Overview

overview

5

Static

static

Payment Recipt.html

windows7_x64

5

Payment Recipt.html

windows10_x64

1

Analysis

  • max time kernel
    71s
  • max time network
    76s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    30-09-2021 00:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Payment Recipt.html

  • Size

    19KB

  • MD5

    338460667cd007d936bff183c87a57a2

  • SHA1

    2cadba4c0f95229e021af053150a674eb3b2ed2b

  • SHA256

    b8a93cef840a94e221577baea56fb4287d2602b8f05c7bd9b268a071cc78c501

  • SHA512

    4d6018af104a1fc54fbb7c707f4ce30a7ae425aa016eed8dd7dd1583249a0e47ef1cc10082b45278863de6d4134820856d8b4f1d0d5a07820269d0221cf52a69

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Payment Recipt.html"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:900
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:900 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1052

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    9f20688c661750ad6dcf06eda97f88ba

    SHA1

    a0c2e5929e9d6ed87ae9d555fd8a1c49cbb984ec

    SHA256

    325486c68075a5858c7fa3bae5e88791eaee7f42546d0436c64d9742d22eae3b

    SHA512

    839b542d80a961ee40effea26f4da8d85e7a1e06e76b5462ad71e853e9554fed9bc1011c3bce03f60a1d5844cd09c194923776507d771a28c8ae47482dfebec2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    26129f235e8db1e34ad3d35ccd44c6d6

    SHA1

    3ce3409ee538cf25d600532dc7adf27d14247722

    SHA256

    db1455f599564401a669bff8d7fd12cb088cc8c537a41f3ffe16d0811d9dfa24

    SHA512

    0b28b46f6a59c5cafce6f136cdd64f047ffb715f81407458857bab37da2f2a7f6a14a48d2820dbcb98c5bad9fc14420651f9ce68a71b028b4329977756f69a17

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\059KDB5G.cookie
    MD5

    ef32d69fcdc0636518be79fffd349f1f

    SHA1

    fc151fab10562f3e0f8bb45f2f0f65e4352680c1

    SHA256

    36ce81d69b6423ab4f6dcd30d9a78f46ccc9e686405def0773436a1fc4b05615

    SHA512

    39a9c59f3c83db0f382a638809ffc9e2d06c8cd9d9111dbc0645226eb9c030d61b339a7708f922c524ff808647e44510ef4b242ccae90aba7b2ca335425b46e0

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\VAZRRKMU.cookie
    MD5

    74ca8da740a560e7a24af72069cc207b

    SHA1

    28264bfd5008d6ed621dad84a5290bfd3df0653a

    SHA256

    d4630ad0b26f90fa35e8bea1b333c2e4a51e8d25c7f7d9e40a48d85ad50b304f

    SHA512

    8ef68beb4591fd0f14380047a7f4f21a107f09e032fa8db233b56d677269341229619ce0689f57a13dad20dafdb99546ddcfd0495e4e67647e98744969ebaa8a

    Download Submit
  • memory/900-114-0x00007FFD62590000-0x00007FFD625FB000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1052-115-0x0000000000000000-mapping.dmp
    Download