Analysis
-
max time kernel
106s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
-
submitted
03-10-2022 00:47
General
-
Target
b5f211e632089024c0ec3f7a10cac50a6f7541fbdfc588f8fdac5ba8b27d9fbf.exe
-
Size
52KB
-
MD5
34642e15aac09c299214bacfb3f8d399
-
SHA1
cde7830a6b399f63dd8a12e44b7759b722519973
-
SHA256
b5f211e632089024c0ec3f7a10cac50a6f7541fbdfc588f8fdac5ba8b27d9fbf
-
SHA512
0e3e8634ae33285820c565ede6d3566dab75580114a3dbf57fc245d06055d961a26bfe5a8f9d16e8478c246b523ca0184b88b6577fcafcdf9b55c50864cf7265
-
SSDEEP
768:9R7+eNd28dSa/7uyrSMBe1QHgkm60GCEduramZ/OCr27c0ZovjU8:nieNfdS+iyjoQHOtzr27cHU
Malware Config
Signatures
-
Suspicious use of SetThreadContext ⋅ 1 IoCs
-
Modifies Internet Explorer settings ⋅ 1 TTPs 34 IoCs
-
Suspicious use of FindShellTrayWindow ⋅ 1 IoCs
-
Suspicious use of SetWindowsHookEx ⋅ 6 IoCs
-
Suspicious use of WriteProcessMemory ⋅ 17 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b5f211e632089024c0ec3f7a10cac50a6f7541fbdfc588f8fdac5ba8b27d9fbf.exePID:620"C:\Users\Admin\AppData\Local\Temp\b5f211e632089024c0ec3f7a10cac50a6f7541fbdfc588f8fdac5ba8b27d9fbf.exe"Suspicious use of SetThreadContextSuspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\b5f211e632089024c0ec3f7a10cac50a6f7541fbdfc588f8fdac5ba8b27d9fbf.exePID:856C:\Users\Admin\AppData\Local\Temp\b5f211e632089024c0ec3f7a10cac50a6f7541fbdfc588f8fdac5ba8b27d9fbf.exeSuspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exePID:552"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=b5f211e632089024c0ec3f7a10cac50a6f7541fbdfc588f8fdac5ba8b27d9fbf.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0Modifies Internet Explorer settingsSuspicious use of FindShellTrayWindowSuspicious use of SetWindowsHookExSuspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEPID:2040"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:552 CREDAT:275457 /prefetch:2Modifies Internet Explorer settingsSuspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\G9UXGAKB.txtMD5
be1cd4d67e6e6e681fd9a4c97bc9b60b
SHA197bdbd054be7b32915b2ce05af024da632b371fa
SHA2563424cc5d8c2b0e3a8631e5e64d44fdabf58da0fd45538bf22c8c4beddfa8b4a7
SHA512b953a2ecb9970ace2c8e44aee65af234134dc38908176d8d427b64d188be28e40e4df4d02fe5bdff4d9d88bdd9aa685f68e3d0ff867cf2a205cea6d62718ac86
-
memory/620-54-0x0000000000400000-0x000000000043E000-memory.dmp
-
memory/620-65-0x0000000000400000-0x000000000043E000-memory.dmp
-
memory/856-55-0x0000000000400000-0x000000000042A000-memory.dmp
-
memory/856-56-0x0000000000400000-0x000000000042A000-memory.dmp
-
memory/856-58-0x0000000000400000-0x000000000042A000-memory.dmp
-
memory/856-60-0x0000000000400000-0x000000000042A000-memory.dmp
-
memory/856-62-0x0000000000400000-0x000000000042A000-memory.dmp
-
memory/856-64-0x000000000042407E-mapping.dmp
-
memory/856-67-0x0000000000402000-0x0000000000425000-memory.dmp
-
memory/856-68-0x0000000075711000-0x0000000075713000-memory.dmp