Analysis

  • max time kernel
    69s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30-01-2023 16:03

General

  • Target

    https://www.post.lu/documents/35703/5319535/POST_Logotype-circle.png/80c57083-77dd-4a7a-8e7b-9223afab8644?t=1498562277275

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://www.post.lu/documents/35703/5319535/POST_Logotype-circle.png/80c57083-77dd-4a7a-8e7b-9223afab8644?t=1498562277275
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1096
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1096 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:964

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    340B

    MD5

    528dec20f7ee436f98db8119a04c1d9a

    SHA1

    8ac6f067f945ae3b9f0d7273561b83440a9ad274

    SHA256

    d65a846e5874cb6d519ef5160eafb6459e21b791e624b020f129b785cc184ceb

    SHA512

    c6c2fc2be0979eb6997dda486c41f58e487b96f485225d1a83712a1ec9a64a22b3bff3cb6d54efea180194f35546f0e0dd891d6f330c51ce4912e57aeb649f3c

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1evexod\imagestore.dat

    Filesize

    5KB

    MD5

    d878f935ffd755837040a69f2530728f

    SHA1

    7a38d204434ed137cb836e26bb329048a30ffa4b

    SHA256

    d6c762f82f265b7242bcd18d03ab279f5260398ea7c26fef0a0a07195a8e6e68

    SHA512

    7dace2e845cec3d5f0db122932c213a016eee85d57ddc4aaf24c38dee8d9cced0a93455e9bfed1cc244bb6d9ad99ede9976b171e8517224ae760260aad4d94de

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\87ST3YPU.txt

    Filesize

    605B

    MD5

    fefe8b648795b076204c253db5f56ef2

    SHA1

    26ac94011f3ff44e33f95391e9f51e1d27f9dc4a

    SHA256

    3ef63acb89d1f0fc0d03e5630989cd1ed2f2e3d6c1f1356eb5440d30d43e3414

    SHA512

    3f65028aeaa7cc15b6bccd914762f759413e81fd16ac546f61ca97498168e409d21c07b9291bc704b1a11fe0d1e3a827387a75d3d27831588b5b87d5a9d963be