Analysis

  • max time kernel
    142s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/05/2024, 22:43

General

  • Target

    Text%20on%20gif/logo.gif

  • Size

    1.6MB

  • MD5

    9980878ebe1fd23b8943f2204f9c564e

  • SHA1

    b5bac5d393108de240cb4f6560c97e1a70568f73

  • SHA256

    1ff74e138c9644d9805320bd0d94d716c631cc8d5ad080a6ef3e35c0b631a73a

  • SHA512

    890ebe10cd41a62669bb2bdc0336c29e1e284c3d9218245993a1dd8329e8eaad05d387fe05656c659da391cb1a989d09f7dc93e2d84e5a7b53f03b0a1bbd9ea1

  • SSDEEP

    24576:rvtCNBGVw2v6ZigvLk3n+7yLhwqa2a1GYUP0HhvXN9k1iklE0tGAzsy3uLDYWymH:rvtfvgQXNo1mP0h6iklZZ6sKgjGlXD3

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Text%20on%20gif\logo.gif
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2332
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2332 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2400
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5196 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1552

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

      Filesize

      471B

      MD5

      78207b82cd88741596bfbe35667bef0c

      SHA1

      d2aa9f014d12219d074f7b4c92efebbf8e615791

      SHA256

      55b97539e3725b2fd6fdbb103e48b51e8cc3b4dd33e3e3c5d74bdfd54e48d01d

      SHA512

      2b7a26550c51d8bf6eceafcf1ca47f2f02f02700b13ac2684442592b5a774f9a667227ac9865387234c556fd24de20239edd1b2e9085025840ecbc844a480083

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

      Filesize

      404B

      MD5

      1df8c673305a1cc5256117813d43cfc2

      SHA1

      c884e950c1414c10d908ef09026038be70fe3852

      SHA256

      aa854bda9c1ec2a0482b866d9986b7315261c54dc8e98e22d19a509adb43dd42

      SHA512

      97bfaf072088ee1f60ad59005c624a216f3dd2e3018ad265371153bf347d3fa328da258c2df893dfb54fc48a5b9c8cb1cd35b62bc5b2e92a6721f6d56e1c87da

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\suggestions[1].en-US

      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee