Resubmissions
28-09-2022 06:46
220928-hjzwasfca3 128-09-2022 06:44
220928-hhwggsgchk 128-09-2022 06:35
220928-hcrlcafbg3 1028-09-2022 06:33
220928-hblcyafbf9 1Analysis
-
max time kernel
66s -
max time network
69s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
-
submitted
28-09-2022 06:33
General
-
Target
http://quarrelaimless.com/9b3cd056?nphmy=56&refer=https://mixdrop.co/f/ql3ndw6eb3ndw7&kw=["mixdrop","-","watch","beast","2022","720p","amzn","webrip","800mb","x264-galaxyrg"]&key=b8ec1bba676d04d104b756970b8e0395&scrWidth=1600&scrHeight=900&tz=-7&v=22.8.v.2&ship=&sub3=invoke_new&res=13.31&dev=r&psid=mixdrop.co&adb=n
Malware Config
Signatures
-
Modifies Internet Explorer settings 1 TTPs 40 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 14 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://quarrelaimless.com/9b3cd056?nphmy=56&refer=https://mixdrop.co/f/ql3ndw6eb3ndw7&kw=["mixdrop","-","watch","beast","2022","720p","amzn","webrip","800mb","x264-galaxyrg"]&key=b8ec1bba676d04d104b756970b8e0395&scrWidth=1600&scrHeight=900&tz=-7&v=22.8.v.2&ship=&sub3=invoke_new&res=13.31&dev=r&psid=mixdrop.co&adb=n1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1340 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1340 CREDAT:340994 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1340 CREDAT:406542 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015Filesize
60KB
MD5d15aaa7c9be910a9898260767e2490e1
SHA12090c53f8d9fc3fbdbafd3a1e4dc25520eb74388
SHA256f8ebaaf487cba0c81a17c8cd680bdd2dd8e90d2114ecc54844cffc0cc647848e
SHA5127e1c1a683914b961b5cc2fe5e4ae288b60bab43bfaa21ce4972772aa0589615c19f57e672e1d93e50a7ed7b76fbd2f1b421089dcaed277120b93f8e91b18af94
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5684d0bdfdc758892910917dee42a584d
SHA108a7258408ed35346505d75fac1acf384c48d0be
SHA256e5fd1ddbf370b7eaaeea7f4811a14107e4f9e4fd281ec0c41422bace8dd80f2f
SHA512477cc1de52903a9161af3c7a47deefc246e6a4c7814147764bc5bcaa8b20c4b0297d89c4341b57ca38616db26310534e30aa637fa2d667835282d01261ce63cb
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZN60M0QQ\IN9OU0MD.htmFilesize
18KB
MD5838378db1a4d783e76ccf48876c80cac
SHA19abdb0f475eaabe0221b8f51b01a899d6ce370ff
SHA2563f719205ae698e4080b9dbed92e3afbfe3c690c085d8bae651b6772b2d2b9ec0
SHA512edb203de547265fd2c9ec48985efe25e290a30eb2bfafef215588732627ddd7a507f2aad6ebacd8a0b40828f954b492665b81ccb3936b1af28eae806826c78c0
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\8K8ISZG2.txtFilesize
603B
MD52539b9309928e255a6d96ecbc7c6e1e4
SHA1efbb38cc8a7c50494dbbf76b8ffb765bf118bba1
SHA256f55e11dd29698ac1ecd2b8c724b5475d47fe7f7823f8eb477803874ca53ee46b
SHA512c3e06b3aec26729a3195d7b305ad0cb8cb93ff374f534dedd08c55d4230fccd57cece85d337838a14d475365364d7126cb8d4f29e1efb4687f38dec2d3777fb5