Analysis

  • max time kernel
    66s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    08-04-2021 08:04

General

  • Target

    https://bit.ly/3t0AFIo

  • Sample

    210408-5whyxjabqx

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://bit.ly/3t0AFIo
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1680
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1680 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1944

Network

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    MD5

    61a03d15cf62612f50b74867090dbe79

    SHA1

    15228f34067b4b107e917bebaf17cc7c3c1280a8

    SHA256

    f9e23dc21553daa34c6eb778cd262831e466ce794f4bea48150e8d70d3e6af6d

    SHA512

    5fece89ccbbf994e4f1e3ef89a502f25a72f359d445c034682758d26f01d9f3aa20a43010b9a87f2687da7ba201476922aa46d4906d442d56eb59b2b881259d3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    e993dfb12df7708400b1f424fec46ec3

    SHA1

    60e2c2cb6a1063470f94638c2522949eac752750

    SHA256

    6d45227e7c9c3ee632bd2b690d37374608635147cc060e24903c2353245a200c

    SHA512

    dc2d5b5cc9e34e232531cbd5fdc600f7356a6356c12c29985974e9586561d609fa31d30bd7c8092b176037e921491cd626d0f2fa0507bc0081809ecdfbcef0cd

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\E1PWT0ZA.txt
    MD5

    1bcba64a4d0548914cfe0b64493087a3

    SHA1

    abbcd2bd3a1bb6f1c2f77bccb036b3eeb1f9488c

    SHA256

    b11347319a6182256cb3f13a3f88947efae33faf32d7b00363e31711777139f4

    SHA512

    2ae8b61a8caeb9711a41b1f14c86a1f554d3a25e33abe55a20134b1db22939659f2f03fd2d4177a2df52e798913bdbfc2eb66516ff91278a64cd141afdec4180

  • memory/1944-59-0x0000000000000000-mapping.dmp