Overview

overview

8

Static

static

URLScan

urlscan

https://github.com/p...

windows7-x64

8

https://github.com/p...

windows10-2004-x64

8

Analysis

  • max time kernel
    67s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    10-01-2023 17:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/patrykq9/Metamask-Arbitrage-Trading-Bot/blob/main/setup.exe

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/patrykq9/Metamask-Arbitrage-Trading-Bot/blob/main/setup.exe
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1220
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1220 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1160
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PFZC0YBM\setup.exe
      "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PFZC0YBM\setup.exe"
      2⤵
      • Executes dropped EXE
      PID:1268

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6e4bc9369e3999e5daff5dd965cb8bdc

    SHA1

    fa7745098993496c184d99c33fc40ae0c31c6a3e

    SHA256

    67fbb84dc616c71216565aa6142d54a14876144cfff98470d52a8b8209766db2

    SHA512

    c326217dc72f2e0e439070b8c41e153c60d4e8f16ef7aa1a287f8b2fb2e4aa802d8dbc11d341d701d5d46fefef1fad037bd96de95788fbc4f87d25b5f9e52dfd

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\mlf2v8h\imagestore.dat
    Filesize

    1KB

    MD5

    175f71a04f49bee52cad92167e74ac78

    SHA1

    d95d10ffeb5ff84a16596a73ab2f46398a35c135

    SHA256

    51c62d5fe759cb777961b8a91c6f27980e06a851c9a2f38ed0c48e3b46a4c3a2

    SHA512

    418d1f25712323d76b8a6187a40d8a62deea075d9fe075de3afa1e2fe9cdc9e8f07fa15ad7f4cb409c3c160a0d5657bb97211d039f37c78d0899105225771169

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PFZC0YBM\setup.exe
    Filesize

    3.8MB

    MD5

    cdfe1df11ea71c1b9bc1b865a8b90960

    SHA1

    d300c5a7d8e3722513707ae5b82201db231334c9

    SHA256

    a334e628d5daf5fbce24680d8db0f7f86963ca62922657c5d1b271ef414285a2

    SHA512

    e3eee96b51031b1d133c71a13a2ee4945764f82376ab061d6e85feb6f61a5d52c52c0a82fdb9dea9298279da9e864de9df1a975a380e2583a6c9efb3fcdbc24f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PFZC0YBM\setup.exe.nzxmaxq.partial
    Filesize

    3.8MB

    MD5

    cdfe1df11ea71c1b9bc1b865a8b90960

    SHA1

    d300c5a7d8e3722513707ae5b82201db231334c9

    SHA256

    a334e628d5daf5fbce24680d8db0f7f86963ca62922657c5d1b271ef414285a2

    SHA512

    e3eee96b51031b1d133c71a13a2ee4945764f82376ab061d6e85feb6f61a5d52c52c0a82fdb9dea9298279da9e864de9df1a975a380e2583a6c9efb3fcdbc24f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\XCR3P3BY.txt
    Filesize

    608B

    MD5

    548addf7d82acc4a8f5ebfd3ca0096f9

    SHA1

    9568c59c795ee0a812cded7a02efca85236b7ddd

    SHA256

    7c53398e62908e05ffe7126a994ef0cf5bef260c55244c6d755f0a2750ec97f7

    SHA512

    372cd96811bba02589cea40501cfe20f32c569de612ec0d4092c6f1874283d56e7206ecfc8a2a0b45f9dd746beea35a83f8dcee7357d3ae5649a9d946aeb8b7c

    Download Submit

  • \Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PFZC0YBM\setup.exe
    Filesize

    3.8MB

    MD5

    cdfe1df11ea71c1b9bc1b865a8b90960

    SHA1

    d300c5a7d8e3722513707ae5b82201db231334c9

    SHA256

    a334e628d5daf5fbce24680d8db0f7f86963ca62922657c5d1b271ef414285a2

    SHA512

    e3eee96b51031b1d133c71a13a2ee4945764f82376ab061d6e85feb6f61a5d52c52c0a82fdb9dea9298279da9e864de9df1a975a380e2583a6c9efb3fcdbc24f

    Download Submit

  • \Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PFZC0YBM\setup.exe
    Filesize

    3.8MB

    MD5

    cdfe1df11ea71c1b9bc1b865a8b90960

    SHA1

    d300c5a7d8e3722513707ae5b82201db231334c9

    SHA256

    a334e628d5daf5fbce24680d8db0f7f86963ca62922657c5d1b271ef414285a2

    SHA512

    e3eee96b51031b1d133c71a13a2ee4945764f82376ab061d6e85feb6f61a5d52c52c0a82fdb9dea9298279da9e864de9df1a975a380e2583a6c9efb3fcdbc24f

    Download Submit

  • memory/1268-59-0x0000000000000000-mapping.dmp

    Download