Overview
overview
3Static
static
IBRA_30-12...V3.rar
windows7-x64
3IBRA_30-12...V3.rar
windows10-2004-x64
3MODELMAPEO...v3.map
windows7-x64
3MODELMAPEO...v3.map
windows10-2004-x64
3MODELMAPEO..._c.lua
windows7-x64
3MODELMAPEO..._c.lua
windows10-2004-x64
3MODELMAPEO..._s.vbs
windows7-x64
1MODELMAPEO..._s.vbs
windows10-2004-x64
1MODELMAPEO...ta.xml
windows7-x64
1MODELMAPEO...ta.xml
windows10-2004-x64
1[IBRA-2022...o2.col
windows7-x64
3[IBRA-2022...o2.col
windows10-2004-x64
3[IBRA-2022...o2.dff
windows7-x64
3[IBRA-2022...o2.dff
windows10-2004-x64
3[IBRA-2022...nt.vbs
windows7-x64
1[IBRA-2022...nt.vbs
windows10-2004-x64
1[IBRA-2022...a1.txd
windows7-x64
3[IBRA-2022...a1.txd
windows10-2004-x64
3[IBRA-2022...v2.col
windows7-x64
3[IBRA-2022...v2.col
windows10-2004-x64
3[IBRA-2022...v2.dff
windows7-x64
3[IBRA-2022...v2.dff
windows10-2004-x64
3[IBRA-2022...v3.col
windows7-x64
3[IBRA-2022...v3.col
windows10-2004-x64
3[IBRA-2022...v3.dff
windows7-x64
3[IBRA-2022...v3.dff
windows10-2004-x64
3[IBRA-2022...t2.col
windows7-x64
3[IBRA-2022...t2.col
windows10-2004-x64
3[IBRA-2022...t2.dff
windows7-x64
3[IBRA-2022...t2.dff
windows10-2004-x64
3[IBRA-2022...ta.xml
windows7-x64
1[IBRA-2022...ta.xml
windows10-2004-x64
1Analysis
-
max time kernel
143s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
12/01/2023, 05:00
Static task
static1
Behavioral task
behavioral1
Sample
IBRA_30-12-2022_Mina_2_V3.rar
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral2
Sample
IBRA_30-12-2022_Mina_2_V3.rar
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
MODELMAPEO-IBRA2022-Mina2v3/MODELMAPEO-IBRA2022-Mina2v3.map
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral4
Sample
MODELMAPEO-IBRA2022-Mina2v3/MODELMAPEO-IBRA2022-Mina2v3.map
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
MODELMAPEO-IBRA2022-Mina2v3/mapEditorScriptingExtension_c.lua
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral6
Sample
MODELMAPEO-IBRA2022-Mina2v3/mapEditorScriptingExtension_c.lua
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
MODELMAPEO-IBRA2022-Mina2v3/mapEditorScriptingExtension_s.vbs
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral8
Sample
MODELMAPEO-IBRA2022-Mina2v3/mapEditorScriptingExtension_s.vbs
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
MODELMAPEO-IBRA2022-Mina2v3/meta.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral10
Sample
MODELMAPEO-IBRA2022-Mina2v3/meta.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
[IBRA-2022]Mina2/chaleco2.col
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral12
Sample
[IBRA-2022]Mina2/chaleco2.col
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
[IBRA-2022]Mina2/chaleco2.dff
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral14
Sample
[IBRA-2022]Mina2/chaleco2.dff
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
[IBRA-2022]Mina2/client.vbs
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral16
Sample
[IBRA-2022]Mina2/client.vbs
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
[IBRA-2022]Mina2/cueva1.txd
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral18
Sample
[IBRA-2022]Mina2/cueva1.txd
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
[IBRA-2022]Mina2/cueva1v2.col
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral20
Sample
[IBRA-2022]Mina2/cueva1v2.col
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
[IBRA-2022]Mina2/cueva1v2.dff
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral22
Sample
[IBRA-2022]Mina2/cueva1v2.dff
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
[IBRA-2022]Mina2/cueva1v3.col
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral24
Sample
[IBRA-2022]Mina2/cueva1v3.col
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
[IBRA-2022]Mina2/cueva1v3.dff
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral26
Sample
[IBRA-2022]Mina2/cueva1v3.dff
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
[IBRA-2022]Mina2/helmet2.col
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral28
Sample
[IBRA-2022]Mina2/helmet2.col
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
[IBRA-2022]Mina2/helmet2.dff
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral30
Sample
[IBRA-2022]Mina2/helmet2.dff
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
[IBRA-2022]Mina2/meta.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral32
Sample
[IBRA-2022]Mina2/meta.xml
Resource
win10v2004-20220901-en
windows10-2004-x64
General
-
Target
MODELMAPEO-IBRA2022-Mina2v3/meta.xml
-
Size
918B
-
MD5
c35e97a572c97c42483d982865253d2d
-
SHA1
a4ca4db52e36cb39a083c12e350d92e05eeffd6f
-
SHA256
b4d2d44bde9f4fe720addf21c13c3056b2c61a807e102fecf8e0fcb83e3f94f9
-
SHA512
91216656edb801d0aa02fbb96a5c1ef012ae46c601bd563598451754f50aa9f3e311a8b2bf3613f74d1c3c5f626053a10b398a7b1c6670044646c0f125b45587
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31008331" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80016e694b26d901 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 607777694b26d901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{931BB9D9-923E-11ED-B5DD-D668443210E4} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000055e705317208724f818ff84de6ddc69d00000000020000000000106600000001000020000000ec861dc5dc38a48028c60572299d045ea345809d9d7b682ff069dc03357440ab000000000e8000000002000020000000fa471f753c465ee06f03c44b69dbd31bd99176bbb6c4e83b08f38bfe58d6c75120000000e94ce15cc2a8e05362341c596c29715fd507adec2373edfa72f8cfc0f14800bc40000000732b4b962d15dcbdee5fd7865637369ba8c1fc3bddafa808de7602b90134f5653d7420ef5c5d3c7c7faaa9843d58ae562f4bf72161dbe8ff3930e2fe64e269b4 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1746320060" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1738975091" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1738975091" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31008331" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "380268272" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31008331" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000055e705317208724f818ff84de6ddc69d0000000002000000000010660000000100002000000094dc08f3f0921298aa7cce32cde5003adbcd283f630c0a474116a59efb7b944f000000000e80000000020000200000007e23b7858d97b3dc51b4f60209e0d84828c607e87f10590a22d0b6ccb20dce222000000039eb260c8d6d5e6cb6bdd80c1dabe0f539a4f0ae9f026aaf2c94677bc71cf201400000000285a2449983f26187c19094ea2b54c633642d41fc213b5a1539fc4a20ca43ada812351877b3354518059e759c2088d97a3e4d41c3857f63e3a12c06ad396be0 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4252 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4252 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 4252 iexplore.exe 4252 iexplore.exe 3884 IEXPLORE.EXE 3884 IEXPLORE.EXE 3884 IEXPLORE.EXE 3884 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 4160 wrote to memory of 4252 4160 MSOXMLED.EXE 81 PID 4160 wrote to memory of 4252 4160 MSOXMLED.EXE 81 PID 4252 wrote to memory of 3884 4252 iexplore.exe 83 PID 4252 wrote to memory of 3884 4252 iexplore.exe 83 PID 4252 wrote to memory of 3884 4252 iexplore.exe 83
Processes
-
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\MODELMAPEO-IBRA2022-Mina2v3\meta.xml"1⤵
- Suspicious use of WriteProcessMemory
PID:4160 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\MODELMAPEO-IBRA2022-Mina2v3\meta.xml2⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4252 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4252 CREDAT:17410 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3884
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD503c43ce055f8989a6508481c8acb6608
SHA13dc33276158435396c4272531a62707a18a4a875
SHA2561e977bad400e43c86966889b895bbf3b00b929b4bf497c791ad0ed2a0749fd3e
SHA512fb69a674b2c2aa697a7c1fc94490298949831762d9d9612266314727ea85f84035df089f62e1aec24474caa1fc52fc94ea704d161335d37c1cf746c72af1f8ab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize434B
MD5360b1efb02d5f1131550dd701c28b64a
SHA1a9bac9a9d1beab804b7cfd4f43a47c89b732ba37
SHA256df024de8af29b412ffe0ebf79ef140f5ff4f5f56fde498d68b0397ce967107c1
SHA512e6946a82e24f1f94b481828a61fabfb743d7dc10b1533de2f0b12861fce6cfb0d60cab128e0feda3b89c306cedc1d4e5e1bc672497ec7c43072e27c5fb1106e4