Analysis
-
max time kernel
175s -
max time network
210s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
23-11-2022 13:02
General
-
Target
d27e0ef50747340368a6b4a9244381fb34f1ab9778aa0c13a15c6dd4569b6173.exe
-
Size
328KB
-
MD5
a7aba4296e0f4cc12ec37491d623ab37
-
SHA1
ed15724056ab1d40053d82ac937f7e7d5489dd1d
-
SHA256
d27e0ef50747340368a6b4a9244381fb34f1ab9778aa0c13a15c6dd4569b6173
-
SHA512
3c7185050f3229114f40bc3938f9c836aa3e4644e99e550e37693a13abfca52276885c390fdc17d80575dd92c99535cf370bd7d5803eb8187446ed3c4d4b73c6
-
SSDEEP
6144:+ICHmBqlcHgSSrWr/mL+YcXMIe5EC6t+jqBEm2mSMb1dxIm33liQzMcq/rtDzB59:EHmcl0gfCr/ocXMIkgFdpHxIm33llbqD
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 23 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d27e0ef50747340368a6b4a9244381fb34f1ab9778aa0c13a15c6dd4569b6173.exe"C:\Users\Admin\AppData\Local\Temp\d27e0ef50747340368a6b4a9244381fb34f1ab9778aa0c13a15c6dd4569b6173.exe"1⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\applaunch.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\applaunch.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=applaunch.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.03⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:896 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\0FAQCP25.txtFilesize
608B
MD5aadaaa698393a8c1905d178e5680f066
SHA12f067393cb07121b4037277e4886c0e41909354d
SHA2567d8bb18808f13b97cda750496f80c0246398c65b2270f187e6b3729068a4952b
SHA51270533b334222b3b78f9ff543efe4bcc4db2e8d23910a77b7147d495f1adcffc1356815f5a6b3aed3fc83abadcf5836d071f6ca8d1741bc12e5c44f04103200e2
-
memory/1516-65-0x0000000074BB0000-0x000000007515B000-memory.dmpFilesize
5.7MB
-
memory/1516-55-0x0000000074BB0000-0x000000007515B000-memory.dmpFilesize
5.7MB
-
memory/1516-56-0x0000000074BB0000-0x000000007515B000-memory.dmpFilesize
5.7MB
-
memory/1516-54-0x0000000075C81000-0x0000000075C83000-memory.dmpFilesize
8KB
-
memory/1636-57-0x0000000000400000-0x000000000044A000-memory.dmpFilesize
296KB
-
memory/1636-61-0x0000000000400000-0x000000000044A000-memory.dmpFilesize
296KB
-
memory/1636-62-0x0000000000400000-0x000000000044A000-memory.dmpFilesize
296KB
-
memory/1636-63-0x000000000044501E-mapping.dmp
-
memory/1636-60-0x0000000000400000-0x000000000044A000-memory.dmpFilesize
296KB
-
memory/1636-66-0x0000000000400000-0x000000000044A000-memory.dmpFilesize
296KB
-
memory/1636-68-0x0000000000400000-0x000000000044A000-memory.dmpFilesize
296KB
-
memory/1636-58-0x0000000000400000-0x000000000044A000-memory.dmpFilesize
296KB