Overview

overview

5

Static

static

Formulario...on.htm

windows7_x64

1

Formulario...on.htm

windows10_x64

5

Analysis

  • max time kernel
    91s
  • max time network
    152s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    27-09-2021 16:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Formulario de verificacion.htm

  • Size

    94KB

  • MD5

    a923b69173b92d5b5e5990b3f922de29

  • SHA1

    cb5db10cd60a7a400c3b3c7c7e6dab04817c329f

  • SHA256

    cd36cd7219c2378b9ef7ef1f00bd51e3bf2abe827782703a4e2d5e7e8d396519

  • SHA512

    b1280c0c7a7be0bb162b2d64afde977e282ee0cf9cfafad671733f394348b38ca9280001d95230add6a7f37a57768dd3fbcd941edbac108a321d964873a9a399

Score
5/10
microsoftphishing

Malware Config

Signatures

  • Detected potential entity reuse from brand microsoft.
    phishingmicrosoft
  • Modifies Internet Explorer settings 1 TTPs 51 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Formulario de verificacion.htm"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1400
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1400 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1644

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
    MD5

    2460f6c235d72dcc7e3dd55587b03ed7

    SHA1

    618a0b487253927a1f7a940f4ffe8c5fd8577d3e

    SHA256

    3ed0eebda555915876e538f5c649a6c0471fff0c3550485d61e0b4536e6a676b

    SHA512

    675d438d3cbec374914af4a4bf2c9d1f6730897451f325427928a666c2f43978e898374a15d88736b730d199db91c3b204b005b21ac90177d135b4b8fc02c45a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    647b8d7bc982449272d66d17e09f119f

    SHA1

    fcee7e5a6ae28bbee3a7fe3ea22144b0c08f929e

    SHA256

    678a5f60df00580647a5434128825237050133fe3243aee397d68f4610e1b050

    SHA512

    21636b5a029afb2134b029db32f84a5ef0f143fbae4f377949a79cb0f453ac50dde473d1aab977d02724d7547b59d767ee03cf6f4de59deff0e81d3da90d5153

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
    MD5

    cacdf2ef938ccec493c75c906fe416dd

    SHA1

    361be7aed571b0ef1e18d2670d3f3408e030e1af

    SHA256

    34463ac0fcd071073e137789e369c600ad19e11d92c1acb7dad7421f23f95deb

    SHA512

    f61eb07a083a2dd1a56aa406c2d0994b960067996e78de17cb045a7cc821674030c8183efe5e29b5b805acb60be2ed9d17355cec9ea6abeeda3a01b7ce2d47ea

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    f738499cfb8d875179ffcb48e69b562a

    SHA1

    abe0526079c5babc84f853398bf6baa6b63e942d

    SHA256

    cee6c2c6b569fe28799cf5c68f2519dd1f950bdcfbd787f614c204a6acf5dde6

    SHA512

    876c208018ce44b2b3a4759ce9f3c93bb02c417312305ff09fbc2a6f1acfc2a5a6ded166bae065a0b288f97a8a4ea31ebc9b80116aa8d1227ee4c33e3b2a17bd

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\I6NTTZYZ.cookie
    MD5

    31d1bc7673f8a44f9f69cf62fe566c5f

    SHA1

    d338fc3aebc53095ac71330a488333c4777687df

    SHA256

    dda3f22dcdd4b77f0df5979672a4377422f3a246fdb2f8f7ee44c7834661d840

    SHA512

    eed4d2fd60888379e28bdccd90fd5f27ffdc01e85a5d60d9f733934520dfcaee431ec232eb2edef45c9b7be3ed8ed1f23fd2ea05c1dbd2be008af6a82b8bbc04

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\JZO1FV6X.cookie
    MD5

    65ba10531463081a5c3c9955793baa0f

    SHA1

    3506ec659e31f70cf174a91f6cd2ecad65bdc2b4

    SHA256

    bf1b56bde2723dd7abeb1065181256a34abddbb350b4d552d8e6ac014d9982dd

    SHA512

    2a8975d6af498cd3169fb950487e9d3b2a1de0e34956df6c5a801dfeda7c5563e420732bb849560bf85bdb06f0438457a6f89e23e4b8377c2f0d8a718a77be62

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\YSFWHGEZ.cookie
    MD5

    dd3e6665e743bcd06d391821893239aa

    SHA1

    5f279625e1dd60bbabe97863dac5a95de716a4ac

    SHA256

    1e35f50f51b8710db40429a1cf65685bf231b4cb2e6cd3de5be8f5fbfbe62f9e

    SHA512

    5e8e19ce47460a9afe61febb4dbb0dbad9f1fa62b5fa9a572a6dec71f48cbd11530d0478987ab0d11ae9bdade5c2d746963cb58ee875ae202cf37ab2291ef711

    Download Submit
  • memory/1400-114-0x00007FF8B9AC0000-0x00007FF8B9B2B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1644-115-0x0000000000000000-mapping.dmp
    Download