Overview

overview

1

Static

static

Paymentadvice.html

windows7_x64

1

Paymentadvice.html

windows10_x64

1

Analysis

  • max time kernel
    117s
  • max time network
    140s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    13-01-2021 22:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Paymentadvice.html

  • Size

    74KB

  • MD5

    a3499a6bc97a24bd03b42849e106343e

  • SHA1

    4c4d9f77cf64aa7d102fd4e749fd01b128c548ea

  • SHA256

    cafbc585e0e6bb529bed5212a3d0a2503f2f1a6e9fce3913d7694c501aeb0ffe

  • SHA512

    66e2bfcc0e23ef530c9231489a36ac8f7d65da08046d02c5d7bc77083bfd6f5f084370a8b8a2c4c6263ff6a8b25a18bc833af1e1fb6adb4b4811b79be74113d9

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 66 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Paymentadvice.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:756
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:756 CREDAT:82945 /prefetch:2
      2⤵
      • Checks processor information in registry
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2020

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
    MD5

    14cff04fc2a03ae82e65cc09ae71472e

    SHA1

    d2d7fa1d17d712cdbaad6855181a0467b5533b01

    SHA256

    a4e15d0f205dcfe2a172a632df78ca78dabd24540a54d3bfa96135899b46c3b7

    SHA512

    8a4ba2f5b1e4db4f2c54c2ceaacf24ae890daf4a0cd9b7c90ba8b95c13a0a3dc772ac2742b57373d9f04cb5e967949cd9fe5987d66dcf375894d4fad251dd15b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    a36b44d5adb4041932847abd904a977a

    SHA1

    d26d17290820c64c4139b4677633df29ab51c6b2

    SHA256

    9cff6cca3aa67e7e5ee897b37889577e1cfb2b68036849202a11b33d9cba569f

    SHA512

    4edf5ee43ed3045b027027ee8b4d16595c7e4945eb60d24ea4d37ecbbb9e1333e01cc6a0031af28edcf26b686287f1ad4ae2093853ae71a1747c428e78d0832e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
    MD5

    2444122291de86fd96d824c846473a2c

    SHA1

    7d0a24c4ea906accaaec73756ce64704bed7198a

    SHA256

    ad2087d168e9d1f074d2564842d6d8b67874ab211dbc7ec2c5cc911290cd9382

    SHA512

    40f5938d59ccc876722dd3d25dd73495039c64fef9012f7e08f0a7dcf531cb11d67c79432de8e8bdf7c422178694c865c51ea562edc9c9fd28365d55ffd38da6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    9f07f86b54725097264f85ed5eab0293

    SHA1

    7dc356577c555d4ea1ce6a413541a08b3f32de7f

    SHA256

    c3d16ac869da16bda190493122d9aa0474e64d8b57444c053a35a56a9998dd1c

    SHA512

    552df277eb96a0824a8cfc97016bf83878eeee8b0b8214410ea9b81ff13ca0f02795c09d716981f2309e816c1c6527affa6a971c1ea5fa39ed3ceae79b09678d

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\5J2HMMNU.cookie
    MD5

    4ad0448c3e32d3dc9ab6f59ea246a9cb

    SHA1

    b6c76e107c657371302b4d0f82d424a0f19d9515

    SHA256

    b2c345b27da45b680cddd946ab65b66a980dfc8203d6d49dc1abd6bbddd9c340

    SHA512

    1da30a84073fa249f16c0b798b5ef940daf48485b8e7f489bbcce7f3f1fe9bb535b85834a6eb7d98ad089fc206315772bb3721f24ab710c6a10649910f3fa689

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\9OZW5XE6.cookie
    MD5

    bcb2621efdf36bfd064993e65d543174

    SHA1

    a31f54bafb71f18bdb9800beddb8f52629c69164

    SHA256

    163b50cef8b3f60afce168bd9c3df0bb7c4caf2552d1bd1249c09f137f569b75

    SHA512

    f3195e4ceed04ea135167657b8d2d23adfee73cc6fe080fac15b59b6b8a0b4ed6dabba615c4a1f3322a054add68e28fc848f50c43bb46e93b0e7fb0094c1ccff

    Download Submit
  • memory/2020-2-0x0000000000000000-mapping.dmp
    Download