Resubmissions

01/11/2022, 10:46

221101-mt7q4sbac4 1

01/11/2022, 10:39

221101-mqek6abhdl 1

Analysis

  • max time kernel
    155s
  • max time network
    179s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    01/11/2022, 10:39

General

  • Target

    http://www.bicdata.com.br

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.bicdata.com.br
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:872
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:872 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:852

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          340B

          MD5

          51b837e384a238359ad1cec3d605cd24

          SHA1

          bdd7fce845f4db8f9412034217557c6c8f2c1599

          SHA256

          20e19488307973f46cb9f529204b9b6b889877e2f41a0ee1cdc91c14cb042fbf

          SHA512

          464543d3b86d787fe84ca182faedb06189db1b8728e10de9c10763757c011318b28d9c535f1f5bee64f7514a729f4d926cd21643eaa396d78e02c1781934946e

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\lwrmjt1\imagestore.dat

          Filesize

          6KB

          MD5

          f947034b1551c01934a8f4d93ee5772e

          SHA1

          4d4b19086c34adab19d312e50a9e200fd13c41b2

          SHA256

          8ae9c56a2701d75e81e91722dc3081c4de30526e7138d577aa11954896eb290c

          SHA512

          2ba5f9b060a6d08cfc9f4ce468a1eefd40fa23b20dbc7f3caf344256ce582d70063b0d8a8c9f263dabe555a975393e8dec134d70010e42b2853679ccbb7abd3b

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\D8B1O6L8.txt

          Filesize

          603B

          MD5

          04c61d00866da8b0fe01c6efcb13eade

          SHA1

          6ae93c013606c7f7d148598cf9679acd3360d19d

          SHA256

          879599789d0866c97c5005deffd6536b1a1f9361f02750aafcd56f4231a51028

          SHA512

          d201267a9f7584d52b094b146dd95ee718c1be0e34fd90c37c385a974e981a35b5fcc94ce5dc0bedbc0570a46301f902b8bc54b4ddd03701f986dc0e2c285929