10c51496d37cecd0e8a503a5a9bb2329d9b38116

    SHA256

    982c5fb7ada7d8c9bc3e419d1c35da6f05bc5dd845940c179af3a33d00a36a8b

    SHA512

    cb5fc0b3194f469b833c2c9abf493fcec5251e8609881b7f5e095b9bd09ed468168e95dda0ba415a7d8d6b7f0dee735467c0ed8e52b223eb5359986891ba6e2e

    Download Submit
  • \Users\Admin\AppData\Local\Temp\nssEDB.tmp\nsisdl.dll
    MD5

    365e712eafd3fbfedcd9cd711526c977

    SHA1

    e5984443d51c95daa8ad3a7ea8c16e4f8b3e3466

    SHA256

    939e81ad5c29211790e5a1a8f6bea7b258bf37b55224631feb71dd31bb0ef852

    SHA512

    848f2fba59a2c19ee8d98d2ec7f8bc5132014601bb641179eea6d52695290d7ef21908bfd03482e065eb797dcb0f9f87591a9696c1ab399c739cd0348f2a67de

    Download Submit
  • \Users\Admin\AppData\Local\Temp\nssEDB.tmp\nsisdl.dll
    MD5

    365e712eafd3fbfedcd9cd711526c977

    SHA1

    e5984443d51c95daa8ad3a7ea8c16e4f8b3e3466

    SHA256

    939e81ad5c29211790e5a1a8f6bea7b258bf37b55224631feb71dd31bb0ef852

    SHA512

    848f2fba59a2c19ee8d98d2ec7f8bc5132014601bb641179eea6d52695290d7ef21908bfd03482e065eb797dcb0f9f87591a9696c1ab399c739cd0348f2a67de

    Download Submit
  • memory/4048-3-0x0000000000000000-mapping.dmp
    Download