Overview

overview

5

Static

static

message.html

windows7_x64

5

message.html

windows10_x64

1

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-en-20210920
  • submitted
    28-10-2021 14:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    message.html

  • Size

    1.9MB

  • MD5

    552d5294c7294e6efcddb6ac0e1b0fcc

  • SHA1

    4c96ee5664839273dc7120fff06ed255ad097299

  • SHA256

    6453a5f675718863156581fc9c5f5b6997d8e0d114b10933ad37418b5202e15a

  • SHA512

    17be1ffbc2dc3ca6d0021224ee4c677725b50c8144542cfc1dc2efcf0cbe4504b102a39419c353b640a8a5fccef5c3e4c290fcda6ee3e2a4c6da8a36e1eb3f4a

Score
5/10
microsoftphishing

Malware Config

Signatures

  • Detected potential entity reuse from brand microsoft.
    phishingmicrosoft
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\message.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:592
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:592 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1796

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
    MD5

    f4bae6e2ae34b4df10b88af2af48bb79

    SHA1

    c1d05e65d29a4e600d1f2fde45bb28fb41a20a61

    SHA256

    794cdee8d3c1e2b1f2c28b1898cfb47fa759db06859d85ce19047a4b5934605e

    SHA512

    e62fe5d584961ab6d8848b0e07bba2d5bc014dfb2fff9593a8d35f463dada96d36f45c9a959a46c7eb2c4e67f9b62992f5385202f5b426e43a87ac3218e0c5a9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    MD5

    ab5c36d10261c173c5896f3478cdc6b7

    SHA1

    87ac53810ad125663519e944bc87ded3979cbee4

    SHA256

    f8e90fb0557fe49d7702cfb506312ac0b24c97802f9c782696db6d47f434e8e9

    SHA512

    e83e4eae44e7a9cbcd267dbfc25a7f4f68b50591e3bbe267324b1f813c9220d565b284994ded5f7d2d371d50e1ebfa647176ec8de9716f754c6b5785c6e897fa

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
    MD5

    693db2f620f27ceaefd5760d497c491e

    SHA1

    4a943a484f656b7065e67a51f66c3b0d0e65099f

    SHA256

    ffa9fe3a0a610954a1d379e9baabbfa0e39e298f55d49ca035909c3bcf33c54c

    SHA512

    f6abfbb824d320d20703f4ac23e8665e7586f8a0cbd2c163bd4c0e2b47f5c2cdd13454781a72ab16b825a22d9710cb23d92e45c07512cf660269db59e2758a68

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    08466756268a67026e16851765f3b3ef

    SHA1

    377e640f7a294dc93182657fb4f164bfb81f8df4

    SHA256

    d8f94a6bf4dcde6780f934bcf63cd662485d7495089649708b31a91cfb0ba19e

    SHA512

    9b8bb01caec3d01a43d5f4b4e2efce138b4821d013f1918e0fb95dd5d1e73861850ba50443f6c1e425f689f41915cc0a9971a33c72b641accb9136e081b34dfe

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    718f5d12b0330e86748502559f144afe

    SHA1

    f58d6a8d9b8b8070ef769653d502055473ff1668

    SHA256

    290eb0b276c6b370e3451883730ec40c1ba59d8dede9e74d4216aaef32482cba

    SHA512

    0f635581860219798963c2230e59998712853ec4e00c6d5dd64e1eaf7b0d2bd77cee320468a9921a20bf3130720ab3dae3712f2546bb1e2a102b2055ffe5b329

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    MD5

    6532b213f263ce6b2d053b86d336a057

    SHA1

    1199a68e7b66d1301aa70d83978b906779ec2eab

    SHA256

    416eb86d4aeeebe4d9656b32d0f8bdc640ce7f1f9b816535f59635c6ac07264a

    SHA512

    5335d6a545e8b623b725d4c2175c113e09aee06d17d546184a913917dc3fca4e10e3496835a0029ccb3b4313d68906e3021184633b15b1d0fb9aed8e6bafeade

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wkz58mr\imagestore.dat
    MD5

    76b20720a6caca62a72d56d096f5915c

    SHA1

    cd70367434f5bb07d207531eacf90e4b4b908fc6

    SHA256

    cd578f7bf4b45a860a2b4bbe2048640b720c09b79fd2e8d9647708cdb93957f2

    SHA512

    c885ffba786a71ba8b85e89391320162d56265e4c00078f8e6e95b97466aa60fd2541e7b3e055aed5e8146bca5cb4bf52af969f634d77a7d015d8b1c3eb7bdb0

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\N41CHY77.txt
    MD5

    91b11a23daffc37aac186bf6427c9974

    SHA1

    b2bbabf325a6b8a7339ac1cab0ac7b71ad91b792

    SHA256

    4b9eccabd5dfe3934c66a5bf1c4b212cc98644b9fc4ef318d42b98c63a147993

    SHA512

    36930407573f11e903b61be50de62ff908064b54dd4b101a1472c137e2e0a3ddeb8d085f40e3cf386971efb046353b10014ffe7b4cceb45ab2976200cfee2d58

    Download Submit
  • memory/1796-54-0x0000000000000000-mapping.dmp
    Download