Overview

overview

1

Static

static

Payment Re...7.html

windows7_x64

1

Payment Re...7.html

windows10_x64

1

Analysis

  • max time kernel
    92s
  • max time network
    151s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    27-07-2021 19:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Payment Receipt 143047.html

  • Size

    395KB

  • MD5

    349b929eb818020e25e9e9caba48d037

  • SHA1

    4ca79257f94c77051e4423227c9ae7a89c39384a

  • SHA256

    d2f547411e755379465b33ed201bfbe94a2b50f470d15fb8eb1282069fbba48f

  • SHA512

    bd7cf623914642925e0b75d39ad9fa015782efb6c3229dcecbafcfd72a8f5edc94f2ef937c45889f5c504ae4809e4ce8ea760007491d9f47db71803b4e781368

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Payment Receipt 143047.html"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3944
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3944 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1632

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    c3f544b1ccb3d30c4a4d641d42702778

    SHA1

    07c50009db6f83442fbc2764ba58dcbea6bcdc1a

    SHA256

    a7c6104402e1a41d0c9ae3b0a4f5943528314aa48edd72d576068ddc8389ab83

    SHA512

    3553c09e54c6420d81975612e0877d392fbd3ed9730e1a3a87d5e23ed3ca0c4770e8b60bd296baace7e6baec3c084756a687b1b3a959f06b5df41b664db22824

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    ffbf582ac043a5070494ebadefdd0170

    SHA1

    574ff1c525a551df1b908797b392f44fdc7e1f3d

    SHA256

    1249aac6d152644c28476e1b6c5cfb9a437c14189273267a82ef26201f0c3530

    SHA512

    0b3b877813c3ac79345d6ac6d80eaf9ccb4d0d748dd943b7100775391bc3ddccc921f359341ab5343e51b7f3c4dd3fad64957518d15629c2087b247f0d4d3f4c

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\JRVZHH17.cookie
    MD5

    587a73b14a11b55165c8abe85a837658

    SHA1

    94676f7f0abc7cb8bc19472426b940b5c4c76f6c

    SHA256

    69cab4ea07c2709ac5f4d3ff190c642da6bf9c63fe93590435fc02942f158541

    SHA512

    d2554a550870e23a740edf351e4ffbda0bd14b88e3d94930a673568be0137f35dfadbbe36e69416790e35e2245181c87e1c50e11b0efe5179e9a255dbdd387c2

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\Z3E1QDV3.cookie
    MD5

    77b09b33482ba6835419e28a3db32218

    SHA1

    fa4ab75f70bd6c0314070730d1ecff5739a9d538

    SHA256

    3fb2d17d3ebc9e18e96cec56a949f598a456718e7ffabb35cf49899b560f6029

    SHA512

    0cb9d6c10628b3c43ca39d93785eab20120a2bb9bb4b2462397da32e4ae8c3d916e7ed26671b893d06e9bd0818c31b34fb997865a51d1e9e69ac56e92e6e2361

    Download Submit
  • memory/1632-115-0x0000000000000000-mapping.dmp
    Download
  • memory/3944-114-0x00007FFDD5650000-0x00007FFDD56BB000-memory.dmp
    Filesize

    428KB

    Download