Overview

overview

1

Static

static

Remittance...5.html

windows7_x64

1

Remittance...5.html

windows10_x64

1

Analysis

  • max time kernel
    91s
  • max time network
    154s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    27-07-2021 21:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RemittanceADV_MT103_00545.html

  • Size

    13KB

  • MD5

    28f790665cb8534ddda1b9d9ae4bc2bd

  • SHA1

    f5991d90e1a937a2207aeef03dc0ccfc1e4cdd80

  • SHA256

    af16cc903f1ea13f584c4fc0cb87d1c012cf4d8329059c41a8ce1ea11572cffb

  • SHA512

    88d072ad44fe800b9e8c97f35f75abef3567ec362a634cbc6805fe1fab3af602e7bec4baf848589d4d33c38ede338aa6b5f7de9e4622697a5d3f844dcb1e98b3

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\RemittanceADV_MT103_00545.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3128
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3128 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1400

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4344B8AF97AF3A423D9EE52899963CDE_392E45FBA95E3725790CF8B238D49AB4
    MD5

    0ed0763724b940b5bf1fc7dd501bbce6

    SHA1

    5e38d62fb97d48d01d82baaa30eb809137997919

    SHA256

    d8eb34e85eb992996f8a0a5558f6d58175a88a06ad02c4a80ce37668ee7720d0

    SHA512

    30cabfa1ca88d9a8c57ad2df1cb24d84a823ad99c702825287765af1fd4ca91032cf443f3d66ba784b65ba685495a48db244cba9bb3f7a2ba4b8409f086aa3c2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    c3f544b1ccb3d30c4a4d641d42702778

    SHA1

    07c50009db6f83442fbc2764ba58dcbea6bcdc1a

    SHA256

    a7c6104402e1a41d0c9ae3b0a4f5943528314aa48edd72d576068ddc8389ab83

    SHA512

    3553c09e54c6420d81975612e0877d392fbd3ed9730e1a3a87d5e23ed3ca0c4770e8b60bd296baace7e6baec3c084756a687b1b3a959f06b5df41b664db22824

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
    MD5

    b7f295ae2a9910b39f7cf4e32567612e

    SHA1

    164ca148af56d0d9205e94444f6f976301e01db1

    SHA256

    0b2a44370d2b4b5a5b7142ed3b4a4bd95f355751800d574f83fe6072f8867714

    SHA512

    51fb40a8f29b1097ba3d33bc20fd774fba57f98f06c09b0271db4ac161df4281200ded276fded372b32ed39bfea70c04bb71a72af58357ebdc9b8be7dbbe3a74

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4344B8AF97AF3A423D9EE52899963CDE_392E45FBA95E3725790CF8B238D49AB4
    MD5

    37c2ec85b8a6cd17c7067567884e4552

    SHA1

    7815b516c854d935a1b368f48d75593545d7c414

    SHA256

    c77d68b413d02d0a5337417caa6e9d8f5e94cf32f9de1059d44b0ad12e867aa3

    SHA512

    1f98f1a86a832ea71b7b09116aa131787d6c9c5e0e9a9801255b6a4243136d299ad05bc9ab704124f19a83810c9650305d93f0e98b78f2b4dea8d3c9921fdc2d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    d4e243ad515e84baeb249fa989fe5bfc

    SHA1

    8460f8e011fee9e06bb2a989028238ab2d3259ce

    SHA256

    2069b51f20286de81b5419619f954e2f8650f8d57698da7975fadeaa6c08cffe

    SHA512

    5d42a8709581ad60ed121fc941fbf9904ac2ceaf318f7a91abd3c505fc90df8432e043fed3bc9fca7a2e751da2490bf709e0bb774b8f79b0209118a76a689ff8

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C
    MD5

    467b21a01edd31284734cc711b7a76ab

    SHA1

    cd2cdb1300fb79c5e6331ed6d5918d1a7982dd93

    SHA256

    654c9e5928db8f2e9faf220ef4332b1176fdc1e14ef6ad37affc31a1fa9ab5a8

    SHA512

    9855bb809834c5564e69da5278c8e66b56f34a4d0c9c5ccf25179af658c4d98d07afa111c7d69e7779f1fb13cc9af37bd87347928a34b600046c72325a4249dd

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\19UUDW1D.cookie
    MD5

    d4fb0528b4914fe48e18642a325c0474

    SHA1

    eb7a3fdbfad73298dd112acbeb88c97281b895d2

    SHA256

    86a6e52875e08f980d59b79f82c65a402be22ec80693bff8db291e2639900c4c

    SHA512

    7fda50f9a0da44b6f424936ccd35a88547a9b9d07ef01320874224c16d16999ae5731e0dbda9e268a54fe5522df8e515f920186144480d3fde5bdd8c1cb7484c

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\4TCLIZO3.cookie
    MD5

    ceb80024d93b0950a7a74bb537fe3694

    SHA1

    246c8643b9f0e9ad541c9a57fec7b3d9b48aa752

    SHA256

    0bc8450194bdc01c509e0d9c70ffa25baebb9ca56353e0065ffa39f995ea8297

    SHA512

    d2657905fdeedfcfd1e5c7ab330dd6dbe2e85d4d564801f461811a52e14f278383761edfeec8b1cf9c27673e6e487f7363b167e6495a4aff8805135cd338032c

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\8LYLTDOC.cookie
    MD5

    77336fcbf35febd155bbea31cbc165a0

    SHA1

    2b9fd8875a415286afbb10802386a20bac4ae495

    SHA256

    acb516e7d8ee476283d94871b84210441e465421e6e65e0930529a3676a2e62a

    SHA512

    2e91812cae8f62cd76742ca13794a82e6b84c05ec420ccde830ee37261dfbf032f33479b6bc49724933871a0bfa37dba0f10994d8ada579dc791aba2089c77f4

    Download Submit
  • memory/1400-115-0x0000000000000000-mapping.dmp
    Download
  • memory/3128-114-0x00007FFAA4B30000-0x00007FFAA4B9B000-memory.dmp
    Filesize

    428KB

    Download