Overview

overview

3

Static

static

dhl/dhl/an...hp.ps1

windows7_x64

1

dhl/dhl/an...hp.ps1

windows10_x64

1

dhl/dhl/co...hp.ps1

windows7_x64

1

dhl/dhl/co...hp.ps1

windows10_x64

1

dhl/dhl/co...hp.vbs

windows7_x64

1

dhl/dhl/co...hp.vbs

windows10_x64

1

dhl/dhl/fo...vg.xml

windows7_x64

1

dhl/dhl/fo...vg.xml

windows10_x64

1

dhl/dhl/im...vg.xml

windows7_x64

1

dhl/dhl/im...vg.xml

windows10_x64

1

dhl/dhl/index.php.js

windows7_x64

1

dhl/dhl/index.php.js

windows10_x64

1

dhl/dhl/js/fa.js

windows7_x64

1

dhl/dhl/js/fa.js

windows10_x64

1

dhl/dhl/js...min.js

windows7_x64

1

dhl/dhl/js...min.js

windows10_x64

1

dhl/dhl/js...min.js

windows7_x64

1

dhl/dhl/js...min.js

windows10_x64

1

dhl/dhl/js...eps.js

windows7_x64

1

dhl/dhl/js...eps.js

windows10_x64

1

dhl/dhl/js/main.js

windows7_x64

dhl/dhl/js/main.js

windows10_x64

1

dhl/dhl/logs.html

windows7_x64

1

dhl/dhl/logs.html

windows10_x64

1

dhl/dhl/ve...min.js

windows7_x64

1

dhl/dhl/ve...min.js

windows10_x64

1

dhl/dhl/ve...hp.ps1

windows7_x64

1

dhl/dhl/ve...hp.ps1

windows10_x64

3

dhl/dhl/ve...hp.ps1

windows7_x64

1

dhl/dhl/ve...hp.ps1

windows10_x64

1

dhl/dhl/ve...php.js

windows7_x64

1

dhl/dhl/ve...php.js

windows10_x64

1

Analysis

  • max time kernel
    136s
  • max time network
    162s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    30-08-2021 05:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dhl/dhl/fonts/material-design-iconic-font/fonts/Material-Design-Iconic-Font.svg.xml

  • Size

    233KB

  • MD5

    381f7754080ed2299a7c66a2504dff02

  • SHA1

    8557b1551b91a0dba3ea6273b4aad98885ae77ac

  • SHA256

    dcb3de1ca419903bcee5322ca91f2895b9c6482919423e0cce263d62bbe171ea

  • SHA512

    fc49ac4e9712f3aa53d177af4db6b5a913193ecc8887850c08856a01d684ad96612f11f814b908a1aac296f0675949e2a80ae9f90bba91fad354a544bce06875

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\dhl\dhl\fonts\material-design-iconic-font\fonts\Material-Design-Iconic-Font.svg.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:648
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dhl\dhl\fonts\material-design-iconic-font\fonts\Material-Design-Iconic-Font.svg.xml
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3048
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:82945 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:192

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    fb9ed523ba700d7bd169da09f80f35cb

    SHA1

    52b48d4ab50a3d34f15054c485215ad78b84a020

    SHA256

    9ad885119fb1556ae1f94eeb9a78709bc300c956d5de41ec19a84cdbc0ac7411

    SHA512

    44f3cc19d96e765a719d89273f1f2ff3d26eea5a274af97e136764fe63c0aaf72b343c6e6ce271e49d167f8c875566259d9b12245c7b05f69bd3bc17dc624ad9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    9c66dcf9d2deaa1bf154d8990a9588da

    SHA1

    eb437d1a1199cbe01a054d02f2ce71c1252983d2

    SHA256

    98b6ecd38ff382d41dc90e7a987a29b565e70c69e18e86787a3be4846b65341c

    SHA512

    9f724a6abae29187a7a59f91baa492b2f0ddf6cdb30e815a338ddc3e16f28db62aba739092b61b7a784de53f37780c154aee6058a66693e7f3bd99b8448eaa7d

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\PWP73LED.cookie
    MD5

    7d54e7f4f9e2c4dd69c757ba6b751a5f

    SHA1

    f5da2d558b598eba51daade91f19af4d67bae917

    SHA256

    55dd1655e2a3e8adeeaf3f9d7fc6a74d85f709332d79ca3ae072e1749b073289

    SHA512

    3df2714034513d611bf660e61d57abae1d66b473dab52d087d3226d0851dfee078a1f7a418f6df26f4808806bd4127f675556d4ed41b404c6af350e4c30461ec

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\X0KDQ8ZN.cookie
    MD5

    e5940043d055ac91f92c555dc4f734ef

    SHA1

    1d8481fbc55457119f34417db10dc05b6330dd8a

    SHA256

    4c7167d7ca3c93b8cdb6b4672a6c8715fd069b0008c2c2dc509845df42e9c37d

    SHA512

    b0982e7772c3282f7e16cd3a009f9797e0e46f70698ea659907eac5a3ee0f0643d877a5501c50f60cf6163c3f4e19f1e067ade966152162ee7223f768b7c7742

    Download Submit
  • memory/192-125-0x0000000000000000-mapping.dmp
    Download
  • memory/648-122-0x00007FFAC4B10000-0x00007FFAC4B20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/648-120-0x00007FFAC4B10000-0x00007FFAC4B20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/648-121-0x00007FFAC4B10000-0x00007FFAC4B20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/648-114-0x00007FFAC4B10000-0x00007FFAC4B20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/648-123-0x00007FFAC4B10000-0x00007FFAC4B20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/648-119-0x00007FFAC4B10000-0x00007FFAC4B20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/648-117-0x00007FFAC4B10000-0x00007FFAC4B20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/648-116-0x00007FFAC4B10000-0x00007FFAC4B20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/648-115-0x00007FFAC4B10000-0x00007FFAC4B20000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3048-124-0x00007FFAEE1E0000-0x00007FFAEE24B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/3048-118-0x0000000000000000-mapping.dmp
    Download