Analysis
-
max time kernel
107s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
-
submitted
29-11-2022 16:43
General
-
Target
78f4f21126072e959bbe9876cee1bc17100703a62304954d01c2e16dd9956729.exe
-
Size
104KB
-
MD5
262501d948eb900c269e4888d0d416f7
-
SHA1
25f87d16ce571588a9171b0d0f6b6d80014c2cde
-
SHA256
78f4f21126072e959bbe9876cee1bc17100703a62304954d01c2e16dd9956729
-
SHA512
113b8599391080c544730a7ace3258dc5f7f9d9c0bdda9c110843e1fa0a97e8dfd9511827b3e638d3dd4e6204830a15874866864376914092657faf741b1efcb
-
SSDEEP
1536:lP7LRKwGuF6Cp7/LPLrVcwZxFsEBv2cfRPexCCUy1FCs:Fo7CZ/bLTFsOvLRYgyfCs
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious use of WriteProcessMemory 17 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\78f4f21126072e959bbe9876cee1bc17100703a62304954d01c2e16dd9956729.exe"C:\Users\Admin\AppData\Local\Temp\78f4f21126072e959bbe9876cee1bc17100703a62304954d01c2e16dd9956729.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\78f4f21126072e959bbe9876cee1bc17100703a62304954d01c2e16dd9956729.exeC:\Users\Admin\AppData\Local\Temp\78f4f21126072e959bbe9876cee1bc17100703a62304954d01c2e16dd9956729.exe2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=78f4f21126072e959bbe9876cee1bc17100703a62304954d01c2e16dd9956729.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.03⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1276 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ODW0I4GL.txtFilesize
535B
MD5b6aa9221ae076b0b05b7cfeb292795eb
SHA1ddce4d43d83502eaa36e44f91a05a4fb9cb90c20
SHA256cbec697543be57eaab3b2a0fad6b6bf0e16d0a2cbe99a2e86e51d8d57950fd16
SHA51260f185572c6c7c2625195c9253bb4cc62317de68a91d08cefffc3dea2aa1e7f91305f4d4efcfc4c689bb632e0f9baa18a20c42226eea8ded7d9c5ebfa0ca5591
-
memory/1688-56-0x0000000000400000-0x0000000000418000-memory.dmpFilesize
96KB
-
memory/1688-57-0x0000000000400000-0x0000000000418000-memory.dmpFilesize
96KB
-
memory/1688-59-0x0000000000400000-0x0000000000418000-memory.dmpFilesize
96KB
-
memory/1688-61-0x0000000000400000-0x0000000000418000-memory.dmpFilesize
96KB
-
memory/1688-63-0x000000000040C50E-mapping.dmp
-
memory/1688-62-0x0000000000400000-0x0000000000418000-memory.dmpFilesize
96KB
-
memory/1688-65-0x0000000000402000-0x000000000040C600-memory.dmpFilesize
41KB
-
memory/1688-66-0x0000000000402000-0x000000000040C600-memory.dmpFilesize
41KB
-
memory/1688-67-0x0000000076BA1000-0x0000000076BA3000-memory.dmpFilesize
8KB