Analysis
-
max time kernel
116s -
max time network
135s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
21-06-2021 05:06
General
-
Target
https://exitmagall.xyz/iduew73
-
Sample
210621-mykyk3wv4n
Malware Config
Signatures
-
Program crash 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 38 IoCs
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 12 IoCs
-
Suspicious use of WriteProcessMemory 16 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://exitmagall.xyz/iduew731⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:684 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 22523⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:684 CREDAT:340994 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:684 CREDAT:275473 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015MD5
0fd27a8cd1eb2839b28fe784ea3b60b8
SHA14210ca1299b17473b6131bc4eed72623dbcd69a9
SHA2568df9ffe1480f0ec4cfc069dc3cf51606e6bb8f1e87299bf0c28f6ff9a71c4fcd
SHA5123a4ce1bac7dad8bdd10b94ebc0a6a999428b053c65c9d9dbdc4088ed0e4177d5970ba6cad1ea6ba2d67e6fabfd9fc751de25a1b9cb75aeea2968493b0fa541ab
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNQMQDEL\6Z8SRV8M.htmMD5
ebc41eaa231a2639432fb73307408d0b
SHA1b55295554146a36c0ed746ff4eef501a5960947e
SHA2567cbc3fb8b88bceea83aee3b5b27ef3fd8ea1e459090c9f094145d5e92016d5e6
SHA5121b7cdb6b451817cbd1f5c9894153c9906b177e3cf93da0b6bcbd1200adc6e5ef83c61f46519c500eec1d275a9e5a98a32cdba4b411f13d9c7c550dee25b1d8eb
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\8ZFE5THI.txtMD5
615c7316b01b3f5b1006bb12bfc7a3b5
SHA1f148ad71bea3a0d3c8cf39db88cd5324fa7960ee
SHA256b830d0ca9a7c9b2767b9d5582a01ff6a5906507fbb5ec4fac4bdd42515cd63b4
SHA5125c694c7e0b6346de4baadb628cb893aa1159331be99a57c69c8d94e13544366a7bc46849276ca0031d3a004af795145684e8d668262643de4913f9c22f142a3a
-
memory/316-64-0x0000000000000000-mapping.dmp
-
memory/856-62-0x0000000000000000-mapping.dmp
-
memory/856-63-0x0000000000450000-0x0000000000514000-memory.dmpFilesize
784KB
-
memory/1596-65-0x0000000000000000-mapping.dmp
-
memory/2000-60-0x0000000000000000-mapping.dmp
-
memory/2000-61-0x0000000075C71000-0x0000000075C73000-memory.dmpFilesize
8KB