Analysis

  • max time kernel
    585s
  • max time network
    363s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    22-11-2020 06:28

General

  • Target

    index(10).html

  • Size

    7KB

  • MD5

    565cf6557ee64a77fe15385373ac3d83

  • SHA1

    0739b5e23e7e30649139421b11b6d289cd2510e7

  • SHA256

    60b111c927851655d541894649f04e4723e1f16b200b14c4b0c08700745c4e91

  • SHA512

    510b5eddd1f7b4ced204e1b26f4cd852d7e5c1a508a808c688dc91fc1b0ea4e52f54d8108c8d550369397af37a65dbd6ed05ff8005ece2b0e0902491cd376168

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index(10).html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1316
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1316 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:724
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0xf0
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:400

Network

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
    MD5

    ffc04cd305e33221116feebf2eaa50b0

    SHA1

    6aeecd1a32ce6655a43e6b35cb2d0cb45876c9d4

    SHA256

    e0215011ac1136f278389a2a9b9572d9cdbb704f4a2a6d4b9cb8e99eba316de4

    SHA512

    ecd09a4db7f337f7b4b767edca0615262af8785c3dd85e6369037c04eda0865c59949a406e6e016ba8e893e7f740881be22909aa472ea6fd1c38aa3902979a01

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
    MD5

    b8a7c72adb42da7f8fcd3e4a1c15ac61

    SHA1

    ef667e2e8efb0f65e5361db220a5d662ca5540e5

    SHA256

    5dbbc25c5f3e439e68503f102a61cd3c27ef75ec5e013d761ac92a27f8f0e1f3

    SHA512

    bae1920e1e28b8a2767b392f032e8a97e99972601579503e623eaf18aeeba7f5a26ff98f71bd3f1677245ca2ae3fe527eedf12956824623ef5d80ea6ad6c0d4c

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\9W1HJ0E5.cookie
    MD5

    ba721c235878b1c5761faf06f57779d5

    SHA1

    ba651f044c4ae327288a6c1be081f12533366d40

    SHA256

    7dfef5df93d665aa059d96d1769902239ecb356210a10ef921cbee4e7110ffae

    SHA512

    96e81e1b54bb83c5b81591a1e6eab7b0cac8fe798faf3f2532b7c3a54c7b6ba1859712ec1a2c9950ca8ea3b189a0c1fb4afd5cbab13049659edcd67ad91d4da7

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\LIHWRPPL.cookie
    MD5

    5c310aabcdc1729d2790e8a61cce7fef

    SHA1

    efb484b0b6600fcc25454053893cdc61fd06b6a8

    SHA256

    3323b7ff6eb9dc6ae7033058e079b3c4f6503f14c457c688e420a26c564737e6

    SHA512

    509aa42578c43562b2ccfca4c34cb064496e90f349d23bf65b5b0dd8dc3a19c0a41fedf1302205e16d1251bfa9199981fb4984f87e375c7e9823130e18e1f9b1

  • memory/724-20-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-38-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-5-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-4-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-3-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-10-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-9-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-2-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-1-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-13-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-14-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-15-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-16-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-24-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-18-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-19-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-0-0x0000000000000000-mapping.dmp
  • memory/724-21-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-42-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-6-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-17-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-25-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-26-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-28-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-27-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-30-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-29-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-32-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-31-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-34-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-33-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-36-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-35-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-23-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-37-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-40-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-39-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-22-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB

  • memory/724-41-0x0000000007800000-0x0000000007810000-memory.dmp
    Filesize

    64KB