Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    26-09-2021 14:13

General

  • Target

    https://firebasestorage.googleapis.com/v0/b/mrje2n53563ghdgc0eetsra.appspot.com/o/Bn.html?alt=media&token=0f034d1d-cbf4-4703-a4c2-ba4dd123dfc5#tests@test.com

  • Sample

    210926-rjl4waehar

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://firebasestorage.googleapis.com/v0/b/mrje2n53563ghdgc0eetsra.appspot.com/o/Bn.html?alt=media&token=0f034d1d-cbf4-4703-a4c2-ba4dd123dfc5#tests@test.com
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2160
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2160 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2620

Network

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    MD5

    28f3e514f353bd25873a84aeb808527f

    SHA1

    a3c7fa6eefcbf13fa3d4261cb34db5721aee1b28

    SHA256

    3c669eaf705e66de35e607b29d92833029b36bb75ec332e83d2765bb63cfba90

    SHA512

    9b097162c5b25a2f181a02396435d7f7ff09bee576284815e9fdcc893fa9e35766123c5c7e11ef1230becc4e05e11a87b6cd9a24ddda3436ce043cffc668a260

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    MD5

    de27664da1e04c94901fcc3880064613

    SHA1

    aeb52fc87f907dd40ae683c52cf3129d4b27e25a

    SHA256

    7e59ce8a2d7d1e1201e535a3175bfaf239b9f5da7be265c18c5ff1e1bc696282

    SHA512

    2d1e23a6cb1641bb1c393e404950a781cb20e5123c1e85bed129a02cc54b45e84ef49b54bd4a19a0dd48c66693fe119fd4f6b6733c71d34655d4ef67b760fa36

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_3B9C2111EAE052C5BA0EC1CBB6D70DEA
    MD5

    b3b0696d2ec27523c6fbaf967afa6e80

    SHA1

    81360fee58617af76f052ea338335147a4a99585

    SHA256

    23f5c00ee65e6c4a2bea51a5ea065736c7deb385cdfac237b20c89483cd47612

    SHA512

    ccf63b9a1e1caa9793c97bd01c6d2884588ccb13ba29cbfc3a40dd47dd55b4b2e6229d54dc1ac8a37e121cece42186a25e3e143fdf064d2779cc7a8955886926

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    MD5

    488b24010a638764a485500be3c54172

    SHA1

    cb0dff90ebd63d7975af29d9895de01bf7832955

    SHA256

    12561563af4d1b0f7913d62f86ed0eaffd83751b6962701dd100535ec9509dab

    SHA512

    a9c0f09ea2a114ca7c3de17ba7f5cb3c01866d71112dc8da96c6d066aeda502d3d0810021cfb6769612c9227dfa5f2f7047db7fe62ff7f2c5d18b175552a2679

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    MD5

    4d8d67c28ef064359ecca679cfe5b8b1

    SHA1

    b9a290d2b9186f06905485516493d1ac339865bf

    SHA256

    1d17c5e07074557ed0e54c7ee43c47c29cc9ec1878e0b1dbaf58c9469b241e28

    SHA512

    217950d0995f75c71a6d8b2c4c7ca8ffa342b22e10bbd1c6d1fee950e6801c05cddffbb5161f96312f9a9a85a64b4bc170ed374b6435e520f6871916514da6ff

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_3B9C2111EAE052C5BA0EC1CBB6D70DEA
    MD5

    ddf782affef831eea44fd5e59ddfb8c6

    SHA1

    8072570bae5f1f7c7031652578ceb8e7d6521e1a

    SHA256

    f2848db2329074ca811cf6a4deaf274eb2ecc7a99796d0218e514fe5c6bd559b

    SHA512

    08dd6402a5e00d4730f5eb5408cf9111bc735913081975179c79e4bb16605481fd1c5c57421cf2ffbdf8c312b8a50045138defcea65cbc093a1336ad5926d74c

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\M4D4EGJ2.cookie
    MD5

    153d27e4ae2b943bd9447de47f2d2375

    SHA1

    5b4a94c12e11ba426ce9487159cf09659f57cd94

    SHA256

    ec542f2d732ffa787b5c9ed190deff6ee130445a2e8790c329d17d0200048242

    SHA512

    90de64e57e790c97097775907dcb5a0a4ec2cb1db984e044c8dc4e6389ffa2b8ad0b183cf2034863db7eab204e9ad7a9d6526e01491265fe379a34e1bed58d60

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\TQXIPCI4.cookie
    MD5

    24b597ccf471e4c061ae9de4ab6c123f

    SHA1

    6a7cf4452422beaeaf00b142c7ca56f1f9a5c4b3

    SHA256

    7624c5ccff201b5a0e98b4a9a26645f4464f1f5e72a6bd5d54b859bdfd48431e

    SHA512

    cd755a0a552c200cc411a6d95c05c015e51e43c4e72b00ed5a5fd6484161b1f07a5724f4854588ddf5daab04e19072c81959be37e8fbfe05d353c60b2127182d

  • memory/2160-115-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2620-116-0x0000000000000000-mapping.dmp