Analysis

  • max time kernel
    91s
  • max time network
    142s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    09-03-2021 19:41

General

  • Target

    btob.10.gif

  • Size

    43B

  • MD5

    ad4b0f606e0f8465bc4c4c170b37e1a3

  • SHA1

    50b30fd5f87c85fe5cba2635cb83316ca71250d7

  • SHA256

    cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

  • SHA512

    ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\btob.10.gif
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4776
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4776 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1848

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    MD5

    b2b3a0c470639ca5daadc9fe5f37db95

    SHA1

    9d979d4db41b766a2f0febc89ccfa7b50d0ae44d

    SHA256

    bdec475d76d3a2c297aec33a53d1e66cb6f324856bf2205f4ec2e2e3a50ae9ad

    SHA512

    a8e6bf82dec31d2e953d1ed9c883d88cb91b5a134a96887883a88b7c81eeb3bc0f1728d0cc82f37a603d320ff1428131e10983186318dd46cd1aded4d9b81193

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    MD5

    99d9be4fa75c6102645cef90dc905620

    SHA1

    f084991d92beee8d43732b859ac3792aadf03b50

    SHA256

    5d0e51eeee93ffb2a57ccf22553f35241c0ecc5469e78140be134a3b055278ef

    SHA512

    4a222dd0bf45974d2dc466fa1666a55b464cd21929e1e50a5d7c80b62ebc701d08190a18c9e2236c34d4be5abef1cf45d1b012ca460244b8a45f0cf4471e54cc

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\VM1ORTSK.cookie

    MD5

    ba1dbcb24d9e9b6f777e2ccb462c9757

    SHA1

    40b46178c02263aea79e764b99291cc288e02bc5

    SHA256

    070531fa8f5dbb168a91b348a65eae3ab55dfcb4be3d7108b0feed76dfab4098

    SHA512

    d6012e02f54984e469058ed1e9d0f3d6f8337f303a256742829f5ac9d7deb4694e29f249e58ba84f11a288564aec6fbb8ad5175ac960278eabd6ace640a01dfc

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\XS9U2483.cookie

    MD5

    fa0b9fcbf65e08caf65f1434ed1ed62f

    SHA1

    163f9cbb66139e29416f7898ea750c3a23ec1447

    SHA256

    126c2ab4ea96474a65b33798fbc97717164d9609ba921bd8ca3ec7a77c9d9dcc

    SHA512

    bc5018ff56d85b3aadf55d4224942710bead5b493c085e197f11d23d962b7f185d4ac946aa00feebf6ef2d4792dbba0b28253255a65dd556eae421958833b297

  • memory/1848-2-0x0000000000000000-mapping.dmp