Analysis
-
max time kernel
121s -
max time network
157s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
01-12-2022 20:45
General
-
Target
9792f205964083e622cb09322f9e1a321af1f508af750da9d0f0e2c4ab1e3601.exe
-
Size
218KB
-
MD5
ea8bc532fc445aba6da82d821e89e28f
-
SHA1
d1fa928c07fd5bf8554d5eaae33140862e6b79d3
-
SHA256
9792f205964083e622cb09322f9e1a321af1f508af750da9d0f0e2c4ab1e3601
-
SHA512
fb4a7880c6b9f038d21d32ac7aea003b46a3087cc783170a37d0ab56bf1a2f046f3a3d565484888d2e98d9ab623138593abd23df72b392d4ea24d220047e731e
-
SSDEEP
3072:mN6jJE4iM6wsdPLGBG2Ox+7umxab8SbNf1KeY90RnEzb9InSEHD03ffMsd1PV1Df:Q6jJ3D3MGBG2F5AKeA0SMERV1L
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 17 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9792f205964083e622cb09322f9e1a321af1f508af750da9d0f0e2c4ab1e3601.exe"C:\Users\Admin\AppData\Local\Temp\9792f205964083e622cb09322f9e1a321af1f508af750da9d0f0e2c4ab1e3601.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\9792f205964083e622cb09322f9e1a321af1f508af750da9d0f0e2c4ab1e3601.exe"C:\Users\Admin\AppData\Local\Temp\9792f205964083e622cb09322f9e1a321af1f508af750da9d0f0e2c4ab1e3601.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=9792f205964083e622cb09322f9e1a321af1f508af750da9d0f0e2c4ab1e3601.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.03⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1684 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\39TYNJWI.txtFilesize
601B
MD5caaedfcfa902e059355db256ffdf5199
SHA10a44172c8457ab5f8cdeced1cb4d4e129842ccf5
SHA2563c54d9786c0af09ff729e1597207b890d32caa3222b278ea10e36f02ed1c744a
SHA512efcba10336cc052596dea104736ec3fe7e38212480dc5bfce724d6d4a7774a7e34ab378b5dec88ff116a93d6a1cc25b3a72878714a5f875bfde1e860e82a1c77
-
memory/1452-64-0x000000000040877E-mapping.dmp
-
memory/1452-67-0x0000000000402000-0x0000000000409000-memory.dmpFilesize
28KB
-
memory/1452-66-0x0000000000402000-0x0000000000409000-memory.dmpFilesize
28KB
-
memory/1452-63-0x0000000000400000-0x000000000040E000-memory.dmpFilesize
56KB
-
memory/2012-56-0x0000000000400000-0x0000000000478000-memory.dmpFilesize
480KB
-
memory/2012-62-0x0000000000400000-0x0000000000478000-memory.dmpFilesize
480KB
-
memory/2012-59-0x0000000075841000-0x0000000075843000-memory.dmpFilesize
8KB
-
memory/2012-58-0x0000000000400000-0x0000000000478000-memory.dmpFilesize
480KB
-
memory/2012-55-0x0000000000400000-0x0000000000478000-memory.dmpFilesize
480KB
-
memory/2012-57-0x0000000000400000-0x0000000000478000-memory.dmpFilesize
480KB
-
memory/2012-68-0x0000000000400000-0x0000000000478000-memory.dmpFilesize
480KB
-
memory/2012-54-0x0000000000400000-0x0000000000478000-memory.dmpFilesize
480KB