Resubmissions

14-10-2021 05:46

211014-ggprwagben 1

14-10-2021 05:42

211014-geh7bagbel 1

14-10-2021 05:39

211014-gchsrsgce4 1

14-10-2021 05:30

211014-f7lx8sgbdq 1

Analysis

  • max time kernel
    149s
  • max time network
    147s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    14-10-2021 05:30

General

  • Target

    http://sfwomenleaders.org

  • Sample

    211014-f7lx8sgbdq

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 21 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://sfwomenleaders.org
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2160
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2160 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1304
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2160 CREDAT:214018 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4036

Network

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
    MD5

    62dfa95908bb144287ca1cfc58c0138c

    SHA1

    0a6fb48c00c2c972500151f4486bd55733106b95

    SHA256

    81627223119eee8ba0f9649466c6a3eabfe09406938c2685cfb31f1854ea84ee

    SHA512

    8dc5e05666d26e1bf5f6bc2a3d1aad32c776523e116b3b279bf827ca1a470cf2c0fab7713db6b0f587dc80bd8d22e491d34fadfdb4321ac5f5dc2bfc257eaa52

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
    MD5

    3828ce78943a0567e4ca24295e6f2ec2

    SHA1

    ccd9f14bc6980ff87c53163b3a428c981e7239f5

    SHA256

    10d6c2bc8a14ad4c23e2f47eaa23551a04e24a42f76a9a821a215fe039497737

    SHA512

    6f0a589fc5624cfe7ef7ab1b5dd81a0cd92646a025b9111d12bac058602036f7f0360c336e67ba5aefcd7ccf41f6687784561e44bfddee011216495a9bc980e8

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\4S32P91M.cookie
    MD5

    9dac72c37b9e8eeaffaeec2a526f27b9

    SHA1

    2d9b7de50da99fa21bd218731b838a90cf787226

    SHA256

    1b4b4938f294438064218cb135bb3734b5dbaea755c20334e9ad1d1a1ea5d57c

    SHA512

    88bb2987453a159b260e04967fa702a297a6aaf2324c52740412ef4f375549b02fa2fa784f7cb6a300dcab700b733f592433058596b08ed821f2507df0165996

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\FYOOMCIU.cookie
    MD5

    ae4dfa1c4be327e013f46dea33e2334a

    SHA1

    24a1b4b5a2d964b4f803200bfa91ac6c5c53b406

    SHA256

    cc060fa9b9967541630f3be15eaeec10303e0f8181ba341c8952858ec5038f20

    SHA512

    76790834bcd7e0c61b83da75854cf2e55b2919596c288764c5062f8e2b3bf41aac3bc48a91c95248d2e9a8f1de61f6fbdfa0a5e1234ac591cb249eed544688a1

  • memory/1304-140-0x0000000000000000-mapping.dmp
  • memory/2160-145-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-124-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-123-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-149-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-125-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-127-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-128-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-129-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-131-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-133-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-134-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-135-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-136-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-137-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-138-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-150-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-141-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-142-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-144-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-115-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-117-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-122-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-121-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-151-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-155-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-156-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-157-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-163-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-164-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-165-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-166-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-167-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-168-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-169-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-173-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-116-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-120-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-119-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-178-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-179-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-182-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/2160-147-0x00007FF96B070000-0x00007FF96B0DB000-memory.dmp
    Filesize

    428KB

  • memory/4036-174-0x0000000000000000-mapping.dmp