Analysis

  • max time kernel
    184s
  • max time network
    259s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03/12/2022, 18:34

General

  • Target

    e278a2ef0201e8b8d2de0173af91aee7a04a6caf8418c38e1a885d177801ec5f.exe

  • Size

    1.1MB

  • MD5

    ec58c26cec37213e57c29de9d8451b7c

  • SHA1

    17a4716813deefd50455df90995903f252e78b40

  • SHA256

    e278a2ef0201e8b8d2de0173af91aee7a04a6caf8418c38e1a885d177801ec5f

  • SHA512

    d15c6ee65b98dfa561de83c58a4ee53f29ce55f9e76ad681659a4ba894c992e7749501eb89730fb89bcd0628c57e80764d9a145f9227646f93f7a29eeb407510

  • SSDEEP

    24576:szYXUL+lJupqdJNTisqTzWsb7Zz5v9ROa//ck62H82:FkL+VDPyisb7ZVv0k6B2

Score
6/10

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e278a2ef0201e8b8d2de0173af91aee7a04a6caf8418c38e1a885d177801ec5f.exe
    "C:\Users\Admin\AppData\Local\Temp\e278a2ef0201e8b8d2de0173af91aee7a04a6caf8418c38e1a885d177801ec5f.exe"
    1⤵
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:948
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -startmediumtab -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1112
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1112 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:824

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\tcz8fqz\imagestore.dat

          Filesize

          5KB

          MD5

          5e4fdd20671a70a46c3898f4a5363fb3

          SHA1

          b461ee62dde539a0df6d79f580f821006ce2b837

          SHA256

          cbe298cae462b0122e222b6765e771d91bff4cd94c9db844416bd756485f119b

          SHA512

          45579ea938bf5b8098f59c8993a9048fb748d6bdd903b00a2cdf868e9e1856458cf4e78b982033d59a9d350c2aae4141070d7e03092dd3c7f5b8fc40b3af7311

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\U3UXDB38.txt

          Filesize

          602B

          MD5

          5015c952244dd1a2eeb778ba842ef423

          SHA1

          53fa7c81fe528096e71bb51cf9d88531d3b00a37

          SHA256

          aaacd7e1efcc86dde4217b3d6dea0c6ca77663606157b22391bd8f64f5381b24

          SHA512

          279ff38aeb8086aad817304ab444ec2eb3545e903ce554b190b01876869260b5bdd220747d3c764c56acb6af4775a404e370b1ff1c4d71f8f2736a128e04e88a

        • memory/948-54-0x0000000075FB1000-0x0000000075FB3000-memory.dmp

          Filesize

          8KB