Overview

overview

1

Static

static

44461.1603...t.html

windows7_x64

1

44461.1603...t.html

windows10_x64

1

Analysis

  • max time kernel
    133s
  • max time network
    143s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    24-09-2021 16:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    44461.1603354167.dat.html

  • Size

    146B

  • MD5

    9fe3cb2b7313dc79bb477bc8fde184a7

  • SHA1

    4d7b3cb41e90618358d0ee066c45c76227a13747

  • SHA256

    32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864

  • SHA512

    c54ad4f5292784e50b4830a8210b0d4d4ee08b803f4975c9859e637d483b3af38cb0436ac501dea0c73867b1a2c41b39ef2c27dc3fb20f3f27519b719ea743db

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\44461.1603354167.dat.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:628
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:628 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:876

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    f6c43ba8f66df7d9a8ba2cacbdbdec3e

    SHA1

    ca1689ef9e173070d54e22ab81655771134bb7bb

    SHA256

    edd8ca062a79f778031d3582d2ffcb90c3dda6a26cba0a7b01b1b12746912fc7

    SHA512

    f4c14a7b5695d0c3c37ae1d0c3d857853f236fecdaa8270ce41ef09addc2cef6a2f75a8c9e0cea5fd6cfe7dd8df68238ab4703b4553c23d1d2072efc3b37fc55

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    e7ee9e2f4949428ffd8e03b5a7389ef6

    SHA1

    b624e77479d3be0d65ed390fb6fc5fd77f11d4ec

    SHA256

    0d74d888ac64715e6ee674d6ca0d9e2d2c4f306a78e4e6043bf65032dc2fa30f

    SHA512

    82cd22172515d919d8e100bf8e2732e6b23b578b5f2789a1a1d077c1e8fb6dfdcb82c48dd5fc0c13047383db4fb58283cce9c7ef16b1f249a9757d55cfccbc09

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\OMHVU4BZ.cookie
    MD5

    ff66ddb55640e6f53b4bd6c6501829f9

    SHA1

    79818af9e4fe56d7202acb4cb2bb7f4c1d42ec24

    SHA256

    b8d146a29b313008339159432263f1822fa3f812a29c67c15bf45249202be3d4

    SHA512

    d8099f604aabbfa202b129aee4679941c9a2ac1afa62162ec1b8945cee376d3b81864e7e633be9d35e1d3f94e505100c1ca24a5f1a0fd9ec542d571c175a8317

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\YCKNSNXS.cookie
    MD5

    9bd187b6f2c25d85cb9362cb27d705a3

    SHA1

    0c86aed3a5abde4e7487438f1a5c02e11092390f

    SHA256

    ca992e41079aae0df9f00cef1a1ace02a9e56e592b85f5cd05f6d7f919455341

    SHA512

    57b297ccd9aff184bf3f1c27eece82e3564c04aa59993cb5ac2420dc89a6e8c2d1195c339a5b2c078564811a9dca0276b95466289cbf51feef214f618e6b10c2

    Download Submit

  • memory/628-114-0x00007FFF85150000-0x00007FFF851BB000-memory.dmp

    Filesize

    428KB

    Download

  • memory/876-115-0x0000000000000000-mapping.dmp

    Download