Analysis
-
max time kernel
133s -
max time network
131s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
29-10-2021 20:42
General
-
Target
https://forms.office.com/r/aBEBzrRgFD
Malware Config
Signatures
-
Detected potential entity reuse from brand microsoft.
-
Modifies Internet Explorer settings 1 TTPs 58 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://forms.office.com/r/aBEBzrRgFD1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4092 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776MD5
a8835db529d0dafeba4be63477251216
SHA10699c7513959c1337ef4f8e606d4a4238dfffd12
SHA256289077378a90459a199f40f7610e4ec15d7f11a2f6a5528c0e6f094afb5200a5
SHA51247b805e0994d85b66202dab0d60045786eee485897cb483f750454ef3d81ce68515511dddc8a13e4d80776328687279eef14d966d77856c27ee2fdedafe074c4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776MD5
6b2d44ee64c71e3abf13886e4b4b2991
SHA14a512f5818acefc2ed0f7cae010d56e519e718f9
SHA256f88aeefaf78be3cb4819c07dc40a8aeb733c07bebadb8f195f7162ae7e69e396
SHA5123651cbd59f59eed4a62ab7f26b2695ce153550a19f15e3c9a1fe0074f643388f4aba6dfeef7b310ce008f5c527a1df1920d7f652d4089247fe3610c88100d00f
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\K6HTK135.cookieMD5
9a92447db16af97315f815a71944fd6b
SHA13e6f2b37da15e746b0dcf9f80daa7389ce65e1ab
SHA25676641ac1ddbf28b390f02a518aa93bb4b00da91301beebd8cb2dff8db2c2f858
SHA512a2d9dd453831030d47836f7b4aa2d1f8268296009aee856f3751369624148bfb799efa81a33ff489665689dafd279595ec20532ef713139e8260705d2640431d
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\PX7PV7CT.cookieMD5
6936cc561f62119dca63fc58c427e3cb
SHA17f475fda7f1d706419eeb8329ed8d83d44a0f52f
SHA25646b6a86d0b60dd319c0a2d113df6c72d9b4e57fdfd4d9e0d4b93d667918466ca
SHA512dfe959e5f098e15fbf06541f4b86de08812a167ed049484eec954461d1198a63a59f3c1bda21b2ebb25c361ec3208a2f4b6eccc1163564b278cace2e84778b04
-
memory/2216-140-0x0000000000000000-mapping.dmp
-
memory/4092-145-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-124-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-123-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-149-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-125-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-127-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-128-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-129-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-131-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-132-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-133-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-135-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-136-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-137-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-138-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-150-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-141-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-142-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-144-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-115-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-117-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-122-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-121-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-151-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-155-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-156-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-157-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-163-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-164-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-165-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-166-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-167-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-168-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-169-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-170-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-171-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-174-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-175-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-176-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-120-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-119-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-147-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB
-
memory/4092-116-0x00007FF915A40000-0x00007FF915AAB000-memory.dmpFilesize
428KB