Overview

overview

1

Static

static

btob.10.gif

windows7_x64

1

btob.10.gif

windows10_x64

1

Analysis

  • max time kernel
    91s
  • max time network
    141s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    11-03-2021 20:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    btob.10.gif

  • Size

    43B

  • MD5

    ad4b0f606e0f8465bc4c4c170b37e1a3

  • SHA1

    50b30fd5f87c85fe5cba2635cb83316ca71250d7

  • SHA256

    cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

  • SHA512

    ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\btob.10.gif
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4764
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4764 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:5080

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    643f4cbc6c7e1cf9eac3f02b6c89768b

    SHA1

    48ba88616dee0ab4e761d665c6e4d52c0addda82

    SHA256

    854306f58e8ba6f731d516d6276cef608448ad582106bd07a79dd40a566d9b0b

    SHA512

    c9f1012738e8030692b3e5b249dbf7e4ec41a8eea4ac8656404612288a6a0d73c87a0c2b2ca4e6b52536cfb28b73866808bb4330f91ea6db202ff4d47db41093

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    d4c580a29897c64064cec2b8c93568fa

    SHA1

    308106ec9728e0f427eee79ea456125acfe95dcb

    SHA256

    fd41ece4141786702cd49b5522761f8ff3819a4e4e5ae99b994778bfc27dc0eb

    SHA512

    799de5f550d7eb87eeb964d93afe9111f0168c9898f5b0f33b8455e0613921fd5e0ff96867ae0b5caf60bbfc7fb1b859eb7d85c28ac5cd8db1c238967513682d

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\IK6AE1C6.cookie
    MD5

    73aea4b49076e46550f257bcb307b746

    SHA1

    9d8e5355fefac92a9cd935675b557545fc4cb2e2

    SHA256

    7dc5ab5faa699507dfae2c1b52df52353c7b7e4a1675172f78b9de8f518e05b7

    SHA512

    c3723abb43cd35d88007b0903f3f3572c8a8ea0e30bf20480e5d55bedebf69fc8edecaf1e60781b311fa55504f29b583caf5b5b25bfc6f76ef86a80717a35ed9

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\R8UUVZCI.cookie
    MD5

    ea1e8a746d41b310b37a5bf199482963

    SHA1

    5032ba7317da31324792f913920111e12b6c99c7

    SHA256

    5281d49178f0a0415d977aafdea95362fc4f52f77a8ed16068d5087c2e22aa4b

    SHA512

    89a10fe6aea95f1654f0661c32714ce9bd4d11d4336e00f74a5819cf1737718422b675cf48da5c983dc43dd450a1748b53641e988f4a3f621b46dba3329671e9

    Download Submit
  • memory/5080-2-0x0000000000000000-mapping.dmp
    Download