Analysis

  • max time kernel
    81s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2022, 14:32

General

  • Target

    ڷVIPҸ/ڷVIPҸ/77169.org˵.htm

  • Size

    4KB

  • MD5

    98ee6e8383a3693b9aed0024c6c56295

  • SHA1

    ed862d3c419ea991d642c5b302df213e2cef03ce

  • SHA256

    516efd1450fb09e7afa5465a5e2b1c874aab81b0864e3ee1ac4a225d6a69a81b

  • SHA512

    5ceee4b944526aa67ba8a6fe1d9ed9cef118a69e526947b77215c47f7614302a5c7ccde13b75e6bf13eb2eba7e8fa6ef3f233aeb39819c19de1d095ffac85257

  • SSDEEP

    96:mQOQeRA2RWhwM6w6mheySgh/SnljQhhwQZy0X8LJhLoOlExbRls7zlaQLIak:7X8A0VdIYehu2hwQZx+JhLoOlExNl0zI

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 54 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ڷVIPҸ\ڷVIPҸ\77169.org˵.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2248
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2248 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3916

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ckj4gk4\imagestore.dat

    Filesize

    1KB

    MD5

    31cbeb667d7c95d5170935fe4dee54a7

    SHA1

    5f5c0643f22613d2fe17d57103f3e6f4b936f7b8

    SHA256

    60051d781495e5841ad706d136b8c6abc99f8ed571a472212863ffd7a711d965

    SHA512

    119ccc392dce6c9ee906d259aa3e308439dcca0d25486117dce0b4822cf8663d11093b0a071b23fe07d9ced8753cbb74b3f6dfdac9f4d047f37062e252f97026