Resubmissions

15-09-2021 06:58

210915-hrw5dadahq 1

15-09-2021 06:50

210915-hlwxesaab4 1

Analysis

  • max time kernel
    123s
  • max time network
    130s
  • platform
    windows10_x64
  • resource
    win10-en
  • submitted
    15-09-2021 06:58

General

  • Target

    https://tender001.dorik.io/

  • Sample

    210915-hrw5dadahq

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 57 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 28 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://tender001.dorik.io/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4044
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4044 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3432
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4044 CREDAT:148483 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1920

Network

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
    MD5

    54e9306f95f32e50ccd58af19753d929

    SHA1

    eab9457321f34d4dcf7d4a0ac83edc9131bf7c57

    SHA256

    45f94dceb18a8f738a26da09ce4558995a4fe02b971882e8116fc9b59813bb72

    SHA512

    8711a4d866f21cdf4d4e6131ec4cfaf6821d0d22b90946be8b5a09ab868af0270a89bc326f03b858f0361a83c11a1531b894dfd1945e4812ba429a7558791f4f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA
    MD5

    68ca87174cb1d5751aa5d8474cf477e1

    SHA1

    f0beba0103aec96ad705885034a466661c3e2a49

    SHA256

    66a1691c3442c7abc7c31e2e3397b78479fd6302dab0fb84a03bb511f4c7e5a4

    SHA512

    e29a022cbb52cde7e4ed4a17fa5d60cd441950d8e870e21de0df601fe8a816ed39582ad77fc2ac9ed298189f6ef0ed0562177b6460864cc23a77e179878135cf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4
    MD5

    df9d36b73932f7d0866708aa05fb6441

    SHA1

    fbd4a4a91401bdcc8d639eae777ec71cfb2fce25

    SHA256

    b66f1a261fe4be988fd7ce26d1e5bb91469466ca19df602644beb37dc0e0bc53

    SHA512

    d1c7b3f29998c3856e7443d42ca9ccaa9d7b8204974d4f5cad72be8aea8aaaa17f0e4742ed5f3f8dcc4270aa7bcb0aae8c532c21be56d0f3f7a58463d6848909

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    a92e656c2c5d2ba6287657c238a91156

    SHA1

    9b134f639767e19bae50a1f165651deb19e2690f

    SHA256

    e938e26d0122d77f48a18cda0bb2503e8fb4c204c2498c56a027453728640866

    SHA512

    54091ac5922965d4de8e844989a992ebc82d966b869ecaa9e04f36afa7bfca80b71ad8e97105ae366b7969e92da3fbd996b35a01f4f4c0db7b6afab51cdee28a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
    MD5

    acf8c63e4c8e144e92a34afdb42748a4

    SHA1

    d89f9acde9f8368986df02d7f7a67b2bd02873f3

    SHA256

    5a37474f7992b10724fb2865f504cc35d9f1288b2f58dc683c00f1ad3580e7fb

    SHA512

    52148239c119ba75a290f6ad5386bbefc799a1e840935ffa3d213ecb0b26a10e3ae4a3c80f140c33e0dd1f8a5391ffdc3cb398a2944e88ec3feb7f25ff021120

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691
    MD5

    c1f4071bfae37e351bcf4017ea95277d

    SHA1

    cfcf010b3628e8ce0e2af0f48b5ff6c7af76dc47

    SHA256

    37d43bd670f73560382b613d186962c55eeeb01ab0bdfbe229ce33916397e93c

    SHA512

    e47d272151426f04bb3ddb6821efea6281c3e908e45a3bcff517b4080c4694560b63b0dd3760c65929bce4092d1a94f221b4346ff104d79d365bb55d4842969f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
    MD5

    37f1bf90a3d480c37e94985521d9a353

    SHA1

    2f4a34fa12fae00980ec99c84cb7b3c43654d75c

    SHA256

    cae95e9f6ee8fa5a3ebb83ee5586ca5b2166743e44094098f4fc70ca7a6677f0

    SHA512

    bb06259db853b7a84abf4b89e964cedcedf72a742af0ea783bf95c9c15753116bb7d1db32df4c65f3173373a9fb0a160c015ec6a67d7b501e170aeee17961923

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA
    MD5

    ed19b27188ece565ce55ce99819fcd19

    SHA1

    42768c83f77aec9a625a1b5526f6a4d1157ee524

    SHA256

    f6bb0a3695d88f6685fc49e4c95b4e3d95e2ef10c1412f281c683fb4d30cf998

    SHA512

    efdc07b16dc07ce2755a972c100b36e5ad9591fe7ff05e4212560277cf1335ddefc7c3baa33c8bd6f9f1dcad3e8d442033c254305fbb26e7b0f5874cd8726cbe

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4
    MD5

    a8b1401b31e0bade2b31f3b59ed75190

    SHA1

    6a13d9f5a961a78e109b60fb38072ba919d235d4

    SHA256

    0bab44181b975c68a3e617354194a775a9cf1e66ee714504b0377858fe72386a

    SHA512

    1327061cd9b62ee05e916471286af021766325ad6a718d582d0f9172a1b5a7943aaee0b4da4ecc80fd8fe0dac43efc5cca8355887255681c1f3a3980b98dd53a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    3af3fa16e0d5d05502397aca4816987f

    SHA1

    4fcb8df504e1acfdad9e16e6840fa65adec9e926

    SHA256

    5736c5d82b2d7db87aa6f37d16acda4e633b1aeb8d12023ad55caa56c81a9198

    SHA512

    534fb8cfd56d88f97144d197d77755acffab46512c323a22750c30d6e2ad24a9dcdd28d049a269dcf742080a0e48e98b932c0b00b07b6522f6e1a429001cc1ea

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
    MD5

    ef9cb14051e63abc2580a8dfe23bbb61

    SHA1

    f8067e9dab87d518dc99c50bde6cb75ceb127c8b

    SHA256

    b708c07a6a76b9222de3c84026422053a1c08c807539d31ef538dc160fef72d5

    SHA512

    1eecb5db76409943f5606650d87c8a7cdc4fbda94f2f8db4e8d9f92913054adbe115b9d14882c5f7f6c754e200eef55e71882de1c77b1e368cb5ec82f32b6fb2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691
    MD5

    9dcaa9eda91d11efe04208a92542ed0a

    SHA1

    be7aba6b79f1331f983a2cfd0b528bac6e79297b

    SHA256

    686e61ffb3696064025b001d7cf842ef573c3a806371eb9dec84197d0677f991

    SHA512

    afffceaa8cb0a66e62f1a9907e1aceaec4a4dd6ea671b148bb899981b3074aa2ae73afe583f24ac4b0ac3bb47a746d26f28dd5e8d77327e05c50d24798339c08

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\1694MPGP.cookie
    MD5

    12f6a0aa6f93fb3587cc10168eb25ed3

    SHA1

    7ced61a94953354cb91dc29cac874fb5cb191a15

    SHA256

    2d50172535aa810d7993c9a9b6b958b8085b11338c1b5af6d48f3928fee881fb

    SHA512

    5e77df40dca1b12413b1aa8cb6816388a12c2ecefc9b8460e90c7ebf307b48d6af562edf64c5d2aba50e4b957282bc3f8293728eba974e252551f4925b76ac49

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\2JFN3933.cookie
    MD5

    e22e77d6ceb6f2519e0cdb359a53ec1a

    SHA1

    12cb21311f5e3f723ec66981fc6f9162fce83189

    SHA256

    96b07f35b1e890e489c5ecdd850c2b6e868e951749c7096987c8d49395e3fb8c

    SHA512

    83157190e2d5fcf83e86402ba33e8a827d67c9eac534d628e962f810f0c5fc68a31b8dd608a40a00307242f4daa07fb90b7f7742389fd1c271301cc58b09360a

  • memory/1920-121-0x0000000000000000-mapping.dmp
  • memory/3432-116-0x0000000000000000-mapping.dmp
  • memory/4044-115-0x00007FFD3FD10000-0x00007FFD3FD7B000-memory.dmp
    Filesize

    428KB