Overview

overview

10

Static

static

snxdx/????.url

windows7_x64

6

snxdx/????.url

windows10-2004_x64

6

snxdx/?????.exe

windows7_x64

1

snxdx/?????.exe

windows10-2004_x64

1

snxdx/??????.url

windows7_x64

6

snxdx/??????.url

windows10-2004_x64

6

snxdx/Crac...PI.dll

windows7_x64

10

snxdx/Crac...PI.dll

windows10-2004_x64

10

snxdx/UUWi...er.dll

windows7_x64

1

snxdx/UUWi...er.dll

windows10-2004_x64

3

snxdx/dc.dll

windows7_x64

8

snxdx/dc.dll

windows10-2004_x64

8

snxdx/msvcr120.dll

windows7_x64

3

snxdx/msvcr120.dll

windows10-2004_x64

3

Analysis

  • max time kernel
    147s
  • max time network
    167s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    20-05-2022 04:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    snxdx/????.url

  • Size

    125B

  • MD5

    379cd9bc5f7937f7414191c65d8a4979

  • SHA1

    e0fb340fe107b422f33439512016e68eca29b03d

  • SHA256

    42c63721e8fad25c6454683e82365a3ceb55a4e520b7b15fe8ec022b3db3fc2b

  • SHA512

    f0ce028625e6791c1ca729cf9966516f6c67bfcc40eff50f7c804c5da88a13aac4a55541d47e5adaad3672f8702288ef1b592fb47c335da5be401cc8c6a13d00

Score
6/10
evasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Modifies Internet Explorer settings 1 TTPs 43 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\snxdx\____.url
    1⤵
    • Checks whether UAC is enabled
    PID:1944
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1724 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:844

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    60KB

    MD5

    b9f21d8db36e88831e5352bb82c438b3

    SHA1

    4a3c330954f9f65a2f5fd7e55800e46ce228a3e2

    SHA256

    998e0209690a48ed33b79af30fc13851e3e3416bed97e3679b6030c10cab361e

    SHA512

    d4a2ac7c14227fbaf8b532398fb69053f0a0d913273f6917027c8cadbba80113fdbec20c2a7eb31b7bb57c99f9fdeccf8576be5f39346d8b564fc72fb1699476

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4d19504fde2f6fb57d093d98e3a908e9

    SHA1

    927aa76497e6fe532f0bdbb498bf6b18d4c74210

    SHA256

    6c1bef8bf3699473c00ef6f2c992d19113e056aa4decd220ecd9c388975400d1

    SHA512

    7806a5b1c40733e75db11a2066225148afa94bcafb26f9a3b4039cb3d99ffd921c243c7ceb58b5c924ebea08eb575cad5b03e933d8f160adbff18b710dbe11ae

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    76f5e7c5526e5a7b16a6a1b51661bc52

    SHA1

    86b9804d95ba956bdd563ff9e89eec588de5a8b4

    SHA256

    85f43a48e76b99e7ffac955e114feb8d29d2ed5cf5aed43c8181a2b78e66c929

    SHA512

    498c48ba1d2a16f1fb323016d83fa884d5c308729752f87747cd906e2e8b73d288f0d13c6c2ab0371c883556c38c1c2307ac4242b3259394416e251fd3ec9f6f

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\k007hrg\imagestore.dat
    Filesize

    5KB

    MD5

    e2026561c2f734f62836520321d7ee28

    SHA1

    d062429bd2e6971d7cc8fb72020ebaeee911f381

    SHA256

    20e3e2b0bcee8bf9c0a6fc0e93bbf5585942636e99dc5c2e0b8504b0ecefaa38

    SHA512

    b98500a4d9ccb02f63bbc33024d3947740a19bb8cd21dc1d4dcef85e6b93eeb015a54073df69b0c20916890ec31ba02678ceb12af3cdf5b3557d3cf21945e272

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\KZVQ02XR.txt
    Filesize

    604B

    MD5

    8f69d3d6480ed7cac236ca26d78b4937

    SHA1

    a56eff2cfe0753e18922f45f309685447b13c355

    SHA256

    06d3a024f16f4a4abcf3bd8941433afe06a24428e3a28eb3f51ce0c0f36ba239

    SHA512

    f3141f67549c57f5b8dc71871bcb4c44ac67d546f02bba26a7e046d639f70435cd9924216dfcce7b0bbfa4bd0d59003bec0d1b3a0cf9379726a4306792650844

    Download Submit
  • memory/1944-54-0x000007FEFC2E1000-0x000007FEFC2E3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1944-55-0x00000000003C0000-0x00000000003D0000-memory.dmp
    Filesize

    64KB

    Download