Resubmissions

17-01-2021 18:41

210117-6tswpdfc2n 6

15-01-2021 00:12

210115-sn86b9adwn 10

15-01-2021 00:10

210115-4ez2jwsxxe 1

Analysis

  • max time kernel
    7s
  • max time network
    44s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    15-01-2021 00:10

General

  • Target

    https://www.poly.com/in/en/support/downloads-apps

  • Sample

    210115-4ez2jwsxxe

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://www.poly.com/in/en/support/downloads-apps
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4768
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4768 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:5020

Network

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
    MD5

    0e7dd6f8883353918beab32df55a60ba

    SHA1

    df1d32b1478c2d9227d4964ca3a90217fd935daf

    SHA256

    fc0551d582084a0182a186afcae6e57638beb8386f0387d754123b4760015a1e

    SHA512

    e1532fe62eabd5df4af700bda9276040583af158db580e013a7fb8bbc551bf6ee0622874641cb960ddf129cb4eaa85520a81920608554c1c315d9b5464291070

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
    MD5

    0922f670478682d551a5277ce7465b44

    SHA1

    c1c1accb293a8ad036f125cc42a9020f9991a862

    SHA256

    908f7c9c9c3c1770460231037315c8ac828bebe3b324c7598949da675548aa81

    SHA512

    de18185346ca08a9b1ede18fa9ce86a4e50d0ebb08ffd587af4df4adbc81265e289c7f5f0285ca59d75900d4574f404125f102a7a6b1ff6b8d1127d98b6e8d64

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\UXG52LVR.cookie
    MD5

    dd40b7044e0c08ef4ce2026695fc808b

    SHA1

    f414e74f10c0760cc8acdd813de98f7cd4cf3698

    SHA256

    6936bfc52eb0fd18972666177591f89375b3c90664e6d25bdda9236f9956ef88

    SHA512

    5b54a9b303c4c320ea9026f4e24141b3d36701c855ab0309af7a22799804497417c212bcecbe756f137fee06d86cd9d7b3536cf3c4973af59ba987a987cb22ba

  • memory/5020-2-0x0000000000000000-mapping.dmp