hxxp://167[.]89[.]118[.]52[.]80 | Triage

Analysis

max time kernel
533s
max time network
1445s
platform
windows7_x64
resource
win7-20220310-es
submitted
20-03-2022 23:40

Sharing

Report Analysis Logs

General

Target

http://167.89.118.52.80

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

cmd.exe

pid process

904 cmd.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

taskeng.exe

description	pid	process	target process
PID 1860 wrote to memory of 868	1860	taskeng.exe	default-browser-agent.exe
PID 1860 wrote to memory of 868	1860	taskeng.exe	default-browser-agent.exe
PID 1860 wrote to memory of 868	1860	taskeng.exe	default-browser-agent.exe

C:\Windows\system32\cmd.exe
cmd /c start microsoft-edge:http://167.89.118.52.80
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:904

C:\Windows\system32\taskeng.exe
taskeng.exe {DF2DF427-95B1-4277-9A67-67A9B3455DA2} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
PID:1948

C:\Windows\system32\taskeng.exe
taskeng.exe {9F63D49A-2903-4A89-A303-EA04EAA90ABE} S-1-5-21-2932610838-281738825-1127631353-1000:NXLKCZKF\Admin:Interactive:[1]
1⤵
- Suspicious use of WriteProcessMemory
PID:1860

C:\Program Files\Mozilla Firefox\default-browser-agent.exe
"C:\Program Files\Mozilla Firefox\default-browser-agent.exe" do-task
2⤵
PID:868

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/904-54-0x000007FEFBB51000-0x000007FEFBB53000-memory.dmp

Filesize
8KB

Download
memory/904-69-0x0000000001E80000-0x0000000001E81000-memory.dmp

Filesize
4KB

Download