Analysis

  • max time kernel
    83s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-06-2023 02:10

General

  • Target

    http://mediolanum.natflix.ca

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://mediolanum.natflix.ca
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4556
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4556 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3968

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    471B

    MD5

    0a18c4e5d48519f11d47e21d48beb4c1

    SHA1

    ef72edf3da93c8438e33829542296d86b9608d48

    SHA256

    572990d6df4be97a68222158083b64bc4391b26347069435b00407b3fd1d0e0e

    SHA512

    d6b78a5a080d0339a58a490122c80165dd3cce9ef1aad17e6363814859116c91a05142a5b8a7de4cbae658c9cc754dbbc1c99f96f139a17303db3f749ab6b7d8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    404B

    MD5

    3d039b1fb5315e4fd33d752b30881b8c

    SHA1

    0dd9e56f65129e135912005ae34e415a274891ea

    SHA256

    e86699f8f3cc9c05c2f9ae76543a302eb230b7f912568f0b3c45ae49b3281fef

    SHA512

    16f7dcac37afecca41e2a7437bda90f8b8243eb5ff31ec9f9b220b8d2ff00026a826d0a30bbb9c7df0f65eecdf67252c521e33924a961c13f8ef64b9da4645db

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\95fmw5u\imagestore.dat

    Filesize

    16KB

    MD5

    92a725f14336af62be0de6e39fb8cffa

    SHA1

    30ebde9b69f0f85d1c5bfcc45a29fb484e6af0c7

    SHA256

    acdb3369f4fad74e3654968e37b96a9aa6502150e0fbe5a8319537bbe37e09c6

    SHA512

    043a2fa0d01eed3ddd5af5b326b6a8a6384e760ad5962ea0e782c28c89094cb98e485d1d9eab871cbcb053a3a15b8c851e82484ec7f80635c2eb15f178138536

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1B83N948\nficon2016[1].ico

    Filesize

    16KB

    MD5

    41b45fdce09bd6acd07c7a8949da675e

    SHA1

    931e18dfc6e7d950dc2f2bbdfe31e1ea720acf7c

    SHA256

    abe8012eb65c0dc0ac3e87dcc1e60e1908ebd8f12b7c47a5df1856f7a7bb1edd

    SHA512

    a650426e681161f3673d5e56c1f6c45d609715f07e85b3a3b2c610d293fbcb04a882ac9f92e65977a7145ef45035d08870de3ab6ba331daa2ee2fb4b1ce83296

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P8NMKCW2\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee