Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    04-05-2021 15:06

General

  • Target

    https://www.alldownloadss.com/br/

  • Sample

    210504-rlaa8zb8qa

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Modifies registry class 58 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://www.alldownloadss.com/br/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:564
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:564 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3940
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
    1⤵
      PID:3692

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Defense Evasion

    Modify Registry

    1
    T1112

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
      MD5

      fa08f6463ef7be976f91339d5c800cd3

      SHA1

      8f179db874997b62c87d6da487a4b3a4db332a50

      SHA256

      c9b2bbc388046f9e34ce5b00e7624956916650f0b4cc4db3ce9f3ee2fb024af3

      SHA512

      80424f97f0a2b9244a378c0713de0143e7c9165a6545d706c162b6b0554b4c7d012f1f99668b6d1edf098a7190b456307e7ff88241c61c5dbad39b58369faaf3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
      MD5

      f0704d234d472b13e856f90d8649806d

      SHA1

      8b7a926407506c3c3741ca3ff709986d5f1a2387

      SHA256

      6c3cf8e4e67fb4ea86c48e918d6ebdecc2b4903553798d1e0e1fcb73376105dc

      SHA512

      a1cacc0dd2b0f4ffdf082980d288e98c493a6581f09265e13b9f94f9efcc7bb4300aa7346e533761315237038990646d267b0b43ca2e71fabd3c6a9d92ee93e7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
      MD5

      31490d26f782bcce7dd586072c9931f5

      SHA1

      439e50faf905f25891c349117856afad72ea4914

      SHA256

      9e6b7d47d6d658ae4c663fd786b238ef0272814b56ac0a82333d916a139e5510

      SHA512

      5a921859583cb5f09c05a815e34f581673b3af8c49933832384f484c136b88e68961d6f2f8814cce85394bd0eb84c7ad83b4d7414a492af3e060c12eebf9df46

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      MD5

      10987a1d727697d22e9613985bf39eba

      SHA1

      d92fa559cdea14bdc068eb5388f4a8725d9d290c

      SHA256

      8c026af272e0d8eae1ec8978047926e4bbdb2a7ebe0207a738307150e2ed0063

      SHA512

      31910362ff1a6afe47a6abe7d77d1056eb1a1531cc027ae33bb34e1b4b788cd7efe2292278b02548e72b1441c86f85a3376ed46edf4c58a247febf4da91dfb87

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
      MD5

      21b384ab8f79242a8b66c0d2bcf28d14

      SHA1

      2c0a75ba21188dfbb1e5d26361bb7f4ccb5f1c3a

      SHA256

      7b4888ca877ce314415b04b92dffe7acf5f656b99908c9c0e174722b2e2386a4

      SHA512

      a3210cbde79ef024a5b17526b51f22c2ae86b03322e8cc06d8c8ad9c74d5ba7aeef792498198f21d43785b784f463126f686fe14396aef5ccecab63f61530e7e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
      MD5

      df2a71fecd9d60f1bfdaa9cfc5f1bd6f

      SHA1

      86e3dd63a64e6813b6d2022738dd1eaddb38205d

      SHA256

      c9f6f9457b26b44b6b45a55652307c4e458c2fbcf3104533f0f219f3258901ea

      SHA512

      126b81a85df9c3c85ec452ae6f3ff640de3516ee781d207c281d7558b0a2a6a053c52a705bc97accefb3bbf2c4399c56f122a00d11171f6cc0fa3c292c79e27b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
      MD5

      7160aebeaeb28b9f4f6576e6f59248fa

      SHA1

      745d49a38e51e2f7f5000eaa1204885dc71b5e9c

      SHA256

      b1410450143003da0b65b4ec7e32b0db7415f885b736161e8298ceff07f710c0

      SHA512

      46fe4872133fd3b52d6d97fe5e88921178d4fb8ac82427222d2f088fe57a47ef70c0bfe41f5476fe0f2e9caf5c30085808e7ed41b0492680544a39575ed096c2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
      MD5

      e6aed4e0510f62d31cf5d639dc3a099d

      SHA1

      473eb9943fcafc5ffa415f0d0c9d9413e1421b7c

      SHA256

      8b8eef02cde68200f8ba03ea8f183c722d179afe981bdf88ed9d6388f0495206

      SHA512

      65b6b87a90868e929d53ccf6eb19df74f9f2b03ebade383dec7ebfe37c6b58fa9683e29f30db2f7d43171e8ec2f5a51fdd882164530271da516fdeb69eca497f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      MD5

      7b5a8c499b4849c5860c392ce000f06e

      SHA1

      6cf44505ed213a615636ffac39a4ba56b5c09159

      SHA256

      b5eb69d22597aa4761c36e24831bdfdc23fa3b316df059c13b62501c0d9d158e

      SHA512

      510706804ab6088a4c73e130322d492f0ee6a4e11da839a567700af4f13b9ca1ce46c2a4fd3fd8ca280cb59b119ee8e9243a4bff78fbed7655559b69680ad70a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
      MD5

      152956534dda796246c0ea6cc3b18483

      SHA1

      17a5e91b8a7ba311091cec0b94164618a6a84c76

      SHA256

      6afd3d16e9e70d4ce836bbcde00526cdb3272576c863c06d92224ac971cbc4a9

      SHA512

      fd2771d9547b5434504b461bdba7bb8804951c1b634af253cd6ebcec416bcaf903e021f38f64159be00101be28800f390a5c406739b5c23c7796293626c7498b

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\24GAWDHR.cookie
      MD5

      dafc575739546185fb81edeb0419e180

      SHA1

      1f7830ea91c2e6ed5b6cbed618307f325c1bcc84

      SHA256

      1c0988f561aecc21d8168927f7f448db7321be625d6a1f5d67dfb2a6aaf76d34

      SHA512

      0dec2ff8f48be250526bfafd03a2896b97da5d468b7b924fac99e857892a1f3eb287007b70b70cdf2ea281e4942ca5f6f8e7f9a965674535295f145352ca494a

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\L8FJHTL8.cookie
      MD5

      7bdb1398b02ee15fb5481995d3c1442b

      SHA1

      dca8b0262447e9c538e95c301701b5364bcfcbbb

      SHA256

      3b610552cbe74b1aa1980234cead00a5f699fc9167a3d097f5faa4e9277a7e5e

      SHA512

      304f9fe8e10807ca32120a06d64e93d040c05d13f1e39bee8b4ec5d8d8cbf5bd129fd358e7592fc25c7ed24ad88d2a250c6877972912a1b4f2a76a76a84abe7f

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\O66QG05Q.cookie
      MD5

      4293a7e16fc1e24dd9e14831b9648c85

      SHA1

      8e4c2fa903d3455ebf907b7ea16eef6c964ec4dd

      SHA256

      af489ef9d37e0b96763c2c4deecffe7893eea0fb1a5846db74b38e23686cbc86

      SHA512

      aa05e86e26d03f2440f5a2199bae10cbc0bbf21e887b13f169cfc8f03bf84a1ed18080d92f80c6f71d70bf62c88ced410335cf48c48753481730b81cef2e6006

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\P27SNVTL.cookie
      MD5

      449fe8b1eac09f4d3de6db3785f51626

      SHA1

      d47125ca935db2d41dbd26858046df4ab0883dca

      SHA256

      93b19e453a3c21f76a40a4a785546ae1502222d1a368ade9c3999194c7bba044

      SHA512

      9b0f3381428ce59c343b448633d56a8c1a1e4897729d772e458d7c3b9a70dcb23d12d89039e78f563f9bd47b60d68c71c2c8ffb2b3f165d4b787ae33e0dcdb9b

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\ZDPU4FQ4.cookie
      MD5

      1a8662ed71093987057c427aa08183c1

      SHA1

      195ac1085a8f92cf042487089e3c439547b3463d

      SHA256

      55a479a66306d2f26d837ad763e49b7c5df17bbe78d3414dd84cec5f005a75ee

      SHA512

      09c2f98f59876ccaaf3d7af11e82463449498a89630f941bce921032d4a6531f29a73fd3976fcfe810a73fc9a4c670d3872419ea8dd00093ec9db594df21ae58

    • memory/564-114-0x00007FFCBF4D0000-0x00007FFCBF53B000-memory.dmp
      Filesize

      428KB

    • memory/3940-115-0x0000000000000000-mapping.dmp