Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-10-2022 06:29

General

  • Target

    https://clt1488991.bmetrack.com/c/l?u=E666C4E&e=150DF82&c=16B85F&t=1&l=8DABE5D7&email=nJRsej4QjsOjaaV61Fx5VC1oDpgEbfiZ&seq=1#dmFuY291dmVyQG1hZS5ybw==

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings ⋅ 1 TTPs 35 IoCs
  • Suspicious use of FindShellTrayWindow ⋅ 1 IoCs
  • Suspicious use of SetWindowsHookEx ⋅ 6 IoCs
  • Suspicious use of WriteProcessMemory ⋅ 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://clt1488991.bmetrack.com/c/l?u=E666C4E&e=150DF82&c=16B85F&t=1&l=8DABE5D7&email=nJRsej4QjsOjaaV61Fx5VC1oDpgEbfiZ&seq=1#dmFuY291dmVyQG1hZS5ybw==
    Modifies Internet Explorer settings
    Suspicious use of FindShellTrayWindow
    Suspicious use of SetWindowsHookEx
    Suspicious use of WriteProcessMemory
    PID:4432
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4432 CREDAT:17410 /prefetch:2
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:4908

Network

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Discovery

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation

                        Replay Monitor

                        00:00 00:00

                        Downloads

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                          MD5

                          fd70739fca5345a28f924f9102ae10ee

                          SHA1

                          6ce3f92183544f3bf52cb76364591589cb940a19

                          SHA256

                          f238404cc643efddef8ff430f128cdc8ec1513969eaac24b5e5bce81248a91e7

                          SHA512

                          a787d3a2bceeaed2f2a29f357df6ae17d5b9f66a3c561550d5f83c308ad26a1ddf876488151ff5e51ce93bfb9d0c7b8ca812d595e8d3ebdda7d805707ac1b278

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                          MD5

                          ca2eb618e761df61b29d971567f18931

                          SHA1

                          062bdb5bca153cfb86a5e170951bd017d3e12ad9

                          SHA256

                          335d681c29f2c9de8fb2cdcbb71bb0225a5692363e21b2c6d3fba1e7fb476b8e

                          SHA512

                          7aab2e4887e2cafb20995efc872972a8e6ee452fc40a0b23d3cb3dc7b4155476f5060ab72cdcace0e5db3d1bad580d88ab25f1a7e80092a8275e2495acd9b948