Overview

overview

1

Static

static

btob.10.gif

windows7_x64

1

btob.10.gif

windows10_x64

1

Analysis

  • max time kernel
    91s
  • max time network
    142s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    12-03-2021 19:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    btob.10.gif

  • Size

    43B

  • MD5

    ad4b0f606e0f8465bc4c4c170b37e1a3

  • SHA1

    50b30fd5f87c85fe5cba2635cb83316ca71250d7

  • SHA256

    cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

  • SHA512

    ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\btob.10.gif
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4684
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4684 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2084

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    e982b91c7ac1f260241954cdc5092a58

    SHA1

    16686d39baf0fe718921842c0dbae39fec9533b3

    SHA256

    71834062cb30b9973b5d8796f3686f260a4a5a8d5f42b4c5107668c3a6e66546

    SHA512

    808beaa9d0a0875282fa5248927226d63bdd86ac27d722590a4620d2a34833165d4b5c2472641f08232f4c35b90f2330074378d891de7fc9e05af043a4b4e621

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    7689ea649b779b4a849e71c49b5e7755

    SHA1

    e68afc7318c0427c37a1a5008e75299f60b51516

    SHA256

    66f4aa05912ede5d9bd67c2ce3969dc4aee87d5203f021c2a8606bdf51202b14

    SHA512

    1d7c20839159641299711aaae24287832d6054802002bfd682b77dbc883bd53a440fa9d052d537491c28aa7e9e98524b82aaf274c156114fd33f783531987281

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\DXI15V09.cookie
    MD5

    64991f8c13da558ea4dca25bb7cd65ed

    SHA1

    40600c1fa3614912cc8ba908a8618d99b78d60ca

    SHA256

    fe40e77fcc7759a1a682bb8df55061ea9ee594b6eb598af38d856e82f8af790c

    SHA512

    534baec52606ee569e722337d22bfd0114e23f000642364cc3eba62e15cd8add712c60a506a77b187c8ebb2c3d5edc81ac000741e8903125ad31a26464fe0fe0

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\QJZMLW6C.cookie
    MD5

    f34bdba8981db46699b0f339e85b208e

    SHA1

    9d62c163282776c3b57731f9b1d404735e594d28

    SHA256

    98f2630d432b4bfd78a5575215f8dcc18a81ee1c6197637cfb8e743b74ecdfe6

    SHA512

    438119504d44509152c55e8f297cf34c811304dac0b0e820745c2ecf75c68da9c5bef3321fee5a0d62b7006ba8d827a106b98dd4996d435247bf2c9ba2976606

    Download Submit
  • memory/2084-2-0x0000000000000000-mapping.dmp
    Download