Analysis
-
max time kernel
139s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
01-06-2022 11:48
General
-
Target
http://t.email1.samsung.ca/r/?id=ff1b346f,303d531,303d53e&p1=8107023398&p2=8107023398&p3=DM15290&p4=https://adx.g.doubleclick.net//pcs/view?xai=AKAOjsvSc_HvuQdRvX1aSoLPMgMMy-T8xM65Y_09AIvG1ApfApuPo9FtYnF9W2EEqi6GwE47pf6Th4xg4FDvHaAKOPaQtQr4xJKBJ08mjD4W7LwmVigyiXIBwAQ9Ga5qLY2ORq_WeFgyIWJSATEw4kSs6iyyE2VnWoVF9g8X4brSZg-d2kHwxDG0kckzm_IBbsku6Nh62dAZfWL-lHrXgRphSSKKd6Y1I4VMYqP0oHOKcOJeyFNW4nOJQAXibQCw0CJ4E55vFlHRK6xhA7WDmVjY1LQsVW9a7ArJ_CC7RxC6OkK7Rw&sig=Cg0ArKJSzPyCsO5VugncEAE&urlfix=1&adurl=https://storage.yandexcloud.net/sign-ulc9xn31wltys20mume8auhn798b4beueir9xqpf6nm/index.html#benjamin.hymans@pod-point.com
Malware Config
Signatures
-
Detected potential entity reuse from brand google.
-
Modifies Internet Explorer settings 1 TTPs 39 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://t.email1.samsung.ca/r/?id=ff1b346f,303d531,303d53e&p1=8107023398&p2=8107023398&p3=DM15290&p4=https://adx.g.doubleclick.net//pcs/view?xai=AKAOjsvSc_HvuQdRvX1aSoLPMgMMy-T8xM65Y_09AIvG1ApfApuPo9FtYnF9W2EEqi6GwE47pf6Th4xg4FDvHaAKOPaQtQr4xJKBJ08mjD4W7LwmVigyiXIBwAQ9Ga5qLY2ORq_WeFgyIWJSATEw4kSs6iyyE2VnWoVF9g8X4brSZg-d2kHwxDG0kckzm_IBbsku6Nh62dAZfWL-lHrXgRphSSKKd6Y1I4VMYqP0oHOKcOJeyFNW4nOJQAXibQCw0CJ4E55vFlHRK6xhA7WDmVjY1LQsVW9a7ArJ_CC7RxC6OkK7Rw&sig=Cg0ArKJSzPyCsO5VugncEAE&urlfix=1&adurl=https://storage.yandexcloud.net/sign-ulc9xn31wltys20mume8auhn798b4beueir9xqpf6nm/index.html#benjamin.hymans@pod-point.com1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4180 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776Filesize
471B
MD5bbe91d0029e4c88e8d37ab6c6a7cc8e2
SHA12e74912104fd22ce4d72634ba7b5119026e27da7
SHA256b3fec3b2e7495c3f65b5ccedd5f10eda0afab64526a74274856469145e1755dc
SHA512277cb64c27f79171ee80a98992d7f98bc7ec07846e1db817279cedb852066728ae5cd49cfb856f96bbe58ea57a554fc3dd24ca625143953e9b8377387766fcb1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776Filesize
434B
MD5d211c9bd4750877e4f38acb0875bfc12
SHA1259fd6c31266ee42132a4caefd9d0c5d798508ee
SHA256d5fda59cdce4bd646b0f40914b9c5948937274038a9fb07b881f814427e01c99
SHA512905a3a29796fd760aad52a3b790455563ff8bd4f4f877642d4e789dcad36d8219399bbac3a60896015cfcfeb2ccc088f90612e218bbf44772cbacbbeb689ff98
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jnqp20o\imagestore.datFilesize
5KB
MD548ce677e54bf3344fbd5b6af3cd315f9
SHA18b8ef5c25e063b17a5367dc15fe40740c6cec407
SHA256a085d083d4bd352d99d09e0653195fa3bbafef81be23e2f02ff8df4be2e5c8a7
SHA512d13af2e2d16998ea3234ade52d4349ee791ce50b519aaa62be8532feed0c50bcc4f8e868750d9d85bbdc60a05a064494dc44e7babf66933e9e369451b59b4f16