Overview

overview

1

Static

static

btob.10.gif

windows7_x64

1

btob.10.gif

windows10_x64

1

Analysis

  • max time kernel
    90s
  • max time network
    140s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    11-03-2021 13:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    btob.10.gif

  • Size

    43B

  • MD5

    ad4b0f606e0f8465bc4c4c170b37e1a3

  • SHA1

    50b30fd5f87c85fe5cba2635cb83316ca71250d7

  • SHA256

    cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

  • SHA512

    ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\btob.10.gif
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1908
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1908 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:356

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    643f4cbc6c7e1cf9eac3f02b6c89768b

    SHA1

    48ba88616dee0ab4e761d665c6e4d52c0addda82

    SHA256

    854306f58e8ba6f731d516d6276cef608448ad582106bd07a79dd40a566d9b0b

    SHA512

    c9f1012738e8030692b3e5b249dbf7e4ec41a8eea4ac8656404612288a6a0d73c87a0c2b2ca4e6b52536cfb28b73866808bb4330f91ea6db202ff4d47db41093

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    afb99e87fbf0daf72e2638614b506ee7

    SHA1

    2f5f41b6ad43ebfc9ccda52306ca0c40da990696

    SHA256

    9cd283643b6c5635fd968cc619cde28f4f372031aa6dc041fd314cd2cc719a2c

    SHA512

    5f669b295f7e81b5847a6e6fde8ddd843ed63e835ab79dfb375b01a5996ebe8fd725f9457ff169bc5ae1ebb0715119eb4cb2da59de14944ccca9b004a8e47e88

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\QQVCW9TJ.cookie
    MD5

    f78b6c753791e5bb7183621f0d7d4c6e

    SHA1

    44fb2ad5388f61a730b0fdf68fa7095131ad0228

    SHA256

    2e13acd871bd534c5c24f712e04cd168626026a1194b3ddab2a46e7f61954580

    SHA512

    d4ca2541fda9590c45f5c51086124dd7d874aa91d1342ff2012fa61694720560cedc5fa39948674d244d1b5d54cbfa6e567ff66838d5e5ae26d1bfcaa96eaeef

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\VGK5LCLO.cookie
    MD5

    202f38b28355b5992fe9f434deb9ac17

    SHA1

    07c6d80db45556a611119fc5e3ad27ebaa0b3a75

    SHA256

    7b05c21068c551a1b705b89b1b7d40013b89fdd4b8568ee482764152b65f790f

    SHA512

    5c1d75cb1031ac526c6128272378517c1a2d038a630ab60eab69b169652fedb00763e8ccb7aff4da2571817eca57373b8d00516028cf88257c0f97ecb49f422c

    Download Submit
  • memory/356-2-0x0000000000000000-mapping.dmp
    Download