Overview

overview

10

Static

static

8

mirserver/...er.exe

windows7-x64

1

mirserver/...er.exe

windows10-2004-x64

mirserver/...er.exe

windows7-x64

1

mirserver/...er.exe

windows10-2004-x64

1

mirserver/...er.exe

windows7-x64

1

mirserver/...er.exe

windows10-2004-x64

1

mirserver/...te.exe

windows7-x64

mirserver/...te.exe

windows10-2004-x64

1

mirserver/...rv.exe

windows7-x64

1

mirserver/...rv.exe

windows10-2004-x64

mirserver/...��.htm

windows7-x64

10

mirserver/...��.htm

windows10-2004-x64

1

mirserver/...tm.url

windows7-x64

1

mirserver/...tm.url

windows10-2004-x64

1

mirserver/...tm.url

windows7-x64

1

mirserver/...tm.url

windows10-2004-x64

mirserver/...ml.url

windows7-x64

1

mirserver/...ml.url

windows10-2004-x64

1

mirserver/...��.url

windows7-x64

1

mirserver/...��.url

windows10-2004-x64

1

mirserver/...gm.dll

windows7-x64

5

mirserver/...gm.dll

windows10-2004-x64

5

mirserver/...al.dll

windows7-x64

1

mirserver/...al.dll

windows10-2004-x64

1

mirserver/...er.exe

windows7-x64

6

mirserver/...er.exe

windows10-2004-x64

5

mirserver/...��.htm

windows7-x64

10

mirserver/...��.htm

windows10-2004-x64

1

mirserver/...��.htm

windows7-x64

10

mirserver/...��.htm

windows10-2004-x64

1

mirserver/...te.exe

windows7-x64

1

mirserver/...te.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    251s
  • max time network
    307s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 17:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mirserver/LoginSrv/Readme-˵.htm

  • Size

    2KB

  • MD5

    f2a6a504c4cb797f79e3106308f94de3

  • SHA1

    a7d1a768851cd1a28901a4f2cdbc4c8fe4587818

  • SHA256

    894a0efcd35d56c800cdb80d7cc776c7c6026a2383b7e1c8c718ec53f01fdf94

  • SHA512

    1c9b9f0dc4491c108aae2ad15e2f7beca77504165546c8a4d8dfe77f8a4adb2a306b4f7e656153a03fa0067cdea555879c68b9f12c079a484f09139e0939d3c5

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 21 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\mirserver\LoginSrv\Readme-˵.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4112
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4112 CREDAT:17410 /prefetch:2
      2⤵
        PID:4104

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads