Resubmissions

21-05-2022 13:13

220521-qf259acehm 10

21-05-2022 13:07

220521-qctppshca9 10

Analysis

  • max time kernel
    128s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    21-05-2022 13:13

General

  • Target

    https://securepubads.g.doubleclick.net/pcs/view?adurl=https%3a%2f%2fwi2qi8.codesandbox.io/?dg=ling-yu.tam@kp.org

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 45 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://securepubads.g.doubleclick.net/pcs/view?adurl=https%3a%2f%2fwi2qi8.codesandbox.io/?dg=ling-yu.tam@kp.org
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1056
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1056 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1352

Network

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    60KB

    MD5

    b9f21d8db36e88831e5352bb82c438b3

    SHA1

    4a3c330954f9f65a2f5fd7e55800e46ce228a3e2

    SHA256

    998e0209690a48ed33b79af30fc13851e3e3416bed97e3679b6030c10cab361e

    SHA512

    d4a2ac7c14227fbaf8b532398fb69053f0a0d913273f6917027c8cadbba80113fdbec20c2a7eb31b7bb57c99f9fdeccf8576be5f39346d8b564fc72fb1699476

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eac14688c5529cf5c769075b84019156

    SHA1

    c23023dc3759d6d3fad8b4ed2af5335fb91e4eeb

    SHA256

    da9b40967e805f2fac92d056a913a2626b7e1aed3289d03bd24c684b65646b16

    SHA512

    66f0246a5e53e325289af7ea76ca4d35413b1817e3e6a10289632d0e98a386a782d7e81ad3dfb79104753f5193a3cdcf227453f303fc46326cdf7656e964a963

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e8a318b1069d8b61a71e98dfd66481e2

    SHA1

    8fcb2dd9453e6391e3ae23ade2c93727925b3111

    SHA256

    af2a7458bad3dc3fedfbae9a015444d93e69788ba3f428eca12b2acb98547875

    SHA512

    3fd0f8a1ccfbaae8aa3735eadcf0e790de7ea27026aa25e6de04d914de08f8766b422b5b8ca05976551a80b3d18bd3d12cb9c72a77e49651202d7144ee9ee552

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    44fd843800bc8ae4827ca08d8b5aecbd

    SHA1

    0d144381d07c90e30dfa9c7c7c10cbe89ec0e0b8

    SHA256

    53d2e759e9ab6a34737b20066e72a37f158079fecb52f15eca09bd74432c1940

    SHA512

    ca7f01d22259abadd1214041ecb2fdce137da5b7371ac3850650f6498ca248a8a88736df499ab07f38839a67c51fec5119700c2e173cdf8b30d3b27b084a8f34

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\TYJHPEBV.txt
    Filesize

    604B

    MD5

    f0ce74e9206b7f605fa80f1e565ce374

    SHA1

    aa056682f3dca18668594f075e28d44f0e1f8fa9

    SHA256

    6862f6367624294fd28c20c8fc0905aa3cb87259cbbfb587212e19b4f526b7b5

    SHA512

    58af43b9ff90583e2020f39dbf50d86c20d4eb3f4a1a6f7002822281655fcbaae9f4f4a2f22d73e96fcbed990ce668590f7fb1a935d771ab8fb00814463c8fa8