Overview

overview

1

Static

static

fonts/font...e.html

windows7_x64

1

fonts/font...e.html

windows10_x64

1

fonts/font...vg.xml

windows7_x64

1

fonts/font...vg.xml

windows10_x64

1

index.php.js

windows7_x64

1

index.php.js

windows10_x64

1

js/custom.js

windows7_x64

1

js/custom.js

windows10_x64

1

js/jquery-...min.js

windows7_x64

1

js/jquery-...min.js

windows10_x64

1

js/modernizr.js

windows7_x64

1

js/modernizr.js

windows10_x64

1

js/plugins...min.js

windows7_x64

1

js/plugins...min.js

windows10_x64

1

js/plugins...min.js

windows7_x64

1

js/plugins...min.js

windows10_x64

1

js/plugins...1.3.js

windows7_x64

1

js/plugins...1.3.js

windows10_x64

1

js/plugins...izr.js

windows7_x64

1

js/plugins...izr.js

windows10_x64

1

js/plugins...min.js

windows7_x64

1

js/plugins...min.js

windows10_x64

1

js/plugins...min.js

windows7_x64

1

js/plugins...min.js

windows10_x64

1

js/plugins...d.html

windows7_x64

1

js/plugins...d.html

windows10_x64

1

js/plugins...d.html

windows7_x64

1

js/plugins...d.html

windows10_x64

1

js/plugins...min.js

windows7_x64

1

js/plugins...min.js

windows10_x64

1

js/plugins...min.js

windows7_x64

1

js/plugins...min.js

windows10_x64

1

Analysis

  • max time kernel
    108s
  • max time network
    156s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    30-08-2021 06:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fonts/fontawesome-webfont3e6e.svg.xml

  • Size

    433KB

  • MD5

    912ec66d7572ff821749319396470bde

  • SHA1

    98a8aa5cf7d62c2eff5f07ede8d844b874ef06ed

  • SHA256

    ad6157926c1622ba4e1d03d478f1541368524bfc46f51e42fe0d945f7ef323e4

  • SHA512

    4f575d52331de91a2e32cc3408dd0eaf0cf25b7244d34b226314e3647e85ce284f86e3b7238c6c8b9022dc4e2787bf51620849290cdcd5d4c4bc905f289d2156

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\fonts\fontawesome-webfont3e6e.svg.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:584
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fonts\fontawesome-webfont3e6e.svg.xml
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1896
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1896 CREDAT:82945 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3356

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    fb9ed523ba700d7bd169da09f80f35cb

    SHA1

    52b48d4ab50a3d34f15054c485215ad78b84a020

    SHA256

    9ad885119fb1556ae1f94eeb9a78709bc300c956d5de41ec19a84cdbc0ac7411

    SHA512

    44f3cc19d96e765a719d89273f1f2ff3d26eea5a274af97e136764fe63c0aaf72b343c6e6ce271e49d167f8c875566259d9b12245c7b05f69bd3bc17dc624ad9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    9e973fa86313e220c7332acc051f6364

    SHA1

    8c47171da62400c79231f33a49a48d02db90cf6e

    SHA256

    35930802ffe1ec55e11275ac2662231a516b7997443e6ab1d1f2143efb472745

    SHA512

    f64a3cd63e22364fc5124e78afb2b1c251d9332efc0be42c189df7917866cbd9b82fc841c0e1d155723ba5d33fd502d01f7662b3926891db30f046655bb57009

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\2IFANN2X.cookie
    MD5

    83fefb6e76b559e04c76efa4a24fbb42

    SHA1

    056ef8b1e0584d918c46d7edf77b47def2382029

    SHA256

    b92d66d967b1f22675c10346c797aeecf5e60022c0ed9a1a871eb06120162e69

    SHA512

    405eeb586883337cad1851f3c80d7f9dacaaaba4089bd264f241818701ec618e1e89eed62cd3704acce23ca8f8957ab57dc1982c20d77aafe23dffc2cf64504b

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\NS6DPC81.cookie
    MD5

    1fef4f20a0d4b249a12b65041a8a5f94

    SHA1

    adb1418338aba8e4808c95489faf3dadce6331af

    SHA256

    605b9ef8982cdc3ac4c27cec3802c37bcb8d8b5175f99f498f9a019505b0a7ae

    SHA512

    9551c7357ac18f40b4c99dce7480b05d998a7462e0a8a1d69f0c16a80801a40178b47b55b141bd48313904b3110ff6a88734f2264397920f9e1b5267f768df43

    Download Submit
  • memory/584-121-0x00007FF9EE820000-0x00007FF9EE830000-memory.dmp
    Filesize

    64KB

    Download
  • memory/584-123-0x00007FF9EE820000-0x00007FF9EE830000-memory.dmp
    Filesize

    64KB

    Download
  • memory/584-124-0x00007FF9EE820000-0x00007FF9EE830000-memory.dmp
    Filesize

    64KB

    Download
  • memory/584-125-0x00007FF9EE820000-0x00007FF9EE830000-memory.dmp
    Filesize

    64KB

    Download
  • memory/584-126-0x00007FF9EE820000-0x00007FF9EE830000-memory.dmp
    Filesize

    64KB

    Download
  • memory/584-117-0x00007FF9EE820000-0x00007FF9EE830000-memory.dmp
    Filesize

    64KB

    Download
  • memory/584-120-0x00007FF9EE820000-0x00007FF9EE830000-memory.dmp
    Filesize

    64KB

    Download
  • memory/584-119-0x00007FF9EE820000-0x00007FF9EE830000-memory.dmp
    Filesize

    64KB

    Download
  • memory/584-118-0x00007FF9EE820000-0x00007FF9EE830000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1896-122-0x0000000000000000-mapping.dmp
    Download
  • memory/1896-127-0x00007FFA21D50000-0x00007FFA21DBB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3356-128-0x0000000000000000-mapping.dmp
    Download