Analysis

  • max time kernel
    147s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7v200213
  • submitted
    14-02-2020 05:25

General

  • Target

    http://www.spaceindia.in

  • Sample

    200214-d3gylp3gee

Malware Config

Signatures

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
  • Modifies system certificate store 2 TTPs 13 IoCs
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.spaceindia.in
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Modifies Internet Explorer settings
    • Checks whether UAC is enabled
    • Suspicious use of WriteProcessMemory
    • Suspicious use of SetWindowsHookEx
    PID:1996
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1996 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Modifies system certificate store
      • Checks whether UAC is enabled
      • Suspicious use of SetWindowsHookEx
      PID:852

Network

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Discovery

System Information Discovery

1
T1082

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\on2pd4w\imagestore.dat
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\R7UON7J9.txt
  • memory/852-16-0x000000007EF20000-0x000000007EF30000-memory.dmp
    Filesize

    64KB