Analysis
-
max time kernel
136s -
max time network
171s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
01/11/2022, 10:39
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://www.bicdata.com.br
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
http://www.bicdata.com.br
Resource
win10v2004-20220812-en
General
-
Target
http://www.bicdata.com.br
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3443349183" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000975fab978604b14697eb522259e91a1000000000020000000000106600000001000020000000897de923fcf054476e8ab2959218ed8fc2945dbda0e15fbc584a8c37a104a7f2000000000e8000000002000020000000c444aaf079f6d3214b1da45f994e47efab5a860984fd2bb4dcb60206b4971a33200000009cbc8f4caeaadf08ca5ae66d909e49f79eef0fde6c53e182bdc05cd74eaa200140000000b4f51fbfd94752d6b2488f03c2af57a564a945eeb88007e4b631ac4c0288b1b0f5590c6795fccd6a042201dc68437a019b86dc7fc5e07fdaf262196367f3c24e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "374067799" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3443349183" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30993894" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30993894" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000975fab978604b14697eb522259e91a1000000000020000000000106600000001000020000000636bba885a3201c5905a0e316d599c2cd15c08fa2c708074d72bdb66cddc96df000000000e8000000002000020000000f6b47eebab83e56bd3a3d2b1631cfa152f40ed4a97d1c43de7095bdd4d84967a20000000b1dafcb65d2a8cb41e4deeaeb341e6e31960bd63a3c18969419e0bffecd806a5400000004d1352a93fc55d732c9a1a11b7153651c865cd19f7ee9cd94dd779d9bb53e12a9143d72a7f65980099e07efcbcfbc1cff8f861bcd8f4c8cfb1136b13d41e0264 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 203128d2e6edd801 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3456006622" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30993894" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 001834d2e6edd801 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{F5654C3D-59D9-11ED-89AC-DEF0885D2AEB} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4696 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4696 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 4696 iexplore.exe 4696 iexplore.exe 4540 IEXPLORE.EXE 4540 IEXPLORE.EXE 4540 IEXPLORE.EXE 4540 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4696 wrote to memory of 4540 4696 iexplore.exe 79 PID 4696 wrote to memory of 4540 4696 iexplore.exe 79 PID 4696 wrote to memory of 4540 4696 iexplore.exe 79
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.bicdata.com.br1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4696 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4696 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4540
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD5f96f5cc4fe29e16e576a10f0d731f764
SHA1a24f0e59653b954741bebe8a1612ccacf59c1efc
SHA256d36259b892a35873c19e5b65172a5f37e7df9bf4d1c614f862d76ff3617eef57
SHA51212c82768aa942c2b8a803971fe8fb2355262df94fb12db1b8c4d8b550a028c3ae7a34dbdd29817803dcd88f5f915594e43b95c474e3295412227e97deb2edd5e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize434B
MD5f32ada5ce1a5bfe2e2f256b0ec79124e
SHA1b3446886fbd3c908f81bb1a8c6932b2cab2ca506
SHA25688cbfcb7cee60fe84366221b6785cc0ca50b22183a3bb0807103988fd7ad8f72
SHA5120be7901e09c95fd153b5c6db9c84c4d2b7f94e627b1727f5639b2672a58a7bde699a2b04d8ec18a5a80e9b9226093856d2571959bd12900545ae66f1168fbc42
-
Filesize
2KB
MD545d534b14ec3b277d1ca6d3f16d26de6
SHA14c70b33836392a101ad4991d1a4677af82d43935
SHA256c35990f99756257040e28aa633c8b82100e69e58d6e938a6589d446e20c4c0eb
SHA512d76e8abd2c0050f0e967c40cb3bf4e8f12d6a083804a0e37c06af7096a2c7fa2a0806f7925dc4cda3f58120791cc81136d608f3fdee85cb4b062e18d448bdc40