Overview

overview

6

Static

static

ATT0002644.htm

windows7_x64

ATT0002644.htm

windows10_x64

6

Resubmissions

11-11-2021 15:33

211111-szbhrabed3 6

11-11-2021 14:04

211111-rdm4zsgebq 1

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows10_x64
  • resource
    win10-en-20211104
  • submitted
    11-11-2021 15:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ATT0002644.htm

  • Size

    429B

  • MD5

    9d950526df17880d6dd9a2c062460514

  • SHA1

    6ba6d639957de2090e11c846267b16f1f653069b

  • SHA256

    43fcc0500664221ce892a5ce713e27935b478389e463e8bc209880960acbdd83

  • SHA512

    f08731f68ad62fd50398bf0bd66d602700f2f2b53bc4fae9412cc0eb7494419eeb13d439733d2f49c67ce93214a96c8027e4170bb9ef36beccacd545e80af157

Score
6/10
microsoftphishing

Malware Config

Signatures

  • Program crash 1 IoCs
  • Detected potential entity reuse from brand microsoft.
    phishingmicrosoft
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 15 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ATT0002644.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3688
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3688 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2000
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3688 CREDAT:82952 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      PID:1740
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 1740 -s 2516
        3⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3460
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:496
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2272
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.0.846629470\746175827" -parentBuildID 20200403170909 -prefsHandle 844 -prefMapHandle 1188 -prefsLen 1 -prefMapSize 219680 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 1596 gpu
        3⤵
          PID:2444
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.3.1647593271\942490845" -childID 1 -isForBrowser -prefsHandle 1204 -prefMapHandle 2172 -prefsLen 122 -prefMapSize 219680 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 2256 tab
          3⤵
            PID:3516
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.13.1661904599\1074364222" -childID 2 -isForBrowser -prefsHandle 3372 -prefMapHandle 3368 -prefsLen 6979 -prefMapSize 219680 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 3388 tab
            3⤵
              PID:1428
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.20.1660247219\720831353" -childID 3 -isForBrowser -prefsHandle 4044 -prefMapHandle 4076 -prefsLen 7750 -prefMapSize 219680 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 4028 tab
              3⤵
                PID:3556

          Network

          MITRE ATT&CK Matrix ATT&CK v6

          Initial Access

          Execution

          Persistence

          Privilege Escalation

          Defense Evasion

          Modify Registry

          1
          T1112

          Credential Access

          Discovery

          Query Registry

          1
          T1012

          System Information Discovery

          1
          T1082

          Lateral Movement

          Collection

          Exfiltration

          Command and Control

          Impact

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
            MD5

            54e9306f95f32e50ccd58af19753d929

            SHA1

            eab9457321f34d4dcf7d4a0ac83edc9131bf7c57

            SHA256

            45f94dceb18a8f738a26da09ce4558995a4fe02b971882e8116fc9b59813bb72

            SHA512

            8711a4d866f21cdf4d4e6131ec4cfaf6821d0d22b90946be8b5a09ab868af0270a89bc326f03b858f0361a83c11a1531b894dfd1945e4812ba429a7558791f4f

            Download Submit
          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6E58CA2D9A27F7D92CBCA0E41E1B2D28
            MD5

            ac2b6a2375bb8989cb68df25a63184ca

            SHA1

            27b5d5dfdd4b90ebe1a75ee21ddf8add76b4b000

            SHA256

            efaeef0faa17d83d84130fe824c76a809f32b4b7552da030f9bece78e01619c1

            SHA512

            6148d31dd5dc90ad23bf52201e919207758f61236403c2367157123730ca44b190fbff1453d1962c7e64eb9646288ed340e02228dec09ec22ed9f0047bc544ca

            Download Submit
          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
            MD5

            189cf116bf3713a9e49bf51bc7bfc49a

            SHA1

            3ab63a8339c980b837751c853e59c6ec3217c562

            SHA256

            f6bf6c9521ecd07410816f060578a5c8b60500821a95b728ba72de438ebf121f

            SHA512

            24334290b79fba800b6f87c595839f07144f5f05ef1023214070155ffd78f01aeb794842dd7764b35b7528203fb9618edb7ad0903808bd721e864caea2f29363

            Download Submit
          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
            MD5

            db18101ea166c91b3847998b98510ea3

            SHA1

            bd51b2f7ad8ccbc1d39a9363566eb23f26463fea

            SHA256

            247618ac0e6a2be7860015dd4e1b80be7b1df9bcd23d9f7926bd07fa26867d1f

            SHA512

            77d0a16f23a2c69726972ebf3fbd45e408a8442dedf1750b4110c4d9de0719cd65ceba7f00505a49c2db4ad7f91fd5e5d40408b71cf5576f9a35680322bfe7d0

            Download Submit
          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6E58CA2D9A27F7D92CBCA0E41E1B2D28
            MD5

            741a111511106582cd2271b4679a0332

            SHA1

            7e3d6d3f66b2a7f872ce1dbdef3a323619dca4cf

            SHA256

            5e0203d65a87d07c5934a4edb1bf6ae833c3737cc8a096c4553bb2be723e3e76

            SHA512

            efd48b48bda531bd685080b269fcd5a5378a09a652713bd37255083ca87b6b23f7e076f00e1d4b5beec5acdd1a6c752c2f51010b57ba684e5c6c72ad6ad3a61b

            Download Submit
          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
            MD5

            4631b695ca9fbe1b6aee880353cef492

            SHA1

            f00c5ab3733560a4c4b9775277c20ddeb027c5aa

            SHA256

            708a0699784b4a83d3a1acb41bda29b5dd21b98935b74b3425a54ad601789ccc

            SHA512

            dc67340e85f931fc9e5ae6506f90ee1969b50ab202c0114780fe8be2ce943584858d68ad52c5662ee24e5c91a39baaa5cdee0c800d089332b57449809ab5b0e5

            Download Submit
          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\5MHROLO1.cookie
            MD5

            acf24924f447b1d1b8deb78086d0cf22

            SHA1

            5263ddc725760cf5cac2704902da081f78881ce5

            SHA256

            87ca67e31afda51fcecaf1fcc7f60b45bb438fd4eff564ea441f516c4755d168

            SHA512

            5af2098cb451a00719c9a465ccff2c590e36ab32e49bb497564ff436f5867e8cd3201471540f8489ddc4f84da5e475fc886db0d4ac84e0debbaed5ace41cb8e5

            Download Submit
          • memory/1740-201-0x0000000000000000-mapping.dmp
            Download
          • memory/2000-144-0x0000000000000000-mapping.dmp
            Download
          • memory/3688-141-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-154-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-125-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-126-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-127-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-128-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-130-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-131-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-132-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-134-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-135-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-136-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-138-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-139-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-140-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-123-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-143-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-146-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-148-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-149-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-151-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-124-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-153-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-155-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-159-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-160-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-161-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-167-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-168-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-169-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-170-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-171-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-172-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-122-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-120-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-119-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-118-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-176-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-178-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-181-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download
          • memory/3688-182-0x00007FFB50200000-0x00007FFB5026B000-memory.dmp
            Filesize

            428KB

            Download