Analysis

  • max time kernel
    146s
  • max time network
    266s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    23-05-2022 08:53

General

  • Target

    https://go.pardot.com/e/984471/ail-paths-one-link-Fax-Outlook/8brb2/106448077/tasos%40betologic.com?h=s6hISiaojIn1KXS7BpTrWr1XN6w7ZwPflWLoQ-M6x3I

  • Sample

    220523-ktl4asceh6

Score
1/10

Malware Config

Signatures 5

  • Modifies Internet Explorer settings ⋅ 1 TTPs 56 IoCs
  • Suspicious behavior: GetForegroundWindowSpam ⋅ 1 IoCs
  • Suspicious use of FindShellTrayWindow ⋅ 1 IoCs
  • Suspicious use of SetWindowsHookEx ⋅ 6 IoCs
  • Suspicious use of WriteProcessMemory ⋅ 4 IoCs

Processes 2

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://go.pardot.com/e/984471/ail-paths-one-link-Fax-Outlook/8brb2/106448077/tasos%40betologic.com?h=s6hISiaojIn1KXS7BpTrWr1XN6w7ZwPflWLoQ-M6x3I
    Modifies Internet Explorer settings
    Suspicious use of FindShellTrayWindow
    Suspicious use of SetWindowsHookEx
    Suspicious use of WriteProcessMemory
    PID:756
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:756 CREDAT:275457 /prefetch:2
      Modifies Internet Explorer settings
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SetWindowsHookEx
      PID:1996

Network

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Discovery

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation

                        Replay Monitor

                        00:00 00:00

                        Downloads

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
                          MD5

                          d69e0688754ca34b5cb349fe5f221157

                          SHA1

                          ab341a7d908731585f981f9faea787778c60dbee

                          SHA256

                          ce1a716d5582174251790c3e4f513b5759354cd2690f005bfac96390c30e24e8

                          SHA512

                          15ba6681c549bef5ae03c9eda8e022bbee47056e186d010d30e6ee4eb7134f64427ec02ada6df4b329bd3f844761cbc8ec6a2baa63f0aefd2ac00a7eb6061260

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
                          MD5

                          b9f21d8db36e88831e5352bb82c438b3

                          SHA1

                          4a3c330954f9f65a2f5fd7e55800e46ce228a3e2

                          SHA256

                          998e0209690a48ed33b79af30fc13851e3e3416bed97e3679b6030c10cab361e

                          SHA512

                          d4a2ac7c14227fbaf8b532398fb69053f0a0d913273f6917027c8cadbba80113fdbec20c2a7eb31b7bb57c99f9fdeccf8576be5f39346d8b564fc72fb1699476

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
                          MD5

                          e5bf7b3205dd65fd183fe1576fe641ec

                          SHA1

                          1c1b74ead22181b6a373294b28ca1c675c652ac9

                          SHA256

                          008bb7c1ec430261e290c1719b516215abb798d3f2a31ff21028667d9cbd5779

                          SHA512

                          c59325ed723599a071d7293e9e1feaf5d9aac40241fd8a5b55ec84757b1e89bbae00124eb05786fd5612de07badb152d40d7b5924b914910a733be65d6510d7f

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                          MD5

                          24e37ded4fef1d8b14bb15f79986e072

                          SHA1

                          365d4809525ecdec6ae885fbf262324880d30a29

                          SHA256

                          81b959880f07ab05ded619867bc07dbf63b1f57bfc823cc43005c8d150c4280e

                          SHA512

                          4ed5ccc1e3067c9bc102f8ea5ca10688cc6796fe529e776f6c6ef0c5dbd26d44cfd12e3d9bc829d829dee78d9ba6ea5d0c6c585022102ab284ab8084a612d4ac

                        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9os4y76\imagestore.dat
                          MD5

                          bd355eaf91edb5df2986cbc6ae964724

                          SHA1

                          f62466ce3e478ea9b6a569cabac13c1f439eab8f

                          SHA256

                          33426ac68de57098f192b74505adfcf748aa017598f002f516385d61bb094a6d

                          SHA512

                          048098d5e2ea68b77464050d77bfde133b573477918cd2546082d8d745dd68064dacf31c962655e559c2869d06832fc67a557b8b0d034d1f0ccfd57a33524758

                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\K3F4JPVX.txt
                          MD5

                          acae9e5f8c2dff27bbef5d6c55331400

                          SHA1

                          05cd48d7167cb3191363283f3be6c0fcaf89b8fe

                          SHA256

                          7f6cd1f2922c920d42cacf0a3191b0b59b544eb281f19d7c07584c2c6e29f04e

                          SHA512

                          12de2de7b9e7a1c25943dc991170308239dba44a9440168f56862d88b8d98d1d77b68e0982a5e6033b308d455b6b1fd1ce4a7b9a88b63a8a46227d8b1417a610