Overview

overview

1

Static

static

irs/bank.php.js

windows7_x64

1

irs/bank.php.js

windows10_x64

1

irs/card.php.js

windows7_x64

1

irs/card.php.js

windows10_x64

1

irs/confirm.php.js

windows7_x64

1

irs/confirm.php.js

windows10_x64

1

irs/images...vg.xml

windows7_x64

1

irs/images...vg.xml

windows10_x64

1

irs/images...vg.xml

windows7_x64

1

irs/images...vg.xml

windows10_x64

1

irs/images...vg.xml

windows7_x64

1

irs/images...vg.xml

windows10_x64

1

irs/index.php.js

windows7_x64

1

irs/index.php.js

windows10_x64

1

irs/js/boo...min.js

windows7_x64

1

irs/js/boo...min.js

windows10_x64

1

irs/js/jqu...min.js

windows7_x64

1

irs/js/jqu...min.js

windows10_x64

1

irs/js/jquery.min.js

windows7_x64

1

irs/js/jquery.min.js

windows10_x64

1

irs/test.html

windows7_x64

1

irs/test.html

windows10_x64

1

Analysis

  • max time kernel
    134s
  • max time network
    158s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    30-08-2021 05:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    irs/test.html

  • Size

    23KB

  • MD5

    f8968b5cec271891dfec168f814a0ed7

  • SHA1

    b31cd27358e4fe531ee61836b41a943e9c9e2ccf

  • SHA256

    2833d9fb8fa07e55dd18b5b22af852f793dcfafc9c645d40b0ca0f42cef5f556

  • SHA512

    52e72de8202587fea152098d68cbbb10faeefc05bbd943ab898d5dac361d6560e0f95642af19a024e6e589a7c77f2e3cf594b9e37a2c4148ada62b90e583202f

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\irs\test.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:564
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:564 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3524

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    fb9ed523ba700d7bd169da09f80f35cb

    SHA1

    52b48d4ab50a3d34f15054c485215ad78b84a020

    SHA256

    9ad885119fb1556ae1f94eeb9a78709bc300c956d5de41ec19a84cdbc0ac7411

    SHA512

    44f3cc19d96e765a719d89273f1f2ff3d26eea5a274af97e136764fe63c0aaf72b343c6e6ce271e49d167f8c875566259d9b12245c7b05f69bd3bc17dc624ad9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    e8518413c883b9e971a2f69a9f74fd64

    SHA1

    c6105c8fb5eda58407343ec3b073cacb07b37d8e

    SHA256

    0810130ec31435eaca556aee555a1b86c0f9425be0a666012504464478b99371

    SHA512

    6376e89813b410432622ab39fdc9608b5c76d060913246fdd6c4d31766865251e63395ff9ae8364e1d6b7575a2df13feda1056e717e0d18954e0e5b2d73419b3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\BR3LU8U7.cookie
    MD5

    fe8c8510baf4ab5553c7e9d9953e43a9

    SHA1

    4faf6599eb252ef8188878c66a20d374654629e1

    SHA256

    de327da05812101cfc87c7d572009a3817f6d477f2d29035d6de01d72a096c55

    SHA512

    3cdba487c6f69eee3f6e96cadd69cd3dbe594cc9ef9df43687df4c290249384591366bc6477824f1fa8976654c1844baf2ce30c27654917099efd37f1cfb40f9

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\FU5A8G7W.cookie
    MD5

    36d9e340f5626eac899882dd38d08c78

    SHA1

    22e66ce00813472e6d6abbdd0df5dc3d145f4d5c

    SHA256

    d3adfe93a68f8138810e1365ccd652474ae356d41e84be3304bd6f7e4f21b402

    SHA512

    41dff5529914a3822f372ab79befff6ea67bd03673636ab2e7b3c49854bdabf34203777ef14d2d7fe29a15d50491a83cab03f8cd5f050b8b792559eca6c2c2a6

    Download Submit

  • memory/564-115-0x00007FFCBD950000-0x00007FFCBD9BB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/3524-116-0x0000000000000000-mapping.dmp

    Download