Resubmissions
01-04-2023 15:00
230401-sdfwcacb3v 101-04-2023 14:59
230401-sc7mnscb3s 101-04-2023 14:56
230401-sbgpvsaf95 601-04-2023 14:53
230401-r9pmpaca9t 701-04-2023 14:50
230401-r73rjaca8t 601-04-2023 14:48
230401-r6gsnsca7s 101-04-2023 14:45
230401-r4v8aaca6w 801-04-2023 14:42
230401-r24rmsaf49 801-04-2023 14:39
230401-r1h4jsca4s 101-04-2023 14:36
230401-ryy2zsaf34 1Analysis
-
max time kernel
142s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
01-04-2023 14:48
General
-
Target
https://we.tl/t-VCeNt9Cn60
Score
1/10
Malware Config
Signatures
-
Modifies Internet Explorer settings 1 TTPs 13 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 9 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://we.tl/t-VCeNt9Cn601⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3952 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4952.0.1846001492\619094800" -parentBuildID 20221007134813 -prefsHandle 1824 -prefMapHandle 1816 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9781144f-495e-49b3-9135-990432deef4a} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" 1916 1ce9d580a58 gpu1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4952.1.2005984321\1229194937" -parentBuildID 20221007134813 -prefsHandle 2296 -prefMapHandle 2292 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3516382e-13e6-4687-a3f0-617997f60317} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" 2308 1ce8f672b58 socket1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4952.2.1358588248\1142354335" -childID 1 -isForBrowser -prefsHandle 3068 -prefMapHandle 3140 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e51ce75-5266-44da-a3e6-6a6ebb4e4099} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" 3132 1cea0059b58 tab1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4952.3.278245842\1045292756" -childID 2 -isForBrowser -prefsHandle 3300 -prefMapHandle 3272 -prefsLen 21115 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9cf3089-dc5f-4da5-b84a-25cfc07671f8} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" 3068 1cea005cb58 tab1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4952.5.505690502\471590396" -childID 4 -isForBrowser -prefsHandle 3652 -prefMapHandle 3656 -prefsLen 21115 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2117944-8657-4d46-8ae8-963e8f5b1224} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" 3644 1cea0682e58 tab1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4952.4.1606980951\1544590435" -childID 3 -isForBrowser -prefsHandle 3460 -prefMapHandle 3464 -prefsLen 21115 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8569d133-5a79-4150-9d44-bb341f69d9a4} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" 3456 1cea03d6e58 tab1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4952.6.1001261001\588533451" -childID 5 -isForBrowser -prefsHandle 4088 -prefMapHandle 4084 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {907d080b-1201-4a57-9cc0-6f5cb756221e} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" 4104 1ce8f65b258 tab1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4952.7.1199870796\1741600622" -childID 6 -isForBrowser -prefsHandle 5356 -prefMapHandle 5348 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2297bae-a565-4f41-969e-8672623c4950} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" 5388 1ce9e8e1258 tab1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4952.8.366106671\421082149" -childID 7 -isForBrowser -prefsHandle 5532 -prefMapHandle 5536 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5836598c-555d-490c-b598-24eecb1b7d5b} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" 5520 1ce8f660d58 tab1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4952.9.1537172561\596618562" -childID 8 -isForBrowser -prefsHandle 5924 -prefMapHandle 5920 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35e5c132-705a-46e3-8d37-b035823ff937} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" 5932 1cea2cbdb58 tab1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4952.10.1176901433\2012686633" -parentBuildID 20221007134813 -prefsHandle 5772 -prefMapHandle 5764 -prefsLen 26930 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7305300-a5f9-4771-84c0-56409c3ae79f} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" 5748 1ce9c50d758 rdd1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4952.11.504101526\1616624258" -childID 9 -isForBrowser -prefsHandle 3448 -prefMapHandle 2888 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {478afd26-9db1-41ba-b8fb-48f62749ce6c} 4952 "\\.\pipe\gecko-crash-server-pipe.4952" 5892 1cea06bc758 tab1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_memz-trojan.zip\MEMZ-master\WindowsTrojan\Data\KillMessages.txt1⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_memz-trojan.zip\MEMZ-master\WindowsTrojan\Data\Sites.txt1⤵