Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    07-10-2021 02:16

General

  • Target

    http://mss8cb1sp.k16fq3x.shop/zhzc.php?anli=maidl&v=us1633559217670

  • Sample

    211007-cqkgascacl

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of SetWindowsHookEx 25 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://mss8cb1sp.k16fq3x.shop/zhzc.php?anli=maidl&v=us1633559217670
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1552
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1552 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:3504

Network

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    dc34cc9727d7e94b8e3331515d4c51b9

    SHA1

    76669e23763505f37562efce970397cece194dcb

    SHA256

    4106455d3cc0646e27ff696ac2030db43b8291e06a33d4d5d179ef03425e1bfd

    SHA512

    8e858e38992c3b1b138bf3993ddfdca979bf865b032a878c3123aa232478f2e8bd5c006057387084870b02edb401fb1710d1b3c55db55278c74c548674fd4c5c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    a36852cff769395d9e10e8fa711401d6

    SHA1

    7382d1fd57a4396db24b56af1228eea2a4f3bd60

    SHA256

    037c1fd446e6dd5dd1a9bdcb60589192b9de3a0b2be94bf9fe295e06f1aa170b

    SHA512

    e0c3ff26117f392640a0c477e375823b8ac88ac36e9012454a61d1eaca74cd1a76f303677cdeeb374348b6bc5b9e4c00c4af241445531353fef71ebd22777a84

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\MUK81QS3.cookie
    MD5

    f83a65c495d38be83f3b9b4347cde142

    SHA1

    52b5de86d7e150a8caf8a176ae9f5dc9af097f2b

    SHA256

    cb222b06c3589b4c08fa368ebd7c4d5ef8755b8bcab4ff7b024c3c75ddcfa511

    SHA512

    eb141ad3be072888b14aec33f55142c3401c2489e76f81855e1c9d52c46d1e4de5b2cc88a5080806d5ec81657f37d2e3977ba63cee0f101c013c8d01d91aad48

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\XKC5RXJS.cookie
    MD5

    52e07782d059601b6d510ead14f58c1c

    SHA1

    6abfcb555c695d744d8a0977e3177cf18150d809

    SHA256

    31b74254b0bca9a6100f820eff8d37cdede792760ff191f85f185a222d96db11

    SHA512

    7d7f6fac23fc705932c30e40a85d8d745c43dce7bad89f8478c5bb13ffe3a5426d2f07696b63145807903c2d0d07999abc505e53dedb3baf3f388be9fc557387

  • memory/1552-115-0x00007FFF3F160000-0x00007FFF3F1CB000-memory.dmp
    Filesize

    428KB

  • memory/3504-116-0x0000000000000000-mapping.dmp