hxxp://167[.]89[.]118[.]52[.]80 | Triage

Analysis

max time kernel
533s
max time network
1445s
platform
windows7_x64
resource
win7-20220310-es
submitted
20-03-2022 23:40

Sharing

Report Analysis Logs

General

Target

http://167.89.118.52.80

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
904	cmd.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1860 wrote to memory of 868	1860	taskeng.exe	31
PID 1860 wrote to memory of 868	1860	taskeng.exe	31
PID 1860 wrote to memory of 868	1860	taskeng.exe	31

C:\Windows\system32\cmd.exe
cmd /c start microsoft-edge:http://167.89.118.52.80
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:904

C:\Windows\system32\taskeng.exe
taskeng.exe {DF2DF427-95B1-4277-9A67-67A9B3455DA2} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
PID:1948

C:\Windows\system32\taskeng.exe
taskeng.exe {9F63D49A-2903-4A89-A303-EA04EAA90ABE} S-1-5-21-2932610838-281738825-1127631353-1000:NXLKCZKF\Admin:Interactive:[1]
1⤵
- Suspicious use of WriteProcessMemory
PID:1860
- C:\Program Files\Mozilla Firefox\default-browser-agent.exe
  "C:\Program Files\Mozilla Firefox\default-browser-agent.exe" do-task
  2⤵
  PID:868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/904-54-0x000007FEFBB51000-0x000007FEFBB53000-memory.dmp

Filesize
8KB

Download
memory/904-69-0x0000000001E80000-0x0000000001E81000-memory.dmp

Filesize
4KB

Download