Analysis
-
max time kernel
601s -
max time network
367s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
22-11-2020 06:28
General
-
Target
index(9).html
-
Size
119KB
-
MD5
33b72c6dc00dd802f5e2d53cbe5c613a
-
SHA1
450ed8acb15133ed843576e735cc171e77c6fe53
-
SHA256
027bb852118f95abe8945905a2ceb945b2051c14418f0f47cb9db097ccd97a36
-
SHA512
fb734e720d5043f887e0a8d66b01cae4a3c5028712a28452406cf0d1d629e2c4205d623286f8aa193b5d269ae8f545d860ae0a65cebedf77e6a887dff7163370
Malware Config
Signatures
-
Modifies Internet Explorer settings 1 TTPs 49 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index(9).html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4760 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x40c1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203MD5
ffc04cd305e33221116feebf2eaa50b0
SHA16aeecd1a32ce6655a43e6b35cb2d0cb45876c9d4
SHA256e0215011ac1136f278389a2a9b9572d9cdbb704f4a2a6d4b9cb8e99eba316de4
SHA512ecd09a4db7f337f7b4b767edca0615262af8785c3dd85e6369037c04eda0865c59949a406e6e016ba8e893e7f740881be22909aa472ea6fd1c38aa3902979a01
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203MD5
55be7950fb164321e4519ffaf4dff491
SHA10b7ae41fde6bc4f85c78cbd4dc881ecb0f1cf65b
SHA25620cb128ead7c086f0f26a008dd813bba8bb0326e2f7f79f16436ec7f69cf6cb5
SHA5129c076dbfcbfdbbdaaa7837dcfcd94d8499231150ca5032513ca5b5d155fa01a4eb24f85a7e740cc277843d81a6239ed2f4d306b18c518ac9389bfc3c4218ee27
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\HWYFXCTE.cookieMD5
97baf2121bca95ea3f5453fb88363889
SHA1f41716b5109ac98cb26a2c6cc8a0ef5b38999e3f
SHA256d6fcdb6b05265606b90a09e5c15e004739c371bdc6a4c309ccea2e4f76f84594
SHA5126f9e0e84ea92e0256a26c49a207dfb320d45c960a1a66be8c30d271f11d85e74b253a531e2a7710479150174ef9017192a522412f8c8577822d724c52714a092
-
memory/3480-17-0x0000000007C10000-0x0000000007C20000-memory.dmpFilesize
64KB
-
memory/3480-7-0x0000000007C10000-0x0000000007C20000-memory.dmpFilesize
64KB
-
memory/3480-16-0x0000000007C10000-0x0000000007C20000-memory.dmpFilesize
64KB
-
memory/3480-1-0x0000000007C10000-0x0000000007C20000-memory.dmpFilesize
64KB
-
memory/3480-18-0x0000000007C10000-0x0000000007C20000-memory.dmpFilesize
64KB
-
memory/3480-8-0x0000000007C10000-0x0000000007C20000-memory.dmpFilesize
64KB
-
memory/3480-2-0x0000000007C10000-0x0000000007C20000-memory.dmpFilesize
64KB
-
memory/3480-11-0x0000000007C10000-0x0000000007C20000-memory.dmpFilesize
64KB
-
memory/3480-10-0x0000000007C10000-0x0000000007C20000-memory.dmpFilesize
64KB
-
memory/3480-12-0x0000000007C10000-0x0000000007C20000-memory.dmpFilesize
64KB
-
memory/3480-13-0x0000000007C10000-0x0000000007C20000-memory.dmpFilesize
64KB
-
memory/3480-19-0x0000000007C10000-0x0000000007C20000-memory.dmpFilesize
64KB
-
memory/3480-15-0x0000000007C10000-0x0000000007C20000-memory.dmpFilesize
64KB
-
memory/3480-0-0x0000000000000000-mapping.dmp
-
memory/3480-4-0x0000000007C10000-0x0000000007C20000-memory.dmpFilesize
64KB
-
memory/3480-3-0x0000000007C10000-0x0000000007C20000-memory.dmpFilesize
64KB
-
memory/3480-14-0x0000000007C10000-0x0000000007C20000-memory.dmpFilesize
64KB
-
memory/3480-20-0x0000000007C10000-0x0000000007C20000-memory.dmpFilesize
64KB
-
memory/3480-21-0x0000000007C10000-0x0000000007C20000-memory.dmpFilesize
64KB
-
memory/3480-22-0x0000000007C10000-0x0000000007C20000-memory.dmpFilesize
64KB
-
memory/3480-23-0x0000000007C10000-0x0000000007C20000-memory.dmpFilesize
64KB
-
memory/3480-24-0x0000000007C10000-0x0000000007C20000-memory.dmpFilesize
64KB
-
memory/3480-25-0x0000000007C10000-0x0000000007C20000-memory.dmpFilesize
64KB
-
memory/3480-26-0x0000000007C10000-0x0000000007C20000-memory.dmpFilesize
64KB
-
memory/3480-27-0x0000000007C10000-0x0000000007C20000-memory.dmpFilesize
64KB
-
memory/3480-28-0x0000000007C10000-0x0000000007C20000-memory.dmpFilesize
64KB
-
memory/3480-29-0x0000000007C10000-0x0000000007C20000-memory.dmpFilesize
64KB
-
memory/3480-30-0x0000000007C10000-0x0000000007C20000-memory.dmpFilesize
64KB
-
memory/3480-31-0x0000000007C10000-0x0000000007C20000-memory.dmpFilesize
64KB