Analysis

  • max time kernel
    151s
  • max time network
    170s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    20-05-2022 04:06

General

  • Target

    snxdx/??????.url

  • Size

    325B

  • MD5

    c7728418b7817af20083617d2a7bde97

  • SHA1

    f8cac36816b472018d97e97485e92ee5d7bd4b24

  • SHA256

    d31d7893e0cfd730022933decbcc420c1169c2715ffecb804ba685f30b99df80

  • SHA512

    ff30d9bf14ff78eb3080c5e07aecf3d60827833c475ae6c96ed5f4217ecc2a9a25d1e3c0aa4fee5950cccd2601cd10f4f0c2e8428bfc5795c7c3438455621c21

Score
6/10

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
  • NTFS ADS 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\snxdx\______.url
    1⤵
    • Checks whether UAC is enabled
    PID:760
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:988
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:988 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • NTFS ADS
      • Suspicious use of SetWindowsHookEx
      PID:968

Network

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eb1edf16018338f444c701169bf77ecc

    SHA1

    c3b51cb2f022ee1e8b0d068bfa171c60a5fe36b3

    SHA256

    d2607fa29707ed4304bdba89e5b1b5cf5c9597580ad1442254e5c14d17f87106

    SHA512

    27b67aced6a0f7d354e21081e7963bdbd26f4dfccf9fd6fa4013fa463300ea473f018e53625c829076b54268e6a7c22078952b6a470376bd4fe2e476261856d5

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\k007hrg\imagestore.dat
    Filesize

    20KB

    MD5

    5f1c7e0c37949d65ee2571891e4b79e0

    SHA1

    0b6f0f9d418626af4965a81b4e394bdebc051950

    SHA256

    f34bb2a453c57b4f9b41d5e9b8e4bed04212dc306c99f3612e2f5269a372e98e

    SHA512

    2609bf91f23752be0c6d2dcbf0bb5cc6599d7a69d6e37cf6d491257165b77e0b0d1a9143e0ac73796cffd130a4e0e62f53abb183a50e6186e1833a811a9854de

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\3KP3X56Q.txt
    Filesize

    604B

    MD5

    25f519c81608f02ee0237de17d894ea1

    SHA1

    15493f72aa375184ec8c532a055ab907ea72f495

    SHA256

    0f52f41bb3b34770668275c511810954d7b7a5447c8bcc86675d4a9e880e2759

    SHA512

    17443a251e20580fb78f75370b4acdf6896b1ee83deae388d07d3b6d102ac114a38c71adf4a1cc6a0e38972217dd6a9d9d6630aae0e081489b06914e263efbc6

  • memory/760-54-0x000007FEFC4D1000-0x000007FEFC4D3000-memory.dmp
    Filesize

    8KB

  • memory/760-55-0x0000000001BD0000-0x0000000001BE0000-memory.dmp
    Filesize

    64KB