Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
20-10-2021 22:31
General
-
Target
https://fandiscountlist.su
-
Sample
211020-2fqyrshfd8
Malware Config
Signatures
-
Modifies Internet Explorer settings 1 TTPs 42 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://fandiscountlist.su1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2420 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776MD5
eee214c9f88c07ae5476183fbf914338
SHA16297eb9511be7862c3519a767f284e83a8618854
SHA256ff7a90668ac0500d0a303fa8ee6f996f3610b441a116d0249e67b807f7fb268a
SHA512df12f715206fe7cd9617c9f81e09036cb56850e8341284093c1d9d124f109670391b9f93a370ffb732904d97b97bd62f4fc393cfae9138189f060bc90f387409
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776MD5
3cff76f838ddc507b9e66852fb93e813
SHA18497606264295dc83744cde71fac19c8d1e5251c
SHA256d91875bd035bdaf221b474fa1bbea6bafb9db226bbe135b497cbf9f058d543ed
SHA5125303318e9075ad6c69790dd117b5843b08b19ee235e399d8dff8129e60566f23550b03cc9e0a3613a13495a36162e00c875ff4551023f2cdbad48018e1fe3b9a
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\94OWIR5I.cookieMD5
05a1bb2f04388de97a6dc67961a71514
SHA18329b74329cd5871861354bb320d0c633f395404
SHA256276704fd18073a976a5b1bf74e4a6c62f5392ab0f24fa9c8d31af3186c134c3c
SHA5128092b6686e6e4dc0f58bdf7053eb8e2570232bb19a11ac7f329ff2cc0ea1edf6e52c40363c3511882cb3bba8e57a4b1e48d7f56852a48deaca73d5a46971b64f
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\9ROIVOMR.cookieMD5
7f7aa9f336897d16faa720081796396b
SHA1c1beb61d4c6a83d27d23897321ec50d83eea1263
SHA256041639578d2b69996947af479b9c88223b26caf7d7eb198db244774532c77663
SHA5127e03fdb8f0587eb0479cb77d64e9ef61e00d0bb96d20ebbd15e7d869ab024b58956e107e90590e8a4e1bc39450cea6e24c493615a8a87cb1d57ced739830db1b
-
memory/888-140-0x0000000000000000-mapping.dmp
-
memory/2420-145-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-124-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-123-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-149-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-125-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-127-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-128-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-129-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-131-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-132-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-134-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-135-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-136-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-137-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-138-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-150-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-141-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-142-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-144-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-115-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-117-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-122-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-121-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-151-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-155-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-156-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-157-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-163-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-164-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-165-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-166-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-167-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-168-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-169-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-173-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-174-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-177-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-178-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-179-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-120-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-119-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-147-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB
-
memory/2420-116-0x00007FFA36A50000-0x00007FFA36ABB000-memory.dmpFilesize
428KB