Analysis

  • max time kernel
    67s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-01-2023 10:53

General

  • Target

    https://www.office.com/?auth=2&login_hint=nikita.chroesjtsjov@triaxknm.nl&from=AdminCenterEmail

Score
5/10

Malware Config

Signatures

  • Detected potential entity reuse from brand microsoft.
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://www.office.com/?auth=2&login_hint=nikita.chroesjtsjov@triaxknm.nl&from=AdminCenterEmail
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1528
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1528 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3792

Network

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    b011d2725e33c0bae4cc6110f1228caa

    SHA1

    98595cb1500ab32b457063d29a60a8ae5496b49b

    SHA256

    cfb146a5a70caac0842df76ab5cffbb524b9964c4a4250473189d053f24ea9ae

    SHA512

    60e98f54414f8e14185dd66570b6f4e1cee6471648b700391e59042249e9546d9baa19a6dd0c0b6b8ea17e1eb4059303b7a584507624d0634a50d957af21bfc0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    5d9dd4af1aa7a040643d3200fc0c5c03

    SHA1

    747a0d733fb23ed3053a7b9e43d3f31ffbbc7605

    SHA256

    b6e0a7322b9c95a177d863f994a1d498ef9a477823d60db36543834eac16261a

    SHA512

    d33fc0ec02c94a2e2fe2dc2967df8bf99ee9586b979d9e79e1f6932711fcd4eab46e92de528d22a56bb5aa32514832f81de7092fbec8ca4fcb13d8faf743aff8

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ckj4gk4\imagestore.dat
    Filesize

    18KB

    MD5

    4ffd1554455a72b7973fceb22f0f5be9

    SHA1

    c9cb1bc4927177b6a1be372c96bc7633bb037d5f

    SHA256

    61f8da7c4d8e2895ea7a346f8624791ab22693e90862711af2ae00f12f9a2531

    SHA512

    1186157923891e18f1da29a7a7becc2ff0e0426e17267fd78dd93c33eba8e99cb809ca1cbd4095a183f9be199ece68f06edd47d58ed688f8eed6f35e7c09f9ee