Analysis
-
max time kernel
122s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
27-03-2023 23:34
General
-
Target
https://www.youtube.com/attribution_link?c=coachblog-ytm-acq-int-blog-txt-coach&u=http://hmyy.21.seymenkimyatemizlik.com/google.android.apps.youtube.music/75sfb1rw%20#tj_base64_encode%20aHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tL2FwcGZvcmVzdF91Zi9mMTY3OTY2Nzc3NzczNHgyMjkwMTUwNDQzODE3OTI5MDAvY29sZS5odG1s?em=Maria.Bolanos@txdot.gov%22
Malware Config
Signatures
-
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Detected potential entity reuse from brand microsoft.
-
Modifies Internet Explorer settings 1 TTPs 39 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/attribution_link?c=coachblog-ytm-acq-int-blog-txt-coach&u=http://hmyy.21.seymenkimyatemizlik.com/google.android.apps.youtube.music/75sfb1rw%20#tj_base64_encode%20aHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tL2FwcGZvcmVzdF91Zi9mMTY3OTY2Nzc3NzczNHgyMjkwMTUwNDQzODE3OTI5MDAvY29sZS5odG1s?em=Maria.Bolanos@txdot.gov%221⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3944 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\osplltc\imagestore.datFilesize
17KB
MD5968cf022e7098b72154225b2b9b3b5db
SHA11eca3d7fe27bb136df8aca98edd71257a8095fb8
SHA2562c8deb55eaafd450b0c7ca56a8f0080bba04fa3f1c5f34e77bf7ce22d11ae58e
SHA512f8f469aa90126e3d0bf07e817906c827057d46a904284a398b54a137801c674bc3c7655419d686e5f927d02246d55b81c24cbc2843671413de994067bd8410d0
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\osplltc\imagestore.datFilesize
18KB
MD511b097e14477f8d420b71f0f1f6c5da4
SHA1af88c3c004f3cceeec2e3342358bcda6edb580cf
SHA25600ba5a1ad3fb7b43ff9a751bd8e283d874f7e1176ba5e0d4d1e91987e35a3280
SHA51226b8a485b7cca122702a0aee2446f19a7f757ebc98913d9f73e0f63ebf4f29cbf79c9cdb42b749692c32a39351a4ae2277f53d1d5f3bfa3dbb33c89150365c45
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1IYUAPIF\favicon_a_eupayfgghqiai7k9sol6lg2[1].icoFilesize
16KB
MD512e3dac858061d088023b2bd48e2fa96
SHA1e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
SHA25690cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
SHA512c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YYL8D8JJ\suggestions[1].en-USFilesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee