Overview

overview

3

Static

static

dhl/dhl/an...hp.ps1

windows7_x64

1

dhl/dhl/an...hp.ps1

windows10_x64

1

dhl/dhl/co...hp.ps1

windows7_x64

1

dhl/dhl/co...hp.ps1

windows10_x64

1

dhl/dhl/co...hp.vbs

windows7_x64

1

dhl/dhl/co...hp.vbs

windows10_x64

1

dhl/dhl/fo...vg.xml

windows7_x64

1

dhl/dhl/fo...vg.xml

windows10_x64

1

dhl/dhl/im...vg.xml

windows7_x64

1

dhl/dhl/im...vg.xml

windows10_x64

1

dhl/dhl/index.php.js

windows7_x64

1

dhl/dhl/index.php.js

windows10_x64

1

dhl/dhl/js/fa.js

windows7_x64

1

dhl/dhl/js/fa.js

windows10_x64

1

dhl/dhl/js...min.js

windows7_x64

1

dhl/dhl/js...min.js

windows10_x64

1

dhl/dhl/js...min.js

windows7_x64

1

dhl/dhl/js...min.js

windows10_x64

1

dhl/dhl/js...eps.js

windows7_x64

1

dhl/dhl/js...eps.js

windows10_x64

1

dhl/dhl/js/main.js

windows7_x64

dhl/dhl/js/main.js

windows10_x64

1

dhl/dhl/logs.html

windows7_x64

1

dhl/dhl/logs.html

windows10_x64

1

dhl/dhl/ve...min.js

windows7_x64

1

dhl/dhl/ve...min.js

windows10_x64

1

dhl/dhl/ve...hp.ps1

windows7_x64

1

dhl/dhl/ve...hp.ps1

windows10_x64

3

dhl/dhl/ve...hp.ps1

windows7_x64

1

dhl/dhl/ve...hp.ps1

windows10_x64

1

dhl/dhl/ve...php.js

windows7_x64

1

dhl/dhl/ve...php.js

windows10_x64

1

Analysis

  • max time kernel
    135s
  • max time network
    195s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    30-08-2021 05:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dhl/dhl/images/img.svg.xml

  • Size

    1KB

  • MD5

    3fecc9db35d5d2a9e6e71ab4b02d22e5

  • SHA1

    628ba2f505b480097445aaf08649a08242bd6847

  • SHA256

    362bcaa42090e36611031bec6bdaa0600375ef847092cca195c58d3bae9b4419

  • SHA512

    c0d70d0f914d3d9f29366c9886f174580675334ec79ba77158c4cf184075540dd7d25b3f35f7129c1fae764527574daec29f5fb8434817ccbef6951b332cdd5e

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\dhl\dhl\images\img.svg.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:496
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dhl\dhl\images\img.svg.xml
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1256
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1256 CREDAT:82945 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3160

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    fb9ed523ba700d7bd169da09f80f35cb

    SHA1

    52b48d4ab50a3d34f15054c485215ad78b84a020

    SHA256

    9ad885119fb1556ae1f94eeb9a78709bc300c956d5de41ec19a84cdbc0ac7411

    SHA512

    44f3cc19d96e765a719d89273f1f2ff3d26eea5a274af97e136764fe63c0aaf72b343c6e6ce271e49d167f8c875566259d9b12245c7b05f69bd3bc17dc624ad9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    eb28c20f03b518d66250e5ab4d3e3bcd

    SHA1

    0f25d8e815aed78afdd46d4b49b4eff972e5ead8

    SHA256

    2961dc4c89f26bc94bcffaed8be4f9e8138549b99750b9faa151474a4c141425

    SHA512

    b138c56e61d82abc8f181f5ec0ab9f0a512059c29c84d77b1e1888ef4880298296432cd4995cbefcf61d4d00a5c8be4d3d063ff416b5f416cfef89d610825a59

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\7VVRZI8C.cookie
    MD5

    b86ab50bb18b107bafe030a18ea6f7da

    SHA1

    6bee635c4210f020bd70c8de88e8141c8436b8e9

    SHA256

    ef1e63bbb728e82804ee60c06fee5664e377db988c47040533e87e8a5866cd0c

    SHA512

    4bf0d8ac85ec2838ded549e99a6190414c338a9729b15a6fb05eb51f53c1bc691fe39f7e375f898e2ba9832df0a2ac4fd27867987db6edf39518c76ecca5fd04

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\PSAF9EKI.cookie
    MD5

    f81058b0dec178a2036a68d06dd5360b

    SHA1

    64b69e19825972d950948dd6fe60bb9a171ba209

    SHA256

    44cfed1cd2dafd9cb859354ae36883d696c0ac1902f108c68ab0a6425de0f5d6

    SHA512

    96f72bed6c4b88bdabaa855a4106e13822838132200f84d4a3e069c1afa80bb85c51bff8808cc03c8d5a0e2372370242d525433c44e674136d0e3e2f4e64dc19

    Download Submit

  • memory/496-121-0x00007FF882460000-0x00007FF882470000-memory.dmp

    Filesize

    64KB

    Download

  • memory/496-123-0x00007FF882460000-0x00007FF882470000-memory.dmp

    Filesize

    64KB

    Download

  • memory/496-124-0x00007FF882460000-0x00007FF882470000-memory.dmp

    Filesize

    64KB

    Download

  • memory/496-125-0x00007FF882460000-0x00007FF882470000-memory.dmp

    Filesize

    64KB

    Download

  • memory/496-126-0x00007FF882460000-0x00007FF882470000-memory.dmp

    Filesize

    64KB

    Download

  • memory/496-117-0x00007FF882460000-0x00007FF882470000-memory.dmp

    Filesize

    64KB

    Download

  • memory/496-120-0x00007FF882460000-0x00007FF882470000-memory.dmp

    Filesize

    64KB

    Download

  • memory/496-119-0x00007FF882460000-0x00007FF882470000-memory.dmp

    Filesize

    64KB

    Download

  • memory/496-118-0x00007FF882460000-0x00007FF882470000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1256-122-0x0000000000000000-mapping.dmp

    Download

  • memory/1256-127-0x00007FF8B5750000-0x00007FF8B57BB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/3160-128-0x0000000000000000-mapping.dmp

    Download