Analysis

  • max time kernel
    74s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    12-01-2023 05:00

General

  • Target

    [IBRA-2022]Mina2/meta.xml

  • Size

    371B

  • MD5

    b8aff0d3a15ef9e4f2d2fb5061e071ea

  • SHA1

    2625b7f1fd8630405d36425eed8dd7b18255d331

  • SHA256

    6a19deed347a04ee8969b64245c5e5ea9c8b1a036c74234f17bb4ab88abec15d

  • SHA512

    5576f3646d89e08303af2d1f842b5b66cd97c7198ae7cd7162684f3e5d9cfe426805d0b67a449bd30acf32c5addf0d27099accd31dd5bea5cfded46b25bbf732

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\[IBRA-2022]Mina2\meta.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1032
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1516
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1484
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1484 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2040

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\9MHCBBJX.txt

    Filesize

    608B

    MD5

    6468a9f2d12372fdb98a8d3e6d2aa414

    SHA1

    3a89b6d51a2c379af82880d1b252247239c8446c

    SHA256

    bd687b44a5ee778a209139a312e19f9f24f304d58e3cfdf9e1275d7b8d45766b

    SHA512

    19bba332e50e1ab4cf05a4f8849f0c1f8cacced259d0668245a562c7c8200caa9e2c101f608fef54ec863a145d65bfb3416533c730159d7d1f1299d11eaeb400

  • memory/1032-54-0x0000000075501000-0x0000000075503000-memory.dmp

    Filesize

    8KB