Analysis

  • max time kernel
    139s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    24/04/2022, 10:38

General

  • Target

    http://zerit.top/dl/build2.exe

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://zerit.top/dl/build2.exe
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2912
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:408
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
    1⤵
      PID:3476

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

            Filesize

            471B

            MD5

            d88b60888c2c6845f9499375071fcd14

            SHA1

            c73d433d4129bce3d86c1044e06d204b5ed76313

            SHA256

            2490266cbf24372b19047c780b8c331dc6668a045c641d156cc4c284843fc5c0

            SHA512

            ecf796cbff7414c685ef6a4aebcf51858bf69d3d373f4a5c90ed35512cf09d636f114de9493aa9c3c175e120c841a43e907c42f6a8d7c89af09d753a399f2740

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

            Filesize

            434B

            MD5

            2f8fab3a1f291abb53c83aeca4678801

            SHA1

            90ecb4334d521f5c73deafed89a1becb0e3b0542

            SHA256

            b536391cd57031878f5ad8e1cab78e86a9b6521cd27da48932dd6822ed9cdc55

            SHA512

            695b4ec2dc82482647aa449c16c0780d1446c62cdd86a9557d7742b587a62ed9e8586e5bf0861eeae80378ce7c2b2a8eabda6b5de134d9382da0f1ab316faa53