Overview

overview

1

Static

static

btob.10.gif

windows7_x64

1

btob.10.gif

windows10_x64

1

Analysis

  • max time kernel
    93s
  • max time network
    143s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    12-03-2021 03:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    btob.10.gif

  • Size

    43B

  • MD5

    ad4b0f606e0f8465bc4c4c170b37e1a3

  • SHA1

    50b30fd5f87c85fe5cba2635cb83316ca71250d7

  • SHA256

    cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

  • SHA512

    ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\btob.10.gif
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1048
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1048 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3680

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    643f4cbc6c7e1cf9eac3f02b6c89768b

    SHA1

    48ba88616dee0ab4e761d665c6e4d52c0addda82

    SHA256

    854306f58e8ba6f731d516d6276cef608448ad582106bd07a79dd40a566d9b0b

    SHA512

    c9f1012738e8030692b3e5b249dbf7e4ec41a8eea4ac8656404612288a6a0d73c87a0c2b2ca4e6b52536cfb28b73866808bb4330f91ea6db202ff4d47db41093

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    56c1da71f21d003ee91a8f5d77bdc4c3

    SHA1

    81ade1763b27f1e72284b15c74aed01a24b60c5d

    SHA256

    1e68f383cbe2dd23aac8d9c586166f85bde07b7c4cab3e48e5694331f46c111e

    SHA512

    e9a359306075f019a9a4ff14135217d0bcaaa3a5b10a3d8ff5d340f71c430c1669613944050de95d51396c394be98e271b2a0135fbfe89b07c0dd15391e160eb

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\I3J5V39W.cookie
    MD5

    8ad7095dd77d1086cb11cf8125f1bf6b

    SHA1

    81926a2e94081e5ddec7adeab7892e795e6c2d51

    SHA256

    ba86d250287fdfda45828632cb131dbf6a89fee67f35a6f9cc0ccce632f8cf02

    SHA512

    3eaed224540c319dd2ea549b8f44788095733909bcb09cffc21f16283daea91d69b1bc78070c119c91044817bce3579cd20e3bfbd194e69030c7ae7a2f671411

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\Y0XNJ64S.cookie
    MD5

    ea9c171eb11fd50723f402c78bdd2b9e

    SHA1

    5b1260cbf42c0d5cbb9fe7532d27696b039ab133

    SHA256

    e3701b8a06c7984a32a2bbd34079a69d61672c28149343223c8dce2f45312696

    SHA512

    5423f6e35f5900f07d952ced248b42bcb2cb5679a5824f490865bc060d75ba5907f14466956ed649cd10c2326f7f449b467ba55325d510db625133ff849b197f

    Download Submit
  • memory/3680-2-0x0000000000000000-mapping.dmp
    Download