Overview

overview

3

Static

static

dhl/dhl/an...hp.ps1

windows7_x64

1

dhl/dhl/an...hp.ps1

windows10_x64

1

dhl/dhl/co...hp.ps1

windows7_x64

1

dhl/dhl/co...hp.ps1

windows10_x64

1

dhl/dhl/co...hp.vbs

windows7_x64

1

dhl/dhl/co...hp.vbs

windows10_x64

1

dhl/dhl/fo...vg.xml

windows7_x64

1

dhl/dhl/fo...vg.xml

windows10_x64

1

dhl/dhl/im...vg.xml

windows7_x64

1

dhl/dhl/im...vg.xml

windows10_x64

1

dhl/dhl/index.php.js

windows7_x64

1

dhl/dhl/index.php.js

windows10_x64

1

dhl/dhl/js/fa.js

windows7_x64

1

dhl/dhl/js/fa.js

windows10_x64

1

dhl/dhl/js...min.js

windows7_x64

1

dhl/dhl/js...min.js

windows10_x64

1

dhl/dhl/js...min.js

windows7_x64

1

dhl/dhl/js...min.js

windows10_x64

1

dhl/dhl/js...eps.js

windows7_x64

1

dhl/dhl/js...eps.js

windows10_x64

1

dhl/dhl/js/main.js

windows7_x64

dhl/dhl/js/main.js

windows10_x64

1

dhl/dhl/logs.html

windows7_x64

1

dhl/dhl/logs.html

windows10_x64

1

dhl/dhl/ve...min.js

windows7_x64

1

dhl/dhl/ve...min.js

windows10_x64

1

dhl/dhl/ve...hp.ps1

windows7_x64

1

dhl/dhl/ve...hp.ps1

windows10_x64

3

dhl/dhl/ve...hp.ps1

windows7_x64

1

dhl/dhl/ve...hp.ps1

windows10_x64

1

dhl/dhl/ve...php.js

windows7_x64

1

dhl/dhl/ve...php.js

windows10_x64

1

Analysis

  • max time kernel
    136s
  • max time network
    167s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    30-08-2021 05:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dhl/dhl/logs.html

  • Size

    27KB

  • MD5

    3e8f11d26b743e5efd36ea0df8c5500b

  • SHA1

    541ac8007f1d6e121e0659c433986943aa60789e

  • SHA256

    b70d45c5646d3ad69f533d327855a8452e418ccf8b3df739894762c706f8f896

  • SHA512

    1b1c15c4fab67bdb330f6bf05dfad4b6783c900adee206215a0d0fb8f56ac0c39ab3325bc3f3712ec888f3135b16f1ae3a041e06f1627e7aface7b67e3d6b0d4

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dhl\dhl\logs.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:604
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:604 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3512

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    fb9ed523ba700d7bd169da09f80f35cb

    SHA1

    52b48d4ab50a3d34f15054c485215ad78b84a020

    SHA256

    9ad885119fb1556ae1f94eeb9a78709bc300c956d5de41ec19a84cdbc0ac7411

    SHA512

    44f3cc19d96e765a719d89273f1f2ff3d26eea5a274af97e136764fe63c0aaf72b343c6e6ce271e49d167f8c875566259d9b12245c7b05f69bd3bc17dc624ad9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    270ea9bbf76d5641e1b27357f25583a9

    SHA1

    63e85d5f0e535b69d07648aad20972303e5bdca0

    SHA256

    6367a75a7202ea78e12fe4f026453cfbf9b3ace450096e5173f5e015e4dbee6b

    SHA512

    a7092a5b20616f5ec051fa37fee4d4cef4a403f06b655353c4f79ae48b44388755c42540665dc91afeeb282b46d943d4a5acc1dd8c458f6d09db1c91e96e0863

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\IB4RJAYD.cookie
    MD5

    b2b49e1779639a7ccbc7ad321fb782bc

    SHA1

    0b21585838ece350ac28998a197f25d35bd7f518

    SHA256

    30e601c3ef722a56392daab264ef027aedd64b25b3b1ea2b46136e5dc35f1198

    SHA512

    370c017b6ce1cebed6812efd60d0d269b6df20e2032f6ca3d4b20bd0118279f2e7395b7d5f8dd5f512fbf0d9c58e22d92869f532677575ba703c48f08e0863b6

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\XOT8QU56.cookie
    MD5

    89b37e6eb0f6a6b69db055c63e5fa282

    SHA1

    4013bb2223c05055d3f33aca5a0621fd79928a15

    SHA256

    997eeaaac477851862e61555697d241d3a4149b2aee781b115b37fa17c005cf8

    SHA512

    b7b16f172f6c5ee22062d5d304bb89b19afccad5fff519537e5be63e5846b958addaa0d5a09096305ed8a5cb52cc45cf2bda5bd3d156e89a4856ee980adfa2b3

    Download Submit

  • memory/604-117-0x00007FF83F690000-0x00007FF83F6FB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/3512-118-0x0000000000000000-mapping.dmp

    Download