Analysis
-
max time kernel
123s -
max time network
144s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
26-10-2021 10:51
General
-
Target
https://secureemail.umm.edu/b/b.e?r=aleat%40evolenthealth.com&n=Fc%2FQIc6vrsS%2Bf%2F4cZYUDEA%3D%3D
-
Sample
211026-mx8gtahhfk
Malware Config
Signatures
-
Modifies Internet Explorer settings 1 TTPs 39 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://secureemail.umm.edu/b/b.e?r=aleat%40evolenthealth.com&n=Fc%2FQIc6vrsS%2Bf%2F4cZYUDEA%3D%3D1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5054D3D7526395AFD1BB54714B2BD386_4143E5AE9BB82AEC3127C79FFCD73452MD5
08c6c40acd0ae42b6383f9d08d70493a
SHA18c4bf3b43d283ae01ffc8dc7c07f8ec1d946d1f5
SHA2569117296a4305a8637ad308543ecb43511ec30935135bfc8cf03b88c5afd787e5
SHA5123741a5fbd43b601a6cbf7cd35dc50f14b854afe0512ff4b9436a6e1d46e54a324ffe28abd8f221b3ed640ab79b91e44d2be877477fb964b28d52a73f28598eee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A37B8BA80004D3266CB4D93B2052DC10_36F39750452E59840DABDBAB8F8B2E8FMD5
167bc24d35f835342156e8a2b90b0aee
SHA198e4a70bc0d35540ec2272d9e9752d6577f15f8d
SHA2564b528dd9a01dee496e2934b3265bfaae0e9dea5070355cdeb7eb90161b7c5417
SHA5122e71af8bbf4c84c995928bdc919ed83606caf57b7923aab320755a6e45118f94c8c416f5d13c9151e6dceb1fd6f9587f49a59b76fd14cf011286713a0181b692
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A9A2923BC865F3B679E3C71FB2AB7C8F_7DC37CFD3C23CAEEED5F14A81380DC43MD5
5f8f88a2e30d2488f8f0abc8d17ac499
SHA1ae0a6b57e0148715e6c5624e862ea59250a65860
SHA256bf05bc1211a1fb2d3185d0ed367a8f1fe96bb5b2988b0f371ec0ba50f9703d08
SHA512be58b2b00243ac931718f65e2c87a693347ca0d468a5173b8d91365286e26cbf52059b76cb36ba20c77d8aecfdbfd746bc119f494d14c20624fe1b02afc9bb05
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5054D3D7526395AFD1BB54714B2BD386_4143E5AE9BB82AEC3127C79FFCD73452MD5
57f56a79b0135586d954506c26fa1d87
SHA1c01ac7a414f0b02d5ad3b1cd369430f984157845
SHA256b3b207d7a11f05cb9124baedc79b81760877ede76deefe4d10bb89aaa20efe97
SHA512134c0e8d82f72132f81f3e1b30bb8fc2d1642993b3df05c8dc1adfc1068aa6e5cd73f011d7ae6862df36784c4a7a9e54a573eb6dc34022f01b1669c9ca37d50e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A37B8BA80004D3266CB4D93B2052DC10_36F39750452E59840DABDBAB8F8B2E8FMD5
9a2a36db9d83e83883be61331f2d2dd5
SHA155d04b0084d677a04e6564b96a01bf2f4bd14696
SHA256d60930acfe5558760ddebd41199c1400b58fb967928c286b77df5fc0fe134b72
SHA51203d79fa1dad50d5e1b718881cfd7f985eb706ee45a737cc89f95a9d1987b0f9c1bd650c6f2569edfda459c7f26ae7f40efe949b0f5fe3e254dac619e2c17ccb8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A9A2923BC865F3B679E3C71FB2AB7C8F_7DC37CFD3C23CAEEED5F14A81380DC43MD5
77af8b20df0cf242692d8ec8b2e624a4
SHA1af70e7bb063d064e50bd2bb52f6de5e13b17c137
SHA256e82c3e85a963e634523f5b3a3b9749b8c9e5767a33151688897d3bd3645f52a5
SHA512b297713230efe953d0dcbf9ca229ddb0878bedddfc75c674100e6f630700f630e0415eb5a613cb4d55c6d562e63d31420066aa210545402cba6afb38574714c4
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\4K03ZFOV.cookieMD5
73cbe899e70b5b662b1bed0c8c2de567
SHA14795a0d6c4bbe43eef5ad5d62c09f65541bd02bf
SHA256b3a364f0f7c9a665f6be09a74195dfd000e198e0846f7a0a2a99b3af7083e53f
SHA51270bf4947ac4554dc11d5ff7526ed604bb723ee91acf46e874050204253c77ce37ce4ab702432e5f7ff5b5654664237a068480449ac24c4595b45e06b299b8139
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\T0Q3HMRF.cookieMD5
58807af3ceb798671baa93a08ac81104
SHA1ff62afad89a578fecac2063570f64b0423c401f3
SHA256b8c64f62b7914660f16449e14e12eb838f836d1c3b8550a983e831cc244dce5d
SHA512685b9b0440a644be3964ecc811c6edf00707e7442eea309f956c4bb02f5a96e15d81168af52c5833c4f71bdc5f4ed9a6e3f5e290daf5fe83331bd47ed9776433
-
memory/1216-140-0x0000000000000000-mapping.dmp
-
memory/2756-138-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-150-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-122-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-123-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-124-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-125-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-127-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-128-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-129-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-131-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-132-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-134-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-135-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-136-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-137-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-119-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-141-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-142-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-144-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-145-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-147-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-121-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-149-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-151-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-155-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-156-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-157-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-163-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-164-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-165-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-166-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-167-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-168-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-169-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-120-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-117-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-116-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-115-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-173-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-175-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-178-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB
-
memory/2756-179-0x00007FF9AC260000-0x00007FF9AC2CB000-memory.dmpFilesize
428KB