Analysis

  • max time kernel
    78s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220721-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-08-2022 07:04

General

  • Target

    Fatura.Vivo.html

  • Size

    96B

  • MD5

    7e41be563457d6038687186692eb52f8

  • SHA1

    fd4ade2d432fbd5f0670238cedc3deef7034d364

  • SHA256

    627dc49bf0bab971d202383338c17f06c7416ebf9d1ac3d602114a6b398a1feb

  • SHA512

    a42a7be4d37f3c255c2597e32a5ac350916a36acf96ef3b5634449a9e83828a0f424d6e18b49596b3e6c1a17c51a1f38deda3fc0984e0e30ea9d1264f4f81db4

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings ⋅ 1 TTPs 39 IoCs
  • Suspicious behavior: GetForegroundWindowSpam ⋅ 1 IoCs
  • Suspicious use of FindShellTrayWindow ⋅ 1 IoCs
  • Suspicious use of SetWindowsHookEx ⋅ 6 IoCs
  • Suspicious use of WriteProcessMemory ⋅ 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Fatura.Vivo.html
    Modifies Internet Explorer settings
    Suspicious behavior: GetForegroundWindowSpam
    Suspicious use of FindShellTrayWindow
    Suspicious use of SetWindowsHookEx
    Suspicious use of WriteProcessMemory
    PID:1444
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1444 CREDAT:17410 /prefetch:2
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:3844

Network

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Discovery

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation

                        Replay Monitor

                        00:00 00:00

                        Downloads

                        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\59gvihh\imagestore.dat
                          MD5

                          3c3cf5e0533b3bea590b5dcd54456db0

                          SHA1

                          f349ea6eac1cc22f841f4189d0e3a9252219542a

                          SHA256

                          b0d06c62b1a4e4aca655db4047fd60d85c547745e653f42d8c99a101938d4f45

                          SHA512

                          476d2cc31822873d79603e674150aa269743de3da7099509866899494b06bdcfcc7087f53076b57e786f77530bbbb32eed2827a91a7fc83e24ab42b015e05f31

                        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\59gvihh\imagestore.dat
                          MD5

                          12e599ea07e977300ed297d3c22eaa8d

                          SHA1

                          65112c7503c087dd2f1c48dec7279d07ade0a86e

                          SHA256

                          8fe6f09bff2ac51297a336cfd3c87b0fa434e899a8fde588b07ab71c8113c173

                          SHA512

                          914d29bc1d5bec779117c05c7ab8ca78d6bc40f0312783d3625b1d99f851c7caaea3a43e20d163f7d7c687f8d4f6f838757f5999cbd1cc5ae3037a7ca21e1ad7