Analysis

  • max time kernel
    149s
  • max time network
    147s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    11-06-2021 03:13

General

  • Target

    http://www.getmotivatedbuddies.com

  • Sample

    210611-m59felha2j

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.getmotivatedbuddies.com
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:740
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:740 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3984

Network

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
    MD5

    6c9d7335581aad68a97c8651f474f247

    SHA1

    c85ceebbfc152ee38955e1e677c6c0529383d442

    SHA256

    1ced81b3342e00024e68783e8c12177553655371248312d887410b1069734d37

    SHA512

    db983e883dbe5ac06482f54460d8395fbe11cb7fc22aa78d6cfe239f3c45316f8024655ab7a8dd7fd8f28d881150fe1bb8611a21b36af869b5a1fecdb89538ac

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    6da3f673f86b0160bbc562da296b02e2

    SHA1

    4b580ddc267f73832140f32c43c645ed04cbb505

    SHA256

    cea2e743ec6800934ebab7a70c081652434cd3117d2cf0d80c370d224889a889

    SHA512

    3912f054306ba8d69453431644324c79e8846a3f1bed8d459b895cb9097197848a77b20a894540475157be47e5759097860a6d8fb65cee7ba7e3b8d07e4e7fd8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
    MD5

    6eec4fd7b63862772cd27236afa8df42

    SHA1

    3e88ba24bd67164a7a23b12479bb2240d9bbe396

    SHA256

    c8dbf29a64bd19425d670fa773a0de234fe3af8eac26d1b87e3ac2afa7cd938d

    SHA512

    6a160db1c792e72b3571248d1f0c47f2ebcbc23edb64546b201a2f27655e560532e85c3515b93619062333c261e8fefb40384fb548546f016f2776b3819da940

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
    MD5

    f1d75690595d176370b14f8a4150222d

    SHA1

    50427c05394c81dd455d4903ae46bbe69c3e2b43

    SHA256

    bc3cab316c988120a9736fc14991c35b53d15e876cbb09c5052c0e6999f0b37a

    SHA512

    14cc1f731ab89c6ad979e4ba2883783e7f56162c8df4e4bcd8dfb56c0d058d96d49091164b674e8d522c68740560a7c6b62d7d03abac65163863f60031d5fa0b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    3cf1d0a5a69882457352b13fc84000b1

    SHA1

    48e4e7f460e393b16532ba9d2d402bf1a270e13a

    SHA256

    4e4c3d579fc112737b74f4cf5323bb21c6bae39ffaf360374f6ac5c64a94d96a

    SHA512

    cde434de851321f0743dedd544cc9debe91b9c9707d8a91199fdab1278ab0d22bd001dfc56f370388188b2bd87cfc5e68cc813e85efd427ecfa26ce759c699b9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
    MD5

    6d064ddce01bdd9963b547680b3a6c4b

    SHA1

    5802c8b5d19d87476874243bb989de240be0b3a5

    SHA256

    5e43efd7f8ac0772ddeb77577d213cdbbcbc89cfc65b24cf2469f99ebd0cae85

    SHA512

    0586f3f3694967f0d14eb9c1a41e586e95c71d3ba7f10a37a3bf812c51c9df4cdfae26f7928bf14569ed8b6e9b4bd7a3aaaa30395c6cc2d805eb9f3c040f9fcf

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\YW1HX7MR.cookie
    MD5

    1ecbe0b185edd32bb247a887e0b61104

    SHA1

    67b7e53842e9017a8f4d466cfb9d5e0fed1b03be

    SHA256

    904483b1d0583956e465af765f5f77e94d9a02e13a9523e8795bac87e454be74

    SHA512

    2690bbcd1883af2c4059af0d06ed30f7b0cb2f43ba5439c8f80e9d17a2ca770c12f85601be4a240001de98e2650c26abd02a3786cf8ade40b59a638a9a854474

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\ZO66U3OC.cookie
    MD5

    0388f8abe47ff5abf9cd8485427de2b9

    SHA1

    8c55932b71dbc73e94886ac9ace956539a62da9a

    SHA256

    32bb0aaa78a533675cefa51ee62c6bee7dcef3e07714a6dd7aff4f32eacd7b3c

    SHA512

    ef7d18ac7bfe07b7aeb419940dff09141606baec6330bbd239f9db683adb0331a67aa56287dc579fe4712b7ce3ead372d512fae10c293c58d4d3dcddfd00cb3b

  • memory/740-114-0x00007FFD237E0000-0x00007FFD2384B000-memory.dmp
    Filesize

    428KB

  • memory/3984-115-0x0000000000000000-mapping.dmp