Overview

overview

7

Static

static

favorites_...0.html

windows7_x64

7

favorites_...0.html

windows10_x64

1

Resubmissions

05-11-2020 01:22

201105-g62xn2nnt2 10

05-11-2020 01:17

201105-lj69wwasf6 7

05-11-2020 01:11

201105-ajwh7dz4gn 9

05-11-2020 01:07

201105-wexjpqxels 7

Analysis

  • max time kernel
    92s
  • max time network
    141s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    05-11-2020 01:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    favorites_10_30_20.html

  • Size

    410B

  • MD5

    dadb7dbc14491c4a8455a2f7c55807d7

  • SHA1

    70665fce8130d091c50519e214f5423224eef0e8

  • SHA256

    1fc3cabbb795381877c9724be6c815e80890eee322dce82be1994a3cd9ec22ca

  • SHA512

    b05f0cb29422be6900a3f0129fa11a92268387d3f9ef30cf76dfb083f7a340dee3191ef408acf07b81d113cf8d743ebbaf6e31c036c7d73ac112877e4643e40f

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\favorites_10_30_20.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:944
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:944 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4064

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
    MD5

    90e7daddaae62511d4a60f9062ad5a60

    SHA1

    ff2d2fdad2e871b57ddc8a61cbabece1f72be778

    SHA256

    e7df9cb411fcbc42537a087158841da1a3357a11f13846b238ce816dfb02bcad

    SHA512

    6666b82c3e6a21f359a3bbea9351fb06ffa52b33ca17d885d1ea1afdf35ab0be57667aa8a36238998141a9a34ca7a9029807c1a3a488df8df852792cd8f9f446

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
    MD5

    e6d14a6ff40ff2818086d4e0d1c6bccc

    SHA1

    f02d4594e8bf9515bf8f1ecd8aab94f0876fc71c

    SHA256

    2eb7a511e474bdbc832969ce17f5645702f097a5d885b09612a1dcaaded2919f

    SHA512

    a2337b9fcb30cd311551a6b4584ce8c2ee4b98048a26cf65ed178db529c27342ea857e70a358ad934a00b0478162057c287216ca81b3b13457323ae51510e98c

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\LSU52147.cookie
    MD5

    46ae0abc76a19e56b31920f95a088a5c

    SHA1

    3142b631c340168a0506b2b5bad64febf765b5e4

    SHA256

    7cefb5c17adcf026f3715ee06df593d6a6c69ee18d916cfb709d245adbcccf2b

    SHA512

    acc5efde7c7f430d565684a8d94d7fe47cdd6ee70c8b7895d5452925d8799bcb421258fbf5e0f08d68cb3ddb0672cca09bdb48cdec201e7f1c96da6adfcf3896

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\O9HR75YS.cookie
    MD5

    ca99930a7f05d698efe10b48c87868af

    SHA1

    5b104521e291d4c98bd00b717ff7088ee437463f

    SHA256

    eb65155e161c40e1ea417aa0853de01f6e30d61d031ad7ff2e149510cec3ba83

    SHA512

    6973f75c5bf9e26249c567408a6a36d32f6e321a7aad05dc95a94dd9b277476c79f28599bc84acbc298ff9579acab29b6002494a7f8be11b0a0492d84368f897

    Download Submit
  • memory/4064-0-0x0000000000000000-mapping.dmp
    Download