Analysis

  • max time kernel
    142s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    20-05-2022 17:55

General

  • Target

    http://yaohouo.com

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 30 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://yaohouo.com
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1208
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1208 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1156

Network

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e1f75c8a491f849d989dd4111e5b76d1

    SHA1

    977fad1611ccffb0fb194c57b4ab4227c7c14728

    SHA256

    8a290ddceffcbf5026457c55c9520d17e2b7491edf8942babd7ffafe73110ea5

    SHA512

    3d841d746cf9655d8d9e35ccffa0f80912c599ab14b3d46bb4b1387379586f54bdf670248269537d535f258f487a0f7e9bfae6627d7af8d8d03aba6fc57f4b92

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9os4y76\imagestore.dat
    Filesize

    5KB

    MD5

    58b67e7f6d9de230eaf16c2d91b934fa

    SHA1

    69894130aed57810532a4fc04ce4d20defbb90aa

    SHA256

    7e6ab8181c7b4dae4d504a95662d44e7fa41bad9f65f8898e20f1a1503fbfb6b

    SHA512

    5e5d316f42d5b2df03fb2ceab5f3be38028dcb838519869920161e5f92ece1bda4f63c2c10aaa22d3b6bf855480e5d2897b2d0b4dab872e11ad911736b54a0b5

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J2W67U9P\favicon[1].ico
    Filesize

    1KB

    MD5

    178819cc32a7774822e3550c57cd20aa

    SHA1

    c8050ec440e8cc1367a6115934edc0bf94a0d343

    SHA256

    8565aaa87282f585b8a021ee0e693f662eb179df62890d01e086cc9f23dec1d2

    SHA512

    794c0578a7521c093c27a5592ab6f4874742f6db4c53e9b0b07acfecabf8575117ff1808ff0f0426594f4981f5933c756647b146b7ac815decaa9c5fcec246fa

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\8BWSPB4P.txt
    Filesize

    603B

    MD5

    da6a80158d59727106a92ee41423c298

    SHA1

    31c8aee9dc82fdd09f56397a2c079980e62e8226

    SHA256

    cbe8dfc8ce15ba5963f29308445cfac41d1586b18ce9c2064fc0ef2194ef5cab

    SHA512

    426bf23906e625cda42c55abdd586801a934d9348ad099820a3acc61fb7369bb541633f96b6bdb69931cbf49983b68f782cc8786ee2a88b6fe92a17aa6edbb34