Overview

overview

10

Static

static

10

Mr4X5srRQR...AN.exe

windows10_x64

10

OEmxRS9Uai...jI.exe

windows10_x64

10

OvVYhhgvd6...oB.exe

windows10_x64

9

QKvpJeDIaP...YY.exe

windows10_x64

9

QwnNK2SHck...xe.xml

windows10_x64

1

QxZsdXOO8X...jN.exe

windows10_x64

10

QzUu4XgUxQ...C3.exe

windows10_x64

10

SHSPDO6BYD...j9.exe

windows10_x64

10

SqCuVl85T1...Di.exe

windows10_x64

10

T8Ulrjj8F6..._x.exe

windows10_x64

10

Trj0QcTNVE...S9.exe

windows10_x64

10

Uwc7l02Hzj...tU.exe

windows10_x64

6

VoTrXaqIJ3...LW.exe

windows10_x64

10

Wp77te7Dqj...Hr.exe

windows10_x64

9

XOCYAkm_Nn...Q3.exe

windows10_x64

9

Xd_XnNqsZT...Ai.exe

windows10_x64

10

Xr9ca9oQNQ...Z9.exe

windows10_x64

9

XukfUfK8HA...FI.exe

windows10_x64

8

YPTXDeqMC1...ns.exe

windows10_x64

8

ma_5nZD3yo...xT.exe

windows10_x64

10

pnDF_dk604...fi.exe

windows10_x64

10

q_TzaanAkp...91.exe

windows10_x64

9

rgVakr0Eru...xw.exe

windows10_x64

10

t1fkwFYUEZ...r4.exe

windows10_x64

10

tC6gdsFTgl...3x.exe

windows10_x64

10

tGeiUalbSc...xe.xml

windows10_x64

1

uMWmES83od...kJ.exe

windows10_x64

10

v5n1HuUxta...Iu.exe

windows10_x64

10

wTzxLyAQL7...bA.exe

windows10_x64

6

xiGD01oEkh...VJ.exe

windows10_x64

10

yBqNUgvOW6...Fb.exe

windows10_x64

10

Analysis

  • max time kernel
    258s
  • max time network
    279s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    23-08-2021 20:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    QwnNK2SHckcc_GsoTwi8hDi5.exe.xml

  • Size

    223B

  • MD5

    a6a676051f857d516f6c4bec595a7cfb

  • SHA1

    10e7c48a109ffbe60fa7ab3585c4bd711942cbd2

  • SHA256

    98686e602b5f75bbceb801ca315617579ad9ffe9e2df66d49673ea35a7e1f343

  • SHA512

    df302b28e5897bac668ad1ae2b32d2424af7c8cdf4527ac54ea268e6e9fbf41efe28b236af25ceacb5e5acd95b6c99b8cf95fa735687358a265bd59e2b127ba6

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\QwnNK2SHckcc_GsoTwi8hDi5.exe.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4448
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\QwnNK2SHckcc_GsoTwi8hDi5.exe.xml
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:5092
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5092 CREDAT:82945 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3844

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    adf80b4499e2ca831a55d61bf4afcf29

    SHA1

    ee0cf7b14f744da03352610edf39c0daeb141c6b

    SHA256

    7e1358223b9c4f74f62546b4263840edc41b8913fc728928bac321a33d1b8f47

    SHA512

    431d30ab28b2a00a9055ae040efdb0e7d11c670fb03781c8e839a50848ed993439d19504b6c7115c74fedbf52844a4de3c923cca4643e95f0ea2c2473e9880f2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    31d24e8a8d8244bc4584c25dfb680358

    SHA1

    75fe6d9a569700f5f089e8d88e77a929ebb6be13

    SHA256

    73b1087960c3855c70f4d619d60e259610c50fc0f6bb691dc95d0132bd8fc7bd

    SHA512

    d91643ad750ae039669ab45c1aeae46708770c6899a7b4992254890918b6edfa7f0e63c75d38daa4aaa1db05ef335caf99509bb3458929658607b08a84bf396c

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\3UW759P9.cookie
    MD5

    9b6ef10fbe7f06521865f507f3bf82b9

    SHA1

    5e91953a512f7b397be66da40aa2bb16f5daac28

    SHA256

    8745c2463e46dc4ee25a2c9c09ef73f5cafe7c591d56875c9ca22b00e51fba89

    SHA512

    3d945f4f6af26df3ecd16bc4686d3e8d5aeb23b8cd67bc5c9adaa7b97b4e5f97359aadea027d46ca4f9961e869c14fa1ea1824c63a4cb725be0d810826104b4f

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\DV8S7730.cookie
    MD5

    8c1af144c50a4f6fbba2d4dd4d505902

    SHA1

    afd819c99050639d5d4fb8bfb5f32169803be490

    SHA256

    d6c62fcb33d3d99c0fae95729333c4087e70f1c6819a1e87665dff1ddc035320

    SHA512

    6ee9d520984179205fdcb732953fb5aa0dc03934f6c53d51bee5296a8a877a4118018a08a87e976a29635314c6b80034f5ac87b87d7f8b07a0ffd0b1e750264a

    Download Submit
  • memory/3844-125-0x0000000000000000-mapping.dmp
    Download
  • memory/4448-121-0x00007FF9B3A10000-0x00007FF9B3A20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4448-120-0x00007FF9B3A10000-0x00007FF9B3A20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4448-122-0x00007FF9B3A10000-0x00007FF9B3A20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4448-114-0x00007FF9B3A10000-0x00007FF9B3A20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4448-124-0x00007FF9B3A10000-0x00007FF9B3A20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4448-119-0x00007FF9B3A10000-0x00007FF9B3A20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4448-117-0x00007FF9B3A10000-0x00007FF9B3A20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4448-116-0x00007FF9B3A10000-0x00007FF9B3A20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4448-115-0x00007FF9B3A10000-0x00007FF9B3A20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/5092-123-0x00007FF9E6F80000-0x00007FF9E6FEB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/5092-118-0x0000000000000000-mapping.dmp
    Download