Overview
overview
3Static
static
IBRA_30-12...V3.rar
windows7-x64
3IBRA_30-12...V3.rar
windows10-2004-x64
3MODELMAPEO...v3.map
windows7-x64
3MODELMAPEO...v3.map
windows10-2004-x64
3MODELMAPEO..._c.lua
windows7-x64
3MODELMAPEO..._c.lua
windows10-2004-x64
3MODELMAPEO..._s.vbs
windows7-x64
1MODELMAPEO..._s.vbs
windows10-2004-x64
1MODELMAPEO...ta.xml
windows7-x64
1MODELMAPEO...ta.xml
windows10-2004-x64
1[IBRA-2022...o2.col
windows7-x64
3[IBRA-2022...o2.col
windows10-2004-x64
3[IBRA-2022...o2.dff
windows7-x64
3[IBRA-2022...o2.dff
windows10-2004-x64
3[IBRA-2022...nt.vbs
windows7-x64
1[IBRA-2022...nt.vbs
windows10-2004-x64
1[IBRA-2022...a1.txd
windows7-x64
3[IBRA-2022...a1.txd
windows10-2004-x64
3[IBRA-2022...v2.col
windows7-x64
3[IBRA-2022...v2.col
windows10-2004-x64
3[IBRA-2022...v2.dff
windows7-x64
3[IBRA-2022...v2.dff
windows10-2004-x64
3[IBRA-2022...v3.col
windows7-x64
3[IBRA-2022...v3.col
windows10-2004-x64
3[IBRA-2022...v3.dff
windows7-x64
3[IBRA-2022...v3.dff
windows10-2004-x64
3[IBRA-2022...t2.col
windows7-x64
3[IBRA-2022...t2.col
windows10-2004-x64
3[IBRA-2022...t2.dff
windows7-x64
3[IBRA-2022...t2.dff
windows10-2004-x64
3[IBRA-2022...ta.xml
windows7-x64
1[IBRA-2022...ta.xml
windows10-2004-x64
1Analysis
-
max time kernel
97s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
12-01-2023 05:00
Static task
static1
Behavioral task
behavioral1
Sample
IBRA_30-12-2022_Mina_2_V3.rar
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral2
Sample
IBRA_30-12-2022_Mina_2_V3.rar
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
MODELMAPEO-IBRA2022-Mina2v3/MODELMAPEO-IBRA2022-Mina2v3.map
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral4
Sample
MODELMAPEO-IBRA2022-Mina2v3/MODELMAPEO-IBRA2022-Mina2v3.map
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
MODELMAPEO-IBRA2022-Mina2v3/mapEditorScriptingExtension_c.lua
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral6
Sample
MODELMAPEO-IBRA2022-Mina2v3/mapEditorScriptingExtension_c.lua
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
MODELMAPEO-IBRA2022-Mina2v3/mapEditorScriptingExtension_s.vbs
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral8
Sample
MODELMAPEO-IBRA2022-Mina2v3/mapEditorScriptingExtension_s.vbs
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
MODELMAPEO-IBRA2022-Mina2v3/meta.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral10
Sample
MODELMAPEO-IBRA2022-Mina2v3/meta.xml
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
[IBRA-2022]Mina2/chaleco2.col
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral12
Sample
[IBRA-2022]Mina2/chaleco2.col
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
[IBRA-2022]Mina2/chaleco2.dff
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral14
Sample
[IBRA-2022]Mina2/chaleco2.dff
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
[IBRA-2022]Mina2/client.vbs
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral16
Sample
[IBRA-2022]Mina2/client.vbs
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
[IBRA-2022]Mina2/cueva1.txd
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral18
Sample
[IBRA-2022]Mina2/cueva1.txd
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
[IBRA-2022]Mina2/cueva1v2.col
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral20
Sample
[IBRA-2022]Mina2/cueva1v2.col
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
[IBRA-2022]Mina2/cueva1v2.dff
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral22
Sample
[IBRA-2022]Mina2/cueva1v2.dff
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
[IBRA-2022]Mina2/cueva1v3.col
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral24
Sample
[IBRA-2022]Mina2/cueva1v3.col
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
[IBRA-2022]Mina2/cueva1v3.dff
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral26
Sample
[IBRA-2022]Mina2/cueva1v3.dff
Resource
win10v2004-20220901-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
[IBRA-2022]Mina2/helmet2.col
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral28
Sample
[IBRA-2022]Mina2/helmet2.col
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
[IBRA-2022]Mina2/helmet2.dff
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral30
Sample
[IBRA-2022]Mina2/helmet2.dff
Resource
win10v2004-20221111-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
[IBRA-2022]Mina2/meta.xml
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral32
Sample
[IBRA-2022]Mina2/meta.xml
Resource
win10v2004-20220901-en
windows10-2004-x64
General
-
Target
MODELMAPEO-IBRA2022-Mina2v3/meta.xml
-
Size
918B
-
MD5
c35e97a572c97c42483d982865253d2d
-
SHA1
a4ca4db52e36cb39a083c12e350d92e05eeffd6f
-
SHA256
b4d2d44bde9f4fe720addf21c13c3056b2c61a807e102fecf8e0fcb83e3f94f9
-
SHA512
91216656edb801d0aa02fbb96a5c1ef012ae46c601bd563598451754f50aa9f3e311a8b2bf3613f74d1c3c5f626053a10b398a7b1c6670044646c0f125b45587
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\InternetRegistry IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Zoom IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001191f972444e7a4ebae469e73396fa90000000000200000000001066000000010000200000003d0ee2ced8e5f5c8d32160c5f6e8f026f156ce155e21a112a945f9dec36c78f6000000000e800000000200002000000036cd40db7cb7a16b3b45fa2c506921f88ffe5a7086cc4816c362fe4733bff23c900000005f0257a4c7a1268a2cb190fed700207b4532cf5d8e299b2944ba1f5c659a3dc99fe090210c0845556f270879dcaeb28c13c6e55401c28611545daf06e109a2c41e6373583d0a4c6d2079bc7043d837b43f674226fd7039605bf98bcc836975a5b18b859a789768f85b1da88de044b3d45872f1dc5e18d86e042dba38d9b97b3383e8bcf822659e25e69ca804c7f8ceba40000000f1604141be78937e63a2463f02631b77f67e8dceb1eb789e20f0954538f3df667fb8d768a845e7d4ec93178e605900ce66a45f3f88ad8e7a47c17c55f27ed2bc IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\PageSetup IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30b060684b26d901 IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IntelliForms IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "380268288" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IETld\LowMic IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{92719BA1-923E-11ED-A6C3-FE72C9E2D9C9} = "0" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001191f972444e7a4ebae469e73396fa900000000002000000000010660000000100002000000069301f363093f4fdc2625f8c552f62a99b6c4812dc0449b2ed822a27f2cb3c2b000000000e80000000020000200000005eadc80312612374ce7bc3005d77a553d3e5b12ee35b9d56d44b2821f391304d200000004c0c0a5d2e9647f2030323b975c37af80d69ebf7e908c5693e8e113168eab362400000003583b7b88ead262261e1c749cc8b1c1d1424a936dad3d7b3ad59c1984e5af1c07f9d665768bb1fa24c954e234b22fbcda876e31c46a7c1f86781545da6f559de IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1736 IEXPLORE.EXE -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1736 IEXPLORE.EXE 1736 IEXPLORE.EXE 300 IEXPLORE.EXE 300 IEXPLORE.EXE 300 IEXPLORE.EXE 300 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 2036 wrote to memory of 1748 2036 MSOXMLED.EXE 28 PID 2036 wrote to memory of 1748 2036 MSOXMLED.EXE 28 PID 2036 wrote to memory of 1748 2036 MSOXMLED.EXE 28 PID 2036 wrote to memory of 1748 2036 MSOXMLED.EXE 28 PID 1748 wrote to memory of 1736 1748 iexplore.exe 29 PID 1748 wrote to memory of 1736 1748 iexplore.exe 29 PID 1748 wrote to memory of 1736 1748 iexplore.exe 29 PID 1748 wrote to memory of 1736 1748 iexplore.exe 29 PID 1736 wrote to memory of 300 1736 IEXPLORE.EXE 30 PID 1736 wrote to memory of 300 1736 IEXPLORE.EXE 30 PID 1736 wrote to memory of 300 1736 IEXPLORE.EXE 30 PID 1736 wrote to memory of 300 1736 IEXPLORE.EXE 30
Processes
-
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\MODELMAPEO-IBRA2022-Mina2v3\meta.xml"1⤵
- Suspicious use of WriteProcessMemory
PID:2036 -
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome2⤵
- Suspicious use of WriteProcessMemory
PID:1748 -
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1736 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1736 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:300
-
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
608B
MD588c7a672db09df78e0081b3341510971
SHA179db1ac73d96bb8ce99697c44ded44b7769e2e1a
SHA256aaad3be44847be3bb320e1c18d593e0eb62a16b2dedf7b2f0c73d696e676b357
SHA512f2cefdb5a299181437356099b3785e2bf19d127f0c5fe6be4f3d6002c1a7fc0d62672469190271b9bc9645db1fffeef33bbc0c0a749951d2df41fa7d6364eaac