Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://62.182.86.140...

windows10-2004-x64

1

Analysis

  • max time kernel
    158s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/05/2023, 01:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    http://62.182.86.140/main/29000/b5776f46333ce948a82372c1cfd78ac1/Xiaodong Wang, H. Vincent Poor - Wireless Communication Systems_ Advanced Techniques for Signal Reception-Prentice Hall (2009).chm

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "http://62.182.86.140/main/29000/b5776f46333ce948a82372c1cfd78ac1/Xiaodong Wang, H. Vincent Poor - Wireless Communication Systems_ Advanced Techniques for Signal Reception-Prentice Hall (2009).chm"
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2284
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2284 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1612
    • C:\Windows\hh.exe
      "C:\Windows\hh.exe" C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\Xiaodong Wang, H. Vincent Poor - Wireless Communication Systems_ Advanced Techniques for Signal Reception-Prentice Hall (2009).chm
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1120

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          471B

          MD5

          1e391ce24e7ed996e412d5edf310ccda

          SHA1

          4f23a6cca7e719ca6df97b491aa421f4c9770f7d

          SHA256

          5276eca80f733056a477e1a10b8d91d4d2292ba2bfc424e1638af80301aefa8f

          SHA512

          2e78d95590e77b91ead8ab8ce6568243684eb56af7facf1e646207fb767dc1d54f3aae3872506bca59de886e5e2a689892c8a6cd5d9a32b1b64e183d10e27e48

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          434B

          MD5

          133e12ca81dc0771352995ed8f9c9a93

          SHA1

          cbdb7f644642aba3984bdb8dc08ee80daf8345cd

          SHA256

          e292eb5e6a9c9545ad5411e4352f16d2f9fca97380d9fa748e3c71320b093302

          SHA512

          b2f1af925219c3ca61a45688179b96a1ec8d433d5bb188d7d70b2b9bda2aaee80b529e9498d23fd07f8b72099e8c4ec54bceaa2246c239db325b413db7c00315

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\Xiaodong Wang, H. Vincent Poor - Wireless Communication Systems_ Advanced Techniques for Signal Reception-Prentice Hall (2009).chm.uv211w2.partial
          Filesize

          12.0MB

          MD5

          b5776f46333ce948a82372c1cfd78ac1

          SHA1

          0c746f21df63bc3f7b847be1b492ef8ad3e58a0c

          SHA256

          9b79425f33465636b1da21a3d1b28d4013ba5d8f2e2e54dc907b5d55bcdd04b4

          SHA512

          c5ff2902f42a7ce19eeb86e243a13caa24c9b2e0ba9d92148cd937488608adf22503d620aab1e2d5f21501d6962ba79257da9fba655931ca31fc3d848b68ede2

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\suggestions[1].en-US
          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

          Download Submit

        • memory/1120-168-0x000002766D7B0000-0x000002766EE27000-memory.dmp

          Filesize

          22.5MB

          Download