Analysis

  • max time kernel
    149s
  • max time network
    145s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    26-09-2021 13:43

General

  • Target

    https://highcare.pl/themes/-/-/aramex/

  • Sample

    210926-q1p2eseghk

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://highcare.pl/themes/-/-/aramex/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2384
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2384 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2672

Network

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2543B5AF7D46D42E6CEED21F85143F6A_ABD8AE60ABAEECAA55A98896C4DD4FE4
    MD5

    b9435cc757dc5cd827c8e77efa3764b9

    SHA1

    b29c171f7fa5e1321fc0c7ecf6473ff6b44a52d5

    SHA256

    1291a44861a39c8a9bb4430d9b791a5985ad57b2c921d4d383b9ecc62d9d54af

    SHA512

    51e5611e03a75272a912dff85d2a194ded6e920c6f37f0e60ce06ba543f906eb9f17dba7733152918e1acbf706bdb0272d1fae6503b834c99cbdeccfc0bbb40a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_A30EA9B4E1BC5DBF09A8EF399E086D27
    MD5

    724216bd66e7f7d9587807462c748854

    SHA1

    3a7d55bdb7750269df04a2ca6e3a22ae904497fe

    SHA256

    1be63d80ae221c1f448f6610eae65047505fec4b50485b2a137a1714367cfc00

    SHA512

    caaa87ada1aedf9e600ee8c8c82dec21f28f3751de7bb6795b66826e6a648760df450fde9cff2c0d5d568b6d6c1c410a0f822637b82e154a761df3833ef037a9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    ce98c91d236b64b56ca87fc7186af2c5

    SHA1

    ed75a894a924e03763b46178ae1a6842f91b7a24

    SHA256

    d28dc7a774741853733d1e6e385f27c910d0b97eda6f0a1ca47580e85c6e484a

    SHA512

    2787eede0e61b8e938a7fc47534b8d2aa31a01920013752bb4877c81e728931b9042a8ef5304b7e919f2e83bc6b1d1726bb1d34888e82f6a0ed4f34512b881dc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2543B5AF7D46D42E6CEED21F85143F6A_ABD8AE60ABAEECAA55A98896C4DD4FE4
    MD5

    f4cbac13bb4ebe832c79609d9f30b37c

    SHA1

    1768450a29a000ca24e3b984d9dd8a0fe9f755cc

    SHA256

    257dccc3e86ab3aa85e5337b28fc527f073ad03cc338bae7dfed9505ad24699f

    SHA512

    62c9a58d0c14c8b6776b947d8456a81917809f39002289c00e725972acee10846d9f0dc5add4ab5a1784d95bd1c740dfbad8ca65cc05f253fb4279e209f658ad

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_A30EA9B4E1BC5DBF09A8EF399E086D27
    MD5

    dd687dfe1af18c2ee458e01d40b87bc4

    SHA1

    29f49f4ad71d4c89f3fd85d304392e0b2bf6b32d

    SHA256

    470df49c56eb2c6c53cf289f96582d9b29e59ea31aac8bbcc04cf2207e560f10

    SHA512

    3ff321618e82d14cf9703ad2d6261530ca862eb38a7143b4277e9fa520b0c8cb4394593426719c50a49c9d27aad36b0b99130ad561f3d17f45145f0ca20cbdbf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    6079ae2b35a358a6cad69dcb2c220b81

    SHA1

    70abd3a4b44f5670d414df4fd6ef3be9d8b6412e

    SHA256

    b2cda5a6c12a4d1f3019e8313836aa2c298d0b00b9d3f119091cdd5529361ee1

    SHA512

    2b1ab527f8028d27d49d19804caca4f9831b28f7b1457f3e375618aad786e2dd12b1aba363958912a33aa81c5eb574e9adbcb6d372135b019b673ef151232e59

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\DXOIIMZZ.cookie
    MD5

    84c9cf2a7e03532d1a148ac872ba5991

    SHA1

    502ec635a9163cb789447428f74844160fe31c4d

    SHA256

    00314a115fb1c6ba39a8f31eb7f412e2c2af7218fe844c6c90d1f63dabfb5d47

    SHA512

    08d20dd4cbc6d45ba5126f7e7182b0a66e2616d971ef8fda1a36b8982d8e5797aa90b519215e8564f7ab378d217a29f5e0bd0550aab345de43f1af55c04a336c

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\G8RMRU8M.cookie
    MD5

    799105a692af1a19409bb31da115976b

    SHA1

    068a1cf8998b90becb34d84208d992a645f37fbe

    SHA256

    d1086e956a81439fffc90330d20efc0b08dc2a0b1a4fcae5ceeb4209198b1350

    SHA512

    ed7184af79db09edf42572ea7ab7a21f5240fd09e5531e28a4bb615979b015c04804b174561933b43c6f675a8169aa46ddb4722ecbd3545ef04f2235284bcc14

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\JL7W9J84.cookie
    MD5

    98081fc4c47eede39bfe8946358c77d5

    SHA1

    499e05ce9ab25b2319df8954f54f33fc8b56697f

    SHA256

    544114d0cf90afad240a511212edf314783a3abe47b3e75baa315db35096eb62

    SHA512

    36802c63b72f892480e4d335dd27a79712fc99fe9d8aa54d474705b47a04977c9143c1f7eba3ad0a89ff66b7577281377223c43990e2216d316aba40e25c292d

  • memory/2384-115-0x00007FFF95B70000-0x00007FFF95BDB000-memory.dmp
    Filesize

    428KB

  • memory/2672-116-0x0000000000000000-mapping.dmp