Resubmissions

31-10-2022 17:27

221031-v1vn5abeh3 8

27-10-2022 21:15

221027-z3xzgsddh9 8

27-10-2022 20:25

221027-y7pcgadch3 10

26-10-2022 00:45

221026-a34dtsecd6 8

25-10-2022 23:13

221025-27kk3aebd3 1

Analysis

  • max time kernel
    134s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-10-2022 23:13

General

  • Target

    http://135.181.168.27

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://135.181.168.27
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4968
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4968 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3552

Network

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    ceb27c5a4ddfb187c4249a72504c7c8e

    SHA1

    1ad64626e4164455d19d5f88ef582c4995bfde79

    SHA256

    f218ba665e9323513337c50a31c4c5ff4501e3c386477149e3964a760de327df

    SHA512

    ceb5d4a665b6835c39b7f2b2841f3ce8b10236f8bc37b1dc99b2182303363f7f3f5c25d6cf7a84e5fb541fe8988c4af6b86abdd0f3ed9f6ddaca0e8ce0a1e3a3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    434B

    MD5

    a6de101637487b6f5bfbbfd2f0c6c81d

    SHA1

    f6b2e7573f1aacb2a2c6ef58e355fdbc6a26e23a

    SHA256

    43a4a01854de39ab21d3d456a2ee7bdc73cf6a77628477a321cfb9a2d079bf32

    SHA512

    4004c9adf2253d4d508ae3b23fd345c4a88cdc0ce2a08f6c9505bda4ce98dfec0c1773f6f0c5cfbf18d53add9d97e63ae6ba4fdd0281d461a2db98038067c74d