Overview
overview
1Static
static
URLScan
urlscan
http://Github.com/pi...
windows7_x64
1http://Github.com/pi...
windows10_x64
1http://Github.com/pi...
windows10-2004_x64
1http://Github.com/pi...
windows11_x64
http://Github.com/pi...
android_x64
1http://Github.com/pi...
android_x64
1http://Github.com/pi...
android_x86
1http://Github.com/pi...
macos_amd64
1http://Github.com/pi...
linux_armhf
http://Github.com/pi...
linux_mips
http://Github.com/pi...
linux_mipsel
http://Github.com/pi...
linux_amd64
Analysis
-
max time kernel
1564s -
max time network
1579s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
05-07-2022 10:19
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://Github.com/pixiedustattack
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
http://Github.com/pixiedustattack
Resource
win10-20220414-en
Behavioral task
behavioral3
Sample
http://Github.com/pixiedustattack
Resource
win10v2004-20220414-en
Behavioral task
behavioral4
Sample
http://Github.com/pixiedustattack
Resource
win11-20220223-en
Behavioral task
behavioral5
Sample
http://Github.com/pixiedustattack
Resource
android-x64-20220621-en
Behavioral task
behavioral6
Sample
http://Github.com/pixiedustattack
Resource
android-x64-arm64-20220621-en
Behavioral task
behavioral7
Sample
http://Github.com/pixiedustattack
Resource
android-x86-arm-20220621-en
Behavioral task
behavioral8
Sample
http://Github.com/pixiedustattack
Resource
macos-20220504-en
Behavioral task
behavioral9
Sample
http://Github.com/pixiedustattack
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral10
Sample
http://Github.com/pixiedustattack
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral11
Sample
http://Github.com/pixiedustattack
Resource
debian9-mipsel-en-20211208
Behavioral task
behavioral12
Sample
http://Github.com/pixiedustattack
Resource
ubuntu1804-amd64-en-20211208
General
-
Target
http://Github.com/pixiedustattack
Malware Config
Signatures
-
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2737797452" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "363788591" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{CDE3719B-FC5C-11EC-A58B-FEA8B733FE75} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30969961" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2822640608" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60f58dac6990d801 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2737797452" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043099a93b0a2dd41b22bfbb30670caee000000000200000000001066000000010000200000004b3fc9719f94a0bf883ed265c10cc4244faeec0ba0cbee6798b28a0ea0650746000000000e8000000002000020000000471962647522e763e4efcca9b48a34b99a0886e58982b9a315a25339801d48bc200000005d4231f3be680e0a1a87cfe951932d333fe3307226f4bc0db9ae40736a04368c400000000e3ed67ba4bcf07ef0eab61239112af8be44f7761191149d498222ee247d3460a3a646dafc5ca5315af7ed859a2053e5e91b009bed12c14b2c24546e1813a8d5 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043099a93b0a2dd41b22bfbb30670caee000000000200000000001066000000010000200000008c0079257779cde7ed0c54f6b16ce99c5d4d3d2270a0e4aa0a88bf44da1bfc3e000000000e8000000002000020000000f40fb7907cf4917fc34fe3ab4a79609a078402fef7777cfbf074d0fa5974698a2000000029d784b69ea19197bb50d9198846bd18726916f345aa152d970b9b58234b21f6400000001c99355d621a52ceda12ea5e9d4634c7c0f2ef32f28b84a4f1f4f7ab1ee9d8715b5c02499e90544b38b735d51150e72c2e84dcaadf83081c7b1b4dab27cf1114 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30969961" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30969961" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20e1a0ac6990d801 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
iexplore.exepid process 4588 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 4588 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 4588 iexplore.exe 4588 iexplore.exe 4600 IEXPLORE.EXE 4600 IEXPLORE.EXE 4600 IEXPLORE.EXE 4600 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
iexplore.exedescription pid process target process PID 4588 wrote to memory of 4600 4588 iexplore.exe IEXPLORE.EXE PID 4588 wrote to memory of 4600 4588 iexplore.exe IEXPLORE.EXE PID 4588 wrote to memory of 4600 4588 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://Github.com/pixiedustattack1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4588 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776Filesize
471B
MD5831399867695e8e2e44f24eb7b73313c
SHA1403e123384b3ba656e3e1cd3815dad4a1664b224
SHA256833cb46e5f4be363e955f5f3fcd655f1e610d5e33b0ae6c83a714ebfc9723f8c
SHA51217e637f6508aaa1589cde6e4d9e230b6dc02256c2bf1d0dddeea7958496b57582944e1d9fd17b323573f3214f73c99dbf4455cb7ba00075605a498749725ff16
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776Filesize
404B
MD58ee2a5ca93a81530bd772f603b9f8995
SHA10ce04e940d6e4b4045406482682a1c384fadbf89
SHA256cd2a0227aa56bca117f8f642c69c9c8b7c0d1834cf5c3830730ea6a43499f708
SHA51244730cb352912f1798ecf686df26e8fef11341d3ae25fa646910cb3dbbf2ae57df1ec0912c0dc1f068c930827fc1aa29476402835478ea4ee8a38532106c16bb