Analysis
-
max time kernel
149s -
max time network
131s -
platform
windows10_x64 -
resource
win10-en-20211104 -
submitted
12-11-2021 14:46
General
-
Target
Purchase Ledger RemittanceSUP9935681.htm
-
Size
1KB
-
MD5
673ad47c37cb4a2f9a677a385a4836f3
-
SHA1
94a50cdf187a7668948076beb5ac2504b12d2170
-
SHA256
84e48bfe7e3f9e5dbf149a0fb007c83e405b3679b063a4a6f2b1577f1bef5fcd
-
SHA512
22ce75643577aeeb492fccb9993fb7536e85a976d4ccf4bf13d0606cc14fb4389329a0d69e614b6acb1bc05ad1d97bdbe4872b17540cfbf9cc8ed2e50b425610
Malware Config
Signatures
-
Detected potential entity reuse from brand microsoft.
-
Modifies Internet Explorer settings 1 TTPs 49 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Purchase Ledger RemittanceSUP9935681.htm"1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1776 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776MD5
f4344ea497ae75fbc990e1d5cf63c817
SHA19932af3fa15ff699bbf10323af6ca012e24d5374
SHA2568702ef90d9b38ce3382ef8d9c86484cd658220e66ce4fcc3394e57aed064aeaf
SHA5129694149bec3c78e7891c574b01fcbacc8742a8195c763b98313da1e20b0180ed19e3a8342f52451571928050d9900e62e11aaab633b8fe8ad51018a24c69d11c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776MD5
1c931a0a92df974dd26d79dfd5d91f1b
SHA1f6cc2578adfd43c24a5c2d9ea48cb5649e89fa1b
SHA2560656510dfbd26b5b7df9bef49bf964938079297f2da3d08f8477353e8bf6da1e
SHA512a37c331000f658d57c19e17f520266607923e52f7b5bf125c99d56740d04b9abc2cf8cea86d4235a6476871860b8e8efceeb913397b5c8e1db8ca7bd61f95b97
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\KBE6U3VV.cookieMD5
90a4f7816c18f26d4d90bed41a94fa4d
SHA10c24f7bdd0826a61d04590db0ad8b3083cf30154
SHA2568a24ec2d1007521c9c510b9fe89980c4eeff06b7c0ab519fb2ee14628114ec11
SHA51217f70ff28d17e8733b200767f90e2ef6f3ce4c306672533213a41c52cea87b837359e6abb61a73d10a901dcdffa8fc30330d3caeddf5a1ce5527760f7c9265d1
-
memory/1776-146-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-130-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-151-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-125-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-126-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-127-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-128-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-149-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-131-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-132-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-134-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-135-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-148-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-138-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-139-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-140-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-141-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-143-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-119-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-118-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-137-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-123-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-124-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-153-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-154-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-155-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-159-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-160-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-161-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-167-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-168-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-169-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-170-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-171-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-172-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-176-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-178-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-181-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-182-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-122-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/1776-120-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmpFilesize
428KB
-
memory/4312-144-0x0000000000000000-mapping.dmp