Analysis
-
max time kernel
589s -
max time network
383s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
22-11-2020 06:28
General
-
Target
index(7).html
-
Size
18KB
-
MD5
4a52683398cac1b4c47b335ea2779654
-
SHA1
14ee7fcd212bb624887dfa746aabe49bc4eef357
-
SHA256
b9af37f8b2660e4b3b1f4bd42d7dd376d841d0dd854c1600384ed0ec8026ef37
-
SHA512
761e25ffd4bb6b9af253401a9f2acbc8bb5f34bac5959a82527ddca30e5277ec2e577ff7ad8883fd4201249ca2ab1df89850b73cae547b65902d41a8d53af1a5
Malware Config
Signatures
-
Modifies Internet Explorer settings 1 TTPs 40 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index(7).html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4728 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203MD5
ffc04cd305e33221116feebf2eaa50b0
SHA16aeecd1a32ce6655a43e6b35cb2d0cb45876c9d4
SHA256e0215011ac1136f278389a2a9b9572d9cdbb704f4a2a6d4b9cb8e99eba316de4
SHA512ecd09a4db7f337f7b4b767edca0615262af8785c3dd85e6369037c04eda0865c59949a406e6e016ba8e893e7f740881be22909aa472ea6fd1c38aa3902979a01
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203MD5
ed19eb4e1e4f9594db548e389d40552d
SHA1f48ca9fae4b2a59f2cd54bb72e2a06a70e5e4046
SHA256ae8d992462c6a8ceb339c346d52c8d04137bc4d344b96cc5ad4b665b4dd05374
SHA51273d0171bad94e2406b6b8a5805f507a218d35d783b1160d9e44eb186533d828a118965f1bea074e7ebda8d8393e529fa056e0b394c0a0fd58a1504d0a42d9692
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\8SI334K9.cookieMD5
b3e69d0141a5ae1b4a8180421a96e44c
SHA15392f2dd9f96ee6fdca14e99018ad47c8f964506
SHA256ea19c4bfb1936ad70d25e077854943ea3a23af7dab94a85ed8f4e7a5dc390684
SHA512ba2be5bc1483cb925c4a50b32e2e71847ca55dcfc5599a44fa5f101d52c051fbdf9fc807f844929cce1c70addba6b1d7eae97639527c9469c3aeeb9f79fc2fed
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\B4Q0VIOU.cookieMD5
7c62b36f0a383baa3dea7991bef4bf21
SHA15b35b3963ab35c90b4ba1713bc71426d6061c229
SHA256151fff6dd80d2c515a1eae2d57c13e7a0b77125db65daf1215a2f73e5d7d5ad2
SHA512f0a8a57456ecbf36110f43e39a32fa54d38d1e8dc98d5a5f267b1848d62c086d33fbdb2a2ba4716bba6e603d18caf7246f1ea794919474003b886475576ab73a
-
memory/5052-23-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-47-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-3-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-25-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-8-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-9-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-10-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-2-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-1-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-13-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-14-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-15-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-16-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-17-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-18-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-19-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-20-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-28-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-21-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-24-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-0-0x0000000000000000-mapping.dmp
-
memory/5052-26-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-7-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-4-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-22-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-29-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-30-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-32-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-31-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-34-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-33-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-35-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-36-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-38-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-37-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-40-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-39-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-41-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-42-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-43-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-44-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-45-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-46-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-27-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB
-
memory/5052-48-0x0000000008020000-0x0000000008030000-memory.dmpFilesize
64KB