Analysis

  • max time kernel
    131s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    13-01-2021 09:09

General

  • Target

    https://em.scylladb.com/o03vR00ll007NQ0exFBjPI0

  • Sample

    210113-zln1jcvqze

Score
6/10

Malware Config

Signatures

  • JavaScript code in executable 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 71 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://em.scylladb.com/o03vR00ll007NQ0exFBjPI0
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:740
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:740 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1960

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

    MD5

    bc94d23c9480a35facb5e50f2ab187ef

    SHA1

    7b677b8bc9704f369818ba9aaa86786c3735a602

    SHA256

    69e4bd5ed06087fbf1faaa02a868325de2da88a33516e285389de9ecfdb2543a

    SHA512

    40c607b9fbaae5ebf899b7b6bd90db649968526b91353e30ee32d28aa02107bf8b10eb1aa56e8859764c235227b2ded7b8b8f013ad72bcab86b7b52c3769675f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

    MD5

    b1803c99ffb26dba15517d1a1c837e86

    SHA1

    b8384499cdeb90a764fb0fb8f19f133f1966c5ee

    SHA256

    73c967c3ac4baaf223e2f538a1ce5dc727cede1b32ded82a50261327032c870f

    SHA512

    d004e55aa6073996b481706ded3d9dfa6623b791dab7fbb28900a47d14c24fc2c840b6eab348e95d4c8a13c5e919a8d981e2add3a242c21d8ba131d9d146375c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    MD5

    eff00260b6757f3cc19f7fe643ad2199

    SHA1

    893ba29cf1243a1e0181a3a0b737d12a969c1710

    SHA256

    899c106fec68c783db0e3ecb0b459eadb3bfe1c10212e404b29e9ad3ff6b8ffc

    SHA512

    e0990b89317125f163ffd0d55fd7fc90ada4e2b9115c6890b084ac42aa553c6e83ae34a7285829c41b8aec2fcf7b1ec50660cc459152708db42ddafa6b3e2606

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s7iy1jn\imagestore.dat

    MD5

    20602d639d4a70f700696f4062a5a675

    SHA1

    e384dfb51aee1eb21828d8895abcaa66a684cbcc

    SHA256

    eaa16da663585679c588d6ba7d00ad155c1e5cda7b134a4bc3190640e5cb967b

    SHA512

    d42142d908fb2bb2d88ca27e67fa6e3d42f751121ac80668fdc86d65e133fe125ef4c9c03b74e2b9d97bffe2db39ccfdff577663782f7e9cf50a93f36010059b

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\8JS4S834.txt

    MD5

    9b0768feee250e6884f380707382de6d

    SHA1

    83b6c1f7967a6975c14964142ef57303879e9adf

    SHA256

    3ad4db0d3f982b2fe9ff9c3be6e33f7d9dc2c864e82f8164e40d747a0f13387d

    SHA512

    9123706b3442432d645925a442b21f91ed99ef7313506bc72778170a4dedd0aff5f8422fce84df0e29e74a3176f23b1dcbd9071ffaeb8c04aef32d5e13541091

  • memory/1960-3-0x0000000000000000-mapping.dmp

  • memory/2040-2-0x000007FEF7E50000-0x000007FEF80CA000-memory.dmp

    Filesize

    2.5MB