Overview

overview

1

Static

static

btob.10.gif

windows7_x64

1

btob.10.gif

windows10_x64

1

Analysis

  • max time kernel
    92s
  • max time network
    142s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    10-03-2021 19:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    btob.10.gif

  • Size

    43B

  • MD5

    ad4b0f606e0f8465bc4c4c170b37e1a3

  • SHA1

    50b30fd5f87c85fe5cba2635cb83316ca71250d7

  • SHA256

    cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

  • SHA512

    ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\btob.10.gif
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4764
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4764 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4012

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    9c364bf8a0f6e43c4b8f6ba17ba53580

    SHA1

    9a4d3a93a1f0620fea084bbc2ccfd6134a43f9e2

    SHA256

    235804fea5a88c3350ed1cd4857c2950ac6e1b7586e6a23c130c0a06d2ac3f6a

    SHA512

    10f849127482f85d86e6b7a37e37ae5dd2110f1440aa47373d4feb34375c7a7df74b236f5bcf43bb454edf986203d032f79aabb20612079c52bd83c15551983e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    45170366848aeb3b3305ac5312c53533

    SHA1

    c6b4b8a9cb660a8684161a584ca389e516345303

    SHA256

    9a40a4cd0d25076334f1cb662f49cbf1957c69a91af65f9917f2913b523f05a2

    SHA512

    793cc7d9e0f928b4052985dc81554158e13b797e07d55550d4bc587ce2124c122df029e296d959685ca7fc59160b9395efaad12dd3913186638a72b32d1c51ec

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\7BQDHSXF.cookie
    MD5

    585c45f57d3836ce59e59dad33a32596

    SHA1

    d10ee257fccfbb437f647d7128df780545616ee7

    SHA256

    9d4c54888f348edb857c68aaf9c8a4d800dcb096f2ee4c8191881c8bfcc64d1f

    SHA512

    831a0432d847ac2d2b2793f4baf4a8ff355d6eaf9f5013f3636ad7a9bd41178247e3e426ebdebaefb4ee3239a9570e0e4404b2fafa619b98db20b6d48c845de4

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\JV1HILWE.cookie
    MD5

    a38be06f5fb4b1a904e51004aab7a173

    SHA1

    f7d10507e82afbe165b479fa4fb404feb11cb55c

    SHA256

    b071192f33e344111d93a606f30890ed20ff7f3c5c2f67053e9a45771abcbbdf

    SHA512

    b3720428ab12e6225ac349610b55b572d5cf75eb706744a79be9059833f330dd6d0668352d9ab7eba8c0e1ab03bca091016f391f8e514619f8918ee8fb9bf8fa

    Download Submit
  • memory/4012-2-0x0000000000000000-mapping.dmp
    Download