Overview

overview

6

Static

static

New Fax Re...or.htm

windows10_x64

6

Analysis

  • max time kernel
    107s
  • max time network
    112s
  • platform
    windows10_x64
  • resource
    win10-en-20211104
  • submitted
    09-11-2021 15:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    New Fax Receiνed For.htm

  • Size

    710KB

  • MD5

    cc600e0ae18f94b7317b73f49b119fbd

  • SHA1

    ec1eff7473bd7743658c75555b3f3b467ea9fb85

  • SHA256

    3e8a6cdec188c0ec8a963c6069a585cda2121c2cd66bbee0e9a8c02b7710f183

  • SHA512

    63a14ad8b0a3c2a134616ce97657d921924b74356bd4a2faf7153c170a6f280e1325ac67bb32e4b0deec726ca13720f6f7057e7f5ddbe479d8bc93a058a27a66

Score
6/10
microsoftphishing

Malware Config

Signatures

  • Program crash 1 IoCs
  • Detected potential entity reuse from brand microsoft.
    phishingmicrosoft
  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\New Fax Receiνed For.htm"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4020
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4020 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4336
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4020 CREDAT:82950 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      PID:1176
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 1176 -s 2528
        3⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4520

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    1c3ed22c003b0e1724a802f750244f60

    SHA1

    c83f95230ea4d3ac58c4f5d5a7504b0f5eedf0ad

    SHA256

    f24de6edda835df45daadcce85ecfeaa1f5a363a16faeff1c16ae55ec57dcb6b

    SHA512

    7f9f0395307b63d4bda636b132533f5e62b36bfa78ff0850c5ba0a2ebe3f426b0a18232993a35bfe9166d9f86d2dfe2ad6429fc864265a0bdf6d4f1f25d26297

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    5adb40dc01ae68f97ba81d1d0fbc21c5

    SHA1

    352021a3d1b713303b5ef7ac8bba32044fcc247e

    SHA256

    67cc14a51d020961baf6c17c4398362f803ca7cb309ab5efa5dbc2f7c9957010

    SHA512

    1f1ad54b346dd8f54a273ae389c89f70d1e5b3f4e013d7b1bcc3f3fc515b93880167c3eb6601e8d4d08786564bf4eba8d9ff59a9d28711e408e246b025f902f9

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\B1QFX1D1.cookie
    MD5

    6f3c2d15c6683fc1deedfd982b20518f

    SHA1

    af3e914e270781ee323a80ee6f03a2b25a7ef99f

    SHA256

    c8d2644ba7571af965f8e02d64401110dd9ab9793165e8e0056d7e31c4991236

    SHA512

    03d195a4d9375991e1098f2672217d4bb9aa28202d5d3691e3b9979a4cbf2084befcc1d55c87204d96e0978b922917286d8c25202de044dee8ba077c6a1ce2b5

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\TA1TCPSW.cookie
    MD5

    f2cb13683298ba9d3d96f973d6eb510e

    SHA1

    802194d06640a59c68d831bd5775405406123b51

    SHA256

    55464deb3b32dec43c609b695ede263ba646624045d5a1c10ffb0465eb23caf8

    SHA512

    2197f7103824a8a7342224165f119ef96b69a0f6bb5c1d191b8a3175406c5d9e69a54e48d04c478899deb2924002dafe02a011920346f27f45da3d4c570c7852

    Download Submit
  • memory/1176-176-0x0000000000000000-mapping.dmp
    Download
  • memory/1176-183-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1176-180-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1176-179-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1176-178-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/1176-177-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-149-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-159-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-132-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-134-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-137-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-136-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-138-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-139-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-140-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-141-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-143-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-119-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-146-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-148-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-118-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-151-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-153-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-154-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-155-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-131-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-160-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-161-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-167-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-168-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-169-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-170-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-171-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-172-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-130-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-128-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-127-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-126-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-125-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-124-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-123-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-122-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4020-120-0x00007FFB67700000-0x00007FFB6776B000-memory.dmp
    Filesize

    428KB

    Download
  • memory/4336-144-0x0000000000000000-mapping.dmp
    Download