Analysis
-
max time kernel
67s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
12-10-2022 12:19
General
-
Target
https://googleads.g.doubleclick.net/pcs/click?xai=AKAOjsv_T8yNDSDJ_cyLS0iMCQqaioR-MhdA-kjBDW6t8vztVvhrl4CTbamF7xJbWZ_WFC8Mab6CQ1joypxqHYuKjVjlq8Dg4gNATZ-pW4wC1jiIFRSeeZbNpwuSRTgS7jy5_VWJn82d8cyXwaocbuebq8Jf2SdTLMCDpxudGoIa4rQe9r2MX5NG6e7Ok01PLaewRxJUcmFGEvyo6pyjlKQNMhPijUWUL4kYDSEFLl9213adZhmnXVG_59k9XxTo8fdWhznEGFUjxDFIeG77igKbPga9y4VzPKH0r0bBhfc-xx1TONsVbj68I9de0mTQvUPqWVxJuZZk4AFUFa8rdKMQptEVStzjmg&sai=AMfl-YR7DHip7NoD77ebhAqsBTtZALwhWklKlWsF7Jm86Lw1AKzDRIFRJ0hkCPMzq7ww_0b_GtucvU9K8n75CR_FNqtxOyMBNaX7h3X23Q-mmbY3eGl_FHkHiGi6mKrMWNbT7w&sig=Cg0ArKJSzOh8q2ztthhq&fbs_aeid=[gw_fbsaeid]&adurl=https://postdeliveryexpress.com/new/iii/now/3:08:49%20PM/[email protected]
Malware Config
Signatures
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://googleads.g.doubleclick.net/pcs/click?xai=AKAOjsv_T8yNDSDJ_cyLS0iMCQqaioR-MhdA-kjBDW6t8vztVvhrl4CTbamF7xJbWZ_WFC8Mab6CQ1joypxqHYuKjVjlq8Dg4gNATZ-pW4wC1jiIFRSeeZbNpwuSRTgS7jy5_VWJn82d8cyXwaocbuebq8Jf2SdTLMCDpxudGoIa4rQe9r2MX5NG6e7Ok01PLaewRxJUcmFGEvyo6pyjlKQNMhPijUWUL4kYDSEFLl9213adZhmnXVG_59k9XxTo8fdWhznEGFUjxDFIeG77igKbPga9y4VzPKH0r0bBhfc-xx1TONsVbj68I9de0mTQvUPqWVxJuZZk4AFUFa8rdKMQptEVStzjmg&sai=AMfl-YR7DHip7NoD77ebhAqsBTtZALwhWklKlWsF7Jm86Lw1AKzDRIFRJ0hkCPMzq7ww_0b_GtucvU9K8n75CR_FNqtxOyMBNaX7h3X23Q-mmbY3eGl_FHkHiGi6mKrMWNbT7w&sig=Cg0ArKJSzOh8q2ztthhq&fbs_aeid=[gw_fbsaeid]&adurl=https://postdeliveryexpress.com/new/iii/now/3:08:49%20PM/[email protected]1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1504 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
60KB
MD5d15aaa7c9be910a9898260767e2490e1
SHA12090c53f8d9fc3fbdbafd3a1e4dc25520eb74388
SHA256f8ebaaf487cba0c81a17c8cd680bdd2dd8e90d2114ecc54844cffc0cc647848e
SHA5127e1c1a683914b961b5cc2fe5e4ae288b60bab43bfaa21ce4972772aa0589615c19f57e672e1d93e50a7ed7b76fbd2f1b421089dcaed277120b93f8e91b18af94
-
Filesize
304B
MD52c9ab052e6b7340051fc723d180a62fe
SHA1007833c1834368de8c8a0108741677e1e14e2f34
SHA2562f168b7c6648b584bf0093d1d6a83aab8cae7ca482da35517bfecf740656a6e0
SHA512546b5bd135b0620bde9a31b6b4cbc13b9cf8456be738cb93c6bc69aa7bd44fa0e16a67ddf5953af7c96a1b6e2be0ec00774042a068847e8a79a6f8bd3680ae05
-
Filesize
608B
MD5e708dbaf05756e7b76ae03c4fb126ad3
SHA120821f292b511516306ae9eb5021c0026143056d
SHA25655262db39722a2de7912fc4e54e22d6e53b0f6fa769dc9dd006f2499863795dc
SHA5125192585a1f19137028d98a66b101b83d968eca7f8db644d11aac0013f19efa81552c5724ba530963dbb99de8ccffca5f36758d74ee8b4565ceed1bbbafd2af20