Analysis

  • max time kernel
    111s
  • max time network
    184s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    16-05-2022 14:13

General

  • Target

    https://kognmud.compley.sbs/IFpnSK1LkZW1sa2I9andoaXRlQGV2b2xlbnRoZWFsdGguY29tJmdpZj1z

Score
5/10

Malware Config

Signatures

  • Detected potential entity reuse from brand microsoft.
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://kognmud.compley.sbs/IFpnSK1LkZW1sa2I9andoaXRlQGV2b2xlbnRoZWFsdGguY29tJmdpZj1z
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2028 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:944

Network

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    60KB

    MD5

    b9f21d8db36e88831e5352bb82c438b3

    SHA1

    4a3c330954f9f65a2f5fd7e55800e46ce228a3e2

    SHA256

    998e0209690a48ed33b79af30fc13851e3e3416bed97e3679b6030c10cab361e

    SHA512

    d4a2ac7c14227fbaf8b532398fb69053f0a0d913273f6917027c8cadbba80113fdbec20c2a7eb31b7bb57c99f9fdeccf8576be5f39346d8b564fc72fb1699476

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ab8ecc55514b65b7a358b23a427e8ca8

    SHA1

    009b1f23482daf00e77d444d87ab2a4acd42ec33

    SHA256

    ecfb80d651fca4053de48ed025889e9f14c49920e205e3d88d25ca003718fa67

    SHA512

    1b302983efb64dafce9b5b7f828cbbcaf4dc98407fd92159416329f7f2d946c7937c3211c84428ac0fabf725e165ac99089d2409b548a5d9592a0c465b4986b7

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ezmz917\imagestore.dat
    Filesize

    22KB

    MD5

    1bea0a7a6b65ff1a5be76e8a08f426fb

    SHA1

    96824ab2461278f4c5726d37ae34590866d89047

    SHA256

    004ac00bc64a16c9da8ffe8edece846bebabf5aab4a1ca96fc882ae924138804

    SHA512

    5d9c1b3c890288827c92e980710252ff404f57f34e6e1cdb501c5edc39f80dff5b6320920168284e33ece35d914c74cd7bbfa3b372b3d4e4743a4f163179242c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\XG8P3039.txt
    Filesize

    598B

    MD5

    ffbf4529d86990df3babd8480b22ee7d

    SHA1

    85282c0ee4ba7446be1321d01b9f945fa510d817

    SHA256

    075e5721cac36690b4cc96c96a7612dca0da48f10f37348204694cff26772371

    SHA512

    7dfe4770972a65b21a2d9e3398171c148cb631869714f8dbab0079e0eac5472671410d619ccb928becfaa3dc75564d062549cc73e4d34332b54620e9722b3dbe