Overview

overview

1

Static

static

worldwide/...min.js

windows7_x64

1

worldwide/...min.js

windows10_x64

1

worldwide/...min.js

windows7_x64

1

worldwide/...min.js

windows10_x64

1

worldwide/...min.js

windows7_x64

1

worldwide/...min.js

windows10_x64

1

worldwide/...min.js

windows7_x64

1

worldwide/...min.js

windows10_x64

1

worldwide/...min.js

windows7_x64

1

worldwide/...min.js

windows10_x64

1

worldwide/.../ui.js

windows7_x64

1

worldwide/.../ui.js

windows10_x64

1

worldwide/...ew.htm

windows7_x64

1

worldwide/...ew.htm

windows10_x64

1

worldwide/...php.js

windows7_x64

1

worldwide/...php.js

windows10_x64

1

Analysis

  • max time kernel
    135s
  • max time network
    157s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    30-08-2021 05:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    worldwide/worldwide/new.htm

  • Size

    19KB

  • MD5

    e4bc913bb65e6b15f20afcbc99b11661

  • SHA1

    df0a2e007578235812e199bd59dc2ba14f6d0b51

  • SHA256

    4541246f0ebfb47423d35be9f8ab53184c8fadd81fdb2ee8db9a016243ffca94

  • SHA512

    c8daf7ca5f0ddce636c124a24a447f0ff7caae98dad45ecb18a8c22d96ff87fb8f6b07f86ddb002ee20275185b131ec42e8bda1f08fe0cd35a22cf0b79b8e67c

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\worldwide\worldwide\new.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:908
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:908 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2964

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    fb9ed523ba700d7bd169da09f80f35cb

    SHA1

    52b48d4ab50a3d34f15054c485215ad78b84a020

    SHA256

    9ad885119fb1556ae1f94eeb9a78709bc300c956d5de41ec19a84cdbc0ac7411

    SHA512

    44f3cc19d96e765a719d89273f1f2ff3d26eea5a274af97e136764fe63c0aaf72b343c6e6ce271e49d167f8c875566259d9b12245c7b05f69bd3bc17dc624ad9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    afb8cab714f005261b731b106285bcfb

    SHA1

    e32192b4a4c1431d9447fcb178a1608caf9ff7a2

    SHA256

    c7450fffdfbcac0f02d9cf163366ae65864a41a2934e02f088b9fdee33e21288

    SHA512

    ec146220a3fbecb86d1b180aba99a55bddd0aea43e98c32b2329511c4af5fd94da26fd0b33efeb21e812dd0b4e8601c0a99f6de4d7c47d81b8a2b4fbee039ba7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\WQY9R9SB.cookie
    MD5

    7a4284a42a5dec056a584860aa3f4bdb

    SHA1

    70cc816a3064b60e81944a95ecd03791a35079d4

    SHA256

    5ec8ddc0acd1df48967611827e7b6db13c604b90b279fd5657d45f99b91f4362

    SHA512

    ec595d7027edf8039948663889689f84851a2e85d8ac999df2b8b1ed313bb1566f5d6ce241f44b32c997065c7e6e823f3b383fa46af76e4d9823f4a9123560fb

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\ZWN7CPAA.cookie
    MD5

    40f730a299cc32f416030abe7fb9b364

    SHA1

    a681c97be0da7127e913b8e53daf1f30054edce7

    SHA256

    e03d7f4ad1775b606eba06ff66cabf3c68fbfd738b4d088f0d205c1f5b472fdf

    SHA512

    ba0303b4cca78aae0ba8689a2ad1b99dd0af63b2acb19f4f7fe5564b483bdf2b2e6a115a9e64917b280c92dbe022b816c6e453520ff7af76e010822c2a6e2d71

    Download Submit

  • memory/908-114-0x00007FFAE9750000-0x00007FFAE97BB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/2964-115-0x0000000000000000-mapping.dmp

    Download