Overview

overview

1

Static

static

notification.do.gif

windows7_x64

1

notification.do.gif

windows10_x64

1

Analysis

  • max time kernel
    91s
  • max time network
    142s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    25-02-2021 03:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    notification.do.gif

  • Size

    43B

  • MD5

    ebd4c7248ac9be0c41d02060e3430a5d

  • SHA1

    eabc59bee6a7ff007a1dfc3da3b5493143c0d087

  • SHA256

    e1da5cd02d74bb5ba944e3ce44037860ac9f42392eec6c99b9543910e1a3a5fe

  • SHA512

    0f3b6529892aff05bbddc7614faca83f3651f4b14c107853d2cd502391c35f5e26a41af31b5503d68c77264cda24f616aa9f9655fe8a79e975090365ac38ea71

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\notification.do.gif
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1036
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1036 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1580

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    812d6b4d19ece68dae838cc759719a5d

    SHA1

    f380617d65191cbe87db3e0c44cf8f8f40e91496

    SHA256

    8c80cf70265eb4bc5388216202263044ee9c0dfb93d90f5e9136bb3a7b8cef86

    SHA512

    e858ce6ff3b48db149d79689d46b92a2456836db00b1bd8a9f42e191690c4c3cb72cb1653ac65219bfc9fa660f59ca1a4b4e605430b0ddea817f09c27eed8018

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    884b0c7449d5081b50a0b63cc7cd318b

    SHA1

    820a87ab6b547f0d631ce23111a1a01f90776ef5

    SHA256

    56b1d5aec26f3a360852d8c6d834b63610dbb09401ac15737715b4d6e427b819

    SHA512

    8161b57f3186abd6a1ae46c332b144ab75f2615b9b175ab982b90377e59d5437037811921c8a0a8f2d1d9c9bf5224d7f270403f7a941f574698dbf965db26784

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\28PNDS6W.cookie
    MD5

    90552bf19ce72636cc52336e9ab46cf2

    SHA1

    11b22f78a306f0e5026a75883fe576197d9d48f5

    SHA256

    107b1053d6a2ed6e05cac3d3ebeae04632ed55d566c51d3d7d6c9656db8bfcff

    SHA512

    4118ff35bbd97102a17c1e29c533cab1abb3670fbac45b415a510a02b888b7a87aa6e9930ba2a3527da1904e31a521a0f59a34a048ccce65a266fe336865746a

    Download Submit
  • memory/1580-2-0x0000000000000000-mapping.dmp
    Download