Overview

overview

1

Static

static

Remittance...9.html

windows7_x64

1

Remittance...9.html

windows10_x64

1

Analysis

  • max time kernel
    87s
  • max time network
    148s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    27-07-2021 22:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RemittanceADV_MT103_005059.html

  • Size

    13KB

  • MD5

    709c643cd676e6096013ae0a037d1327

  • SHA1

    9c093d25eb5c9401426a8c9f1c675e03e2fa1d60

  • SHA256

    15e2b43b0a63cb91d71305a3bccf55ecd4f23bba485aba9151a367f9352a3a50

  • SHA512

    d0b5a9ef939b07c823b2330628327de9007228210c0be62fe72c424b2a100d9cf9fba73d942f27822995e7b78b9632e05c009e327fd577a32db517658389a6df

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 21 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\RemittanceADV_MT103_005059.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:804
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:804 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3944

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4344B8AF97AF3A423D9EE52899963CDE_392E45FBA95E3725790CF8B238D49AB4
    MD5

    0ed0763724b940b5bf1fc7dd501bbce6

    SHA1

    5e38d62fb97d48d01d82baaa30eb809137997919

    SHA256

    d8eb34e85eb992996f8a0a5558f6d58175a88a06ad02c4a80ce37668ee7720d0

    SHA512

    30cabfa1ca88d9a8c57ad2df1cb24d84a823ad99c702825287765af1fd4ca91032cf443f3d66ba784b65ba685495a48db244cba9bb3f7a2ba4b8409f086aa3c2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    c3f544b1ccb3d30c4a4d641d42702778

    SHA1

    07c50009db6f83442fbc2764ba58dcbea6bcdc1a

    SHA256

    a7c6104402e1a41d0c9ae3b0a4f5943528314aa48edd72d576068ddc8389ab83

    SHA512

    3553c09e54c6420d81975612e0877d392fbd3ed9730e1a3a87d5e23ed3ca0c4770e8b60bd296baace7e6baec3c084756a687b1b3a959f06b5df41b664db22824

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
    MD5

    b7f295ae2a9910b39f7cf4e32567612e

    SHA1

    164ca148af56d0d9205e94444f6f976301e01db1

    SHA256

    0b2a44370d2b4b5a5b7142ed3b4a4bd95f355751800d574f83fe6072f8867714

    SHA512

    51fb40a8f29b1097ba3d33bc20fd774fba57f98f06c09b0271db4ac161df4281200ded276fded372b32ed39bfea70c04bb71a72af58357ebdc9b8be7dbbe3a74

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4344B8AF97AF3A423D9EE52899963CDE_392E45FBA95E3725790CF8B238D49AB4
    MD5

    0891532dcdbb054bfb8af7b701cb19dc

    SHA1

    39d78501aeac5b1972e330d29f779f260f471115

    SHA256

    ae68ab31d695e80d9d2e156762000f652c74809d90ad3e372f173b4b235b33b6

    SHA512

    f7cd0c8cbac13ea145907cc8a83ec879fca51a506d403af4f47cf3e05f94b237e4878164b2763dc96669cfd9f9b67135cd684b799db581bda46ab713ca572614

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    8b244ecea970cc20a52b9aac54da116c

    SHA1

    a2a64a18427874a1f7a8e3a8ca02a96b5572ed51

    SHA256

    dbe021fde38e83e28893c0f6f299414394f565f41dd7ca178048847f1ec4dacd

    SHA512

    c44c3e002dd6b961a43bfc129f4a31a412c15a9de904d433ca63819f3f0fb372819002da4336198417b96ff3168671f76624e6323cb280f3cb235d1c0a4cdbb0

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
    MD5

    187c4d03b0607df3b23ddbd0d7435153

    SHA1

    3f07f051d2a41a55fef4780e9875f9e3379ed878

    SHA256

    21b48618fe6e1935c73f35c8a89e0b5b4c1dac7c75583d08aad64ad6cdcf09b5

    SHA512

    f736415e23db4eab5fde09a8388fdbc059e5771d50cbd176a8c391744ab0289e4d3afe962747ecca636f4e0e391687450baad4906ea977d4fa835b04009eb97f

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\7IOIZP6D.cookie
    MD5

    66bd610aec8061c86a72032279c0dca9

    SHA1

    092ce1adfaf904914cbd9b377b7dbb3cba2b6d50

    SHA256

    69dabaed75195068b8b74153db5f6dd1ff659c37222eca8730a3fe613e75bd15

    SHA512

    ca14ade3ad1a71a0a0cbe95c5a3da8c5ef6298dd09dba244c0f9e30681bee11f53fcb15fc060a26238064e80aa8fc9adbd1b43fdc17ab837ef6ab05ffd248910

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\DUED4H98.cookie
    MD5

    bd23a026a2e790eec555625ec818f5bc

    SHA1

    80a726854e5a29fd2310f824b9c9522ad8d2d808

    SHA256

    c4fd0de36e92ac26ec26753907265837619db16cc2d4ac36cc09381a023f6aad

    SHA512

    bb373d30eaf78ff31d9f5f2ca215c14bd7a8fb69c00a39e8e771bf726d55c8dd1e4f0d3cfd272501c94ad5a39e830cb1cbc86a6cac6ea6743d32351735395f5e

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\I2U0W739.cookie
    MD5

    5e04d40b22b0cebe9f69df71a59cf301

    SHA1

    026badb0686e3479a8e86ad7d97545c1f0badb2b

    SHA256

    46dec15256901da6a4e01f9c7dc4b30dfd6599dd932c61c3831cb3fcef5a790d

    SHA512

    3e4d02d4fd0c60975e2c09723d344bf27aa27697f372442a2bc2a7ca67052cd554629884dadd699938b3fee90a3beea2ea477f3f88a109df1212c6c4f5d5b7f2

    Download Submit
  • memory/804-114-0x00007FFAA1CE0000-0x00007FFAA1D4B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3944-115-0x0000000000000000-mapping.dmp
    Download