Resubmissions

18-09-2022 00:58

220918-bbje1seebr 7

18-09-2022 00:55

220918-a95v8saed2 7

18-09-2022 00:53

220918-a8r8raeebq 7

18-09-2022 00:52

220918-a74v6aeebp 6

Analysis

  • max time kernel
    72s
  • max time network
    113s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    18-09-2022 00:53

General

  • Target

    https://whatismyipaddress.com/

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 5 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Modifies Internet Explorer settings 1 TTPs 56 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://whatismyipaddress.com/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4236
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4236 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1976

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

    Filesize

    1KB

    MD5

    69d1997fd391c6d6968f422afb7347aa

    SHA1

    4f5e9d2c442d57d26938ac27c9f1285e1c3c3245

    SHA256

    a6a50e283bd57890c0b61a4f45f6e2ba914234333a76678620ca881820741fa7

    SHA512

    b61b311b0aac7d6c4b87de8495ca1df3905a1a72ab5a770ecec51c005a3d63de86303beda1c3cd3a236f6eeb774718b234fcfe467fec15447f5bbb879bd88a44

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

    Filesize

    1KB

    MD5

    8e669bcee84836a2cb39f86dae0946f0

    SHA1

    358f7624dd802fcb679633d4c667018596b03de2

    SHA256

    a1afca6778cbd56ea5191582b787e25cae076f1b5fbb8ef94aa577a8baa2a67a

    SHA512

    828ce8d671f3c369fe799c74b198c466c6ac74d80c74f00de59bee72ab417a4371969a028cd3189f19f84a018d84a03bc60f008a5b1a43284f92050516e12ac8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    471B

    MD5

    10220c349e6b662ccf862322bec4e542

    SHA1

    5791f2c0342aad353ae7e5c8d1a2aff1382504e9

    SHA256

    b30f79bd9b45578fa9858426c1fca5c15a600f54c97653982b767bbcf0b2b8aa

    SHA512

    543df1b315a192d0170c0083d3a30441a2d76d4ab8c92ea043d6612c7491555a0dd7f154fb9666339e13c3fe52bf42953b6906fcd0c9b62e5c6605d2a171eb80

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9FF67FB3141440EED32363089565AE60_74AF856BCFFDE02D38442F50E7D59981

    Filesize

    280B

    MD5

    e9bd46962ba5d0584001c02f28a46ca8

    SHA1

    206d62f06a01911d610931bee2f296165b35e027

    SHA256

    f12305918de7b007c861bf5268491fe65fd3a1ec5e4912e67f1c6dfec0b906cd

    SHA512

    4fc9479ea135d7797971e608ce5222f522fe9804fbcf6f4820ddac885d2ed0d3691d75b713bce51902b313abe46fc0f42792aeda0f88c80eeebd023d9149de48

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

    Filesize

    416B

    MD5

    b95fdeca51db7df7cbff6b29d4e8f8c8

    SHA1

    428b525c4b45789b341d45c9e9f9a3727629bce9

    SHA256

    b9e8d6376b441a4d1de232dcd418bdfb51a2274a5f0d1bf0aabc0cda04b287e8

    SHA512

    c09e388d3a176371908ffd0f47d134049d83c74fa2bb80f39c20be99467820aca839fadb934261def78c9b3e2f88849b804cc59ca6e9fcd5176193b5787f2092

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

    Filesize

    408B

    MD5

    2c7152bc14ceec667e6aeeccb4a4646e

    SHA1

    75b6f7b01b2a21c6a4d02f8b66c49446fcbd22db

    SHA256

    8dfc8545fd795a194ddc2e87f19172950040151c6e9570a099dcc17c6546325a

    SHA512

    48a25b0fbe62db50ea11a9f9952984a87fdd09fadf7c639cc6a486ea71d13bbf89fa4c430c506de65ee4d9edf235b44d5cf6c61b25976c6652e9a87496c1775a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    404B

    MD5

    a1b9756522845f14ee69d8bae6669776

    SHA1

    0c25d8684b3686affa561149e6781e16e7e3b39b

    SHA256

    88849c7e8165cc8a298477e189ab11ba065de4db3ddbb24baf6612be79abd974

    SHA512

    e7e0b04774bc2f27363994235c1025ac7d1031b1fe98527336c05bee5ef742b4261954d60189088f2cb340830f898cad7158e6a0dbd06f336918dc9ef81ccc53

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9FF67FB3141440EED32363089565AE60_74AF856BCFFDE02D38442F50E7D59981

    Filesize

    396B

    MD5

    d087c3aa586e26f22d50c15d2ef51315

    SHA1

    2832e213401208d33f85f72dfdc0216710acb0f6

    SHA256

    d25e6e0a13cd56465d6c19673aa4d77148e7ac81c782c349a8ac7c8f0f84c343

    SHA512

    c4867f7da12694a04e507f573b16ea981590f6f517ccb3472819f9a8e7d64b6fc98578297c5464834856171c428fbb6469cf5b47704a46523f3387038ae56591

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\3ZP00XWR.cookie

    Filesize

    615B

    MD5

    b29a8229ac3077e450eb0c261ae2b9ce

    SHA1

    eeb85cc808e22ec79cae3962dd52b53b699eb643

    SHA256

    1296b8496b18069f78449a8efdc7804a3e5ef694e0631d1af0b1efd67ddd6f40

    SHA512

    08bfd7408ee88d2413997fee3725af987ebb254291819bd4faa3806e07781b792a806be5f7273fffe080ca5d939b7d3b6dd82562d1ab37e7297017bcb2b64b46

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\75W4XHV0.cookie

    Filesize

    587B

    MD5

    0fd50d6e847c13b931c256e215d1a184

    SHA1

    e4725ee65326cde8c62a4f96cad9bc08f0364d77

    SHA256

    baeb2ce125450a6cf948e6cd751b24c436d16509ddb19f4e06921adf997b8b80

    SHA512

    3a39cb7dcdf583157482d666a1edbf0212eaccf13a64af35c843933910c1152f17f20fec7bcb8dfd3aefd4458c7ef9c00978be2f8d2e55bf19bb24741959b88f

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\KJJEZJ89.cookie

    Filesize

    615B

    MD5

    23c8ef02b82b829583a63879a329d61d

    SHA1

    cc065eb167c9a90bd01b6f70883741b24dceab28

    SHA256

    29652e98d0eea7e1a4ca7c265fe8ecbda4b43b5b2670e8e0aff0ba22f9c9575f

    SHA512

    fb4349c832da194618d1fcc257e3ef4bff8735818c3bd150e4ba44b4225aef22e5330cb9a79f0d97caef592766aa1e8b2bde5135e1f5bf20d179a5e7c4b166e9