Overview
overview
3Static
static
IBRA_30-12...V3.rar
windows7-x64
3IBRA_30-12...V3.rar
windows10-2004-x64
3MODELMAPEO...v3.map
windows7-x64
3MODELMAPEO...v3.map
windows10-2004-x64
3MODELMAPEO..._c.lua
windows7-x64
3MODELMAPEO..._c.lua
windows10-2004-x64
3MODELMAPEO..._s.vbs
windows7-x64
1MODELMAPEO..._s.vbs
windows10-2004-x64
1MODELMAPEO...ta.xml
windows7-x64
1MODELMAPEO...ta.xml
windows10-2004-x64
1[IBRA-2022...o2.col
windows7-x64
3[IBRA-2022...o2.col
windows10-2004-x64
3[IBRA-2022...o2.dff
windows7-x64
3[IBRA-2022...o2.dff
windows10-2004-x64
3[IBRA-2022...nt.vbs
windows7-x64
1[IBRA-2022...nt.vbs
windows10-2004-x64
1[IBRA-2022...a1.txd
windows7-x64
3[IBRA-2022...a1.txd
windows10-2004-x64
3[IBRA-2022...v2.col
windows7-x64
3[IBRA-2022...v2.col
windows10-2004-x64
3[IBRA-2022...v2.dff
windows7-x64
3[IBRA-2022...v2.dff
windows10-2004-x64
3[IBRA-2022...v3.col
windows7-x64
3[IBRA-2022...v3.col
windows10-2004-x64
3[IBRA-2022...v3.dff
windows7-x64
3[IBRA-2022...v3.dff
windows10-2004-x64
3[IBRA-2022...t2.col
windows7-x64
3[IBRA-2022...t2.col
windows10-2004-x64
3[IBRA-2022...t2.dff
windows7-x64
3[IBRA-2022...t2.dff
windows10-2004-x64
3[IBRA-2022...ta.xml
windows7-x64
1[IBRA-2022...ta.xml
windows10-2004-x64
1Analysis
-
max time kernel
132s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
12/01/2023, 05:00
Static task
static1
Behavioral task
behavioral1
Sample
IBRA_30-12-2022_Mina_2_V3.rar
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral2
Sample
IBRA_30-12-2022_Mina_2_V3.rar
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
MODELMAPEO-IBRA2022-Mina2v3/MODELMAPEO-IBRA2022-Mina2v3.map
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral4
Sample
MODELMAPEO-IBRA2022-Mina2v3/MODELMAPEO-IBRA2022-Mina2v3.map
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
MODELMAPEO-IBRA2022-Mina2v3/mapEditorScriptingExtension_c.lua
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral6
Sample
MODELMAPEO-IBRA2022-Mina2v3/mapEditorScriptingExtension_c.lua
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
MODELMAPEO-IBRA2022-Mina2v3/mapEditorScriptingExtension_s.vbs
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral8
Sample
MODELMAPEO-IBRA2022-Mina2v3/mapEditorScriptingExtension_s.vbs
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
MODELMAPEO-IBRA2022-Mina2v3/meta.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral10
Sample
MODELMAPEO-IBRA2022-Mina2v3/meta.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
[IBRA-2022]Mina2/chaleco2.col
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral12
Sample
[IBRA-2022]Mina2/chaleco2.col
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
[IBRA-2022]Mina2/chaleco2.dff
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral14
Sample
[IBRA-2022]Mina2/chaleco2.dff
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
[IBRA-2022]Mina2/client.vbs
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral16
Sample
[IBRA-2022]Mina2/client.vbs
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
[IBRA-2022]Mina2/cueva1.txd
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral18
Sample
[IBRA-2022]Mina2/cueva1.txd
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
[IBRA-2022]Mina2/cueva1v2.col
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral20
Sample
[IBRA-2022]Mina2/cueva1v2.col
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
[IBRA-2022]Mina2/cueva1v2.dff
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral22
Sample
[IBRA-2022]Mina2/cueva1v2.dff
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
[IBRA-2022]Mina2/cueva1v3.col
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral24
Sample
[IBRA-2022]Mina2/cueva1v3.col
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
[IBRA-2022]Mina2/cueva1v3.dff
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral26
Sample
[IBRA-2022]Mina2/cueva1v3.dff
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
[IBRA-2022]Mina2/helmet2.col
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral28
Sample
[IBRA-2022]Mina2/helmet2.col
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
[IBRA-2022]Mina2/helmet2.dff
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral30
Sample
[IBRA-2022]Mina2/helmet2.dff
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
[IBRA-2022]Mina2/meta.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral32
Sample
[IBRA-2022]Mina2/meta.xml
Resource
win10v2004-20220901-en
windows10-2004-x64
General
-
Target
[IBRA-2022]Mina2/meta.xml
-
Size
371B
-
MD5
b8aff0d3a15ef9e4f2d2fb5061e071ea
-
SHA1
2625b7f1fd8630405d36425eed8dd7b18255d331
-
SHA256
6a19deed347a04ee8969b64245c5e5ea9c8b1a036c74234f17bb4ab88abec15d
-
SHA512
5576f3646d89e08303af2d1f842b5b66cd97c7198ae7cd7162684f3e5d9cfe426805d0b67a449bd30acf32c5addf0d27099accd31dd5bea5cfded46b25bbf732
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31008323" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30e984094326d901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31008323" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000060ecc979c76d9e4690041dbc7cec48d700000000020000000000106600000001000020000000f352feb7d3f7ad3edb027e83068764e2c79d6bf8b593def60b7c5bce3e304ebd000000000e8000000002000020000000691d88acc5c8795fbcc5fc4de1d17b65d956fa74c7b28bbcb63236e6405e72a620000000340e11edbe095d789e484e717de5b29ff3407684b2159ae2a3a8ed5d6f640548400000003a26a99dbd8eaabd2e6b3798ba2c35052f485071d6b2b5b579a8a7e319e2911888467cc4ead02b7172946ed4b4b1866fe748b65e862243fcc33645756db095c7 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{3321F055-9236-11ED-A0EE-62142853BA25} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "380264675" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31008323" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "131113865" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "131113865" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "142834365" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000060ecc979c76d9e4690041dbc7cec48d700000000020000000000106600000001000020000000e507194450d8aaca029f39f6d5ddcc21a87558371adf83e6855d085b5f8a9d14000000000e80000000020000200000007518f57980503991a1df0801f0fcae2f5637f6cdd4168f88bd6e9356444852a0200000007a947357495f24784e6092caed6d61ef65111fb53bddb6f072a98fef9af5a13540000000f9352a9eb7d4d832e29860091d009121dda7170747978c8c8f6530db84596cd68a9d82eaf48f482b64f857cea601d0e7d122bcadf8f0cd50fd8056a93ab6ccad iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 604774094326d901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 5016 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 5016 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 5016 iexplore.exe 5016 iexplore.exe 2880 IEXPLORE.EXE 2880 IEXPLORE.EXE 2880 IEXPLORE.EXE 2880 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 632 wrote to memory of 5016 632 MSOXMLED.EXE 83 PID 632 wrote to memory of 5016 632 MSOXMLED.EXE 83 PID 5016 wrote to memory of 2880 5016 iexplore.exe 85 PID 5016 wrote to memory of 2880 5016 iexplore.exe 85 PID 5016 wrote to memory of 2880 5016 iexplore.exe 85
Processes
-
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\[IBRA-2022]Mina2\meta.xml"1⤵
- Suspicious use of WriteProcessMemory
PID:632 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\[IBRA-2022]Mina2\meta.xml2⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5016 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5016 CREDAT:17410 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2880
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD503c43ce055f8989a6508481c8acb6608
SHA13dc33276158435396c4272531a62707a18a4a875
SHA2561e977bad400e43c86966889b895bbf3b00b929b4bf497c791ad0ed2a0749fd3e
SHA512fb69a674b2c2aa697a7c1fc94490298949831762d9d9612266314727ea85f84035df089f62e1aec24474caa1fc52fc94ea704d161335d37c1cf746c72af1f8ab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize404B
MD5fb0413a804abea26c4011a172e20cd3c
SHA12906ab573cda6345926e0885ecd47e4ad8b6884e
SHA2568297e3602a4aea1485e6f6ac81f729e663a902502f9a1e1e4b3ceba105e45c32
SHA512b6b7abe581b7dd53f5ab0ceafdbce1dc3d512b211900cf337ce1ecea6830bacb689742129d5ee5cf9218a435d7a50f9b683faf095987a8a2ea0481ac26438a20