Overview

overview

10

Static

static

10

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

10

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

1

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

10

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

1

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

1

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

1

ฺฺฺK...ฺฺ

windows10_x64

ฺฺฺK...ฺฺ

windows10_x64

1

ฺฺฺK...ฺฺ

windows10_x64

1

ฺฺฺK...ฺฺ

windows10_x64

1

ฺฺฺK...ฺฺ

windows10_x64

1

ฺฺฺK...ฺฺ

windows10_x64

1

ฺฺฺK...ฺฺ

windows10_x64

8

ฺฺฺK...ฺฺ

windows10_x64

1

Analysis

  • max time kernel
    443s
  • max time network
    375s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    22-11-2020 06:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    index(5).html

  • Size

    14KB

  • MD5

    a04ac97f975fbea37a2e385ae4a48c3d

  • SHA1

    565214f80be60a73779880381991fae1f18872ca

  • SHA256

    003e59cb295e42f6ea30a7576edb2ad902d82fee3f066eb59785a430f38a50d7

  • SHA512

    7039ec15ba0782d757874a3301c6d82982bca25ff11affae170c3a75df5cc02ac1e516d37bbc1fbb0ee190b31f970d71a4ee8a025203f8743ca01e19cec5ceb6

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index(5).html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:984
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:984 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3864

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
    MD5

    ffc04cd305e33221116feebf2eaa50b0

    SHA1

    6aeecd1a32ce6655a43e6b35cb2d0cb45876c9d4

    SHA256

    e0215011ac1136f278389a2a9b9572d9cdbb704f4a2a6d4b9cb8e99eba316de4

    SHA512

    ecd09a4db7f337f7b4b767edca0615262af8785c3dd85e6369037c04eda0865c59949a406e6e016ba8e893e7f740881be22909aa472ea6fd1c38aa3902979a01

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
    MD5

    1f9753ed30b4502162174b292eec54b3

    SHA1

    8a19ea4cfa9569b95c8ce55512af00b64c1867c9

    SHA256

    7b2d43aebc21c56473b614234d63c83199a1a4d580d2039827fbc8150cc10de0

    SHA512

    0b6e4f8a6f67a2ffb3c50f4b8b9b5402e07d887bbd2b1132e0678c898794fdb1e5b913829dfa23f352920acd7d3c29fec4deea7a60e66a948b1f9df1bfefc4ca

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\95J4VP9J.cookie
    MD5

    6e3cbbc1ca0920760fec2d60f4847d21

    SHA1

    97e19806ee514cfe44659f7f437f31cba89aa206

    SHA256

    5a5a8c3db5e13cb8f21f378c552b933c09724d23ff578786f00dc09523d64233

    SHA512

    506d7af907e36479407bdaf6041246cb8578f3864eb2e285741aed6950679aabdd89f7a22362453e2c49d6b369b262c5cfb610e893f390fefecb22f83e4a52e2

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\WH2LIGKY.cookie
    MD5

    bcb547b18533a24f451d380e79207298

    SHA1

    4eebe4fe02e6f8fba8f6fcbfca77c0ead5ebaeb1

    SHA256

    2d27ba587d301cb9e494649d8b6ab2452d9968148a0513f931b7a9a5893c19a3

    SHA512

    b71ee15ba5d8fdb37db9e8b683184be2ee27f81cb76016e797c9101872613fc0effaeee27f2ef294e5d6a97f3b671f78763b7187ca8b96be641f1fc93ffae69c

    Download Submit

  • memory/3864-0-0x0000000000000000-mapping.dmp

    Download