Analysis
-
max time kernel
195s -
max time network
224s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
30-11-2022 08:22
General
-
Target
7e6fe50fa5ebd2c2756daa1c43b81f553344fddd841e604d2392f74dfb550153.exe
-
Size
50KB
-
MD5
3c25768310a2e6d8c98c4bb7da444ced
-
SHA1
fd87ffb3fc6a5bab35afbff5afcc38bc173366e0
-
SHA256
7e6fe50fa5ebd2c2756daa1c43b81f553344fddd841e604d2392f74dfb550153
-
SHA512
a8f1b7e80e10fff634de1e4ecb3ac7ac0b422bf08a89328f77b28c5d8e720865a6ae772491ee8b4f507d60307ec548727612e9539c06d4d8e9bffb913d50123a
-
SSDEEP
768:6uwihNqM9h/MdC/pqzRXWmpFtgjrUW+XyiNULxYJo:NqM9h/MdTppFy3UW1iNUqo
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 17 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7e6fe50fa5ebd2c2756daa1c43b81f553344fddd841e604d2392f74dfb550153.exe"C:\Users\Admin\AppData\Local\Temp\7e6fe50fa5ebd2c2756daa1c43b81f553344fddd841e604d2392f74dfb550153.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7e6fe50fa5ebd2c2756daa1c43b81f553344fddd841e604d2392f74dfb550153.exeC:\Users\Admin\AppData\Local\Temp\7e6fe50fa5ebd2c2756daa1c43b81f553344fddd841e604d2392f74dfb550153.exe2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=7e6fe50fa5ebd2c2756daa1c43b81f553344fddd841e604d2392f74dfb550153.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.03⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:564 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\P9J84215.txtFilesize
533B
MD59d2efd9ae0017b5a3464d9b1d14b8901
SHA1466e0a2e3182b4093d58db497aa7f5548bb7cab2
SHA256809469ba9643c7a750b6f2a2be8f1a7555e86e979af8737c5a5f5b02b153b41a
SHA51264a6b60ee016bf344fe6e0a401e9f4d874386e078d989d90a2a92f977d10925ae90658acd45c09e47e8189f67ba2276798cbd0365e7829b8ff0adac45ec94c82
-
memory/1464-54-0x0000000000400000-0x000000000040C000-memory.dmpFilesize
48KB
-
memory/1464-55-0x0000000000400000-0x000000000040C000-memory.dmpFilesize
48KB
-
memory/1464-57-0x0000000000400000-0x000000000040C000-memory.dmpFilesize
48KB
-
memory/1464-58-0x0000000000400000-0x000000000040C000-memory.dmpFilesize
48KB
-
memory/1464-59-0x0000000000400000-0x000000000040C000-memory.dmpFilesize
48KB
-
memory/1464-60-0x0000000000407E1E-mapping.dmp
-
memory/1464-62-0x0000000000402000-0x0000000000408000-memory.dmpFilesize
24KB
-
memory/1464-63-0x0000000000402000-0x0000000000408000-memory.dmpFilesize
24KB
-
memory/1464-64-0x0000000075C81000-0x0000000075C83000-memory.dmpFilesize
8KB