Analysis

  • max time kernel
    62s
  • max time network
    66s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-11-2022 18:04

General

  • Target

    http://r3---sn-4g5ednsr.gvt1.com

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://r3---sn-4g5ednsr.gvt1.com
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5108
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5108 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3648

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    471B

    MD5

    f96f5cc4fe29e16e576a10f0d731f764

    SHA1

    a24f0e59653b954741bebe8a1612ccacf59c1efc

    SHA256

    d36259b892a35873c19e5b65172a5f37e7df9bf4d1c614f862d76ff3617eef57

    SHA512

    12c82768aa942c2b8a803971fe8fb2355262df94fb12db1b8c4d8b550a028c3ae7a34dbdd29817803dcd88f5f915594e43b95c474e3295412227e97deb2edd5e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    434B

    MD5

    b0b2564e9335c5280eb9a2a63868ac24

    SHA1

    613d96da5c8a01d0e4773287b1b6dc723cf6f957

    SHA256

    1da22dfe3be2cfe00a29fdc904c03915605f89cbd0a6f7e76bdb0c01bc70b003

    SHA512

    d8bb711b560da5169cf1be1e37deacd790ace42575b16f531e24a67452d02a610e340d70d5a325390b1192d97734e687b305fb4382687f950e6a62ccc7164e27