Overview

overview

5

Static

static

Purchase L...81.htm

windows7_x64

1

Purchase L...81.htm

windows10_x64

5

Analysis

  • max time kernel
    149s
  • max time network
    131s
  • platform
    windows10_x64
  • resource
    win10-en-20211104
  • submitted
    12-11-2021 14:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Purchase Ledger RemittanceSUP9935681.htm

  • Size

    1KB

  • MD5

    673ad47c37cb4a2f9a677a385a4836f3

  • SHA1

    94a50cdf187a7668948076beb5ac2504b12d2170

  • SHA256

    84e48bfe7e3f9e5dbf149a0fb007c83e405b3679b063a4a6f2b1577f1bef5fcd

  • SHA512

    22ce75643577aeeb492fccb9993fb7536e85a976d4ccf4bf13d0606cc14fb4389329a0d69e614b6acb1bc05ad1d97bdbe4872b17540cfbf9cc8ed2e50b425610

Score
5/10
microsoftphishing

Malware Config

Signatures

  • Detected potential entity reuse from brand microsoft.
    phishingmicrosoft
  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Purchase Ledger RemittanceSUP9935681.htm"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1776
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1776 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4312

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    f4344ea497ae75fbc990e1d5cf63c817

    SHA1

    9932af3fa15ff699bbf10323af6ca012e24d5374

    SHA256

    8702ef90d9b38ce3382ef8d9c86484cd658220e66ce4fcc3394e57aed064aeaf

    SHA512

    9694149bec3c78e7891c574b01fcbacc8742a8195c763b98313da1e20b0180ed19e3a8342f52451571928050d9900e62e11aaab633b8fe8ad51018a24c69d11c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    1c931a0a92df974dd26d79dfd5d91f1b

    SHA1

    f6cc2578adfd43c24a5c2d9ea48cb5649e89fa1b

    SHA256

    0656510dfbd26b5b7df9bef49bf964938079297f2da3d08f8477353e8bf6da1e

    SHA512

    a37c331000f658d57c19e17f520266607923e52f7b5bf125c99d56740d04b9abc2cf8cea86d4235a6476871860b8e8efceeb913397b5c8e1db8ca7bd61f95b97

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\KBE6U3VV.cookie
    MD5

    90a4f7816c18f26d4d90bed41a94fa4d

    SHA1

    0c24f7bdd0826a61d04590db0ad8b3083cf30154

    SHA256

    8a24ec2d1007521c9c510b9fe89980c4eeff06b7c0ab519fb2ee14628114ec11

    SHA512

    17f70ff28d17e8733b200767f90e2ef6f3ce4c306672533213a41c52cea87b837359e6abb61a73d10a901dcdffa8fc30330d3caeddf5a1ce5527760f7c9265d1

    Download Submit

  • memory/1776-146-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-130-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-151-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-125-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-126-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-127-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-128-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-149-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-131-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-132-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-134-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-135-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-148-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-138-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-139-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-140-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-141-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-143-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-119-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-118-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-137-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-123-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-124-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-153-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-154-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-155-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-159-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-160-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-161-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-167-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-168-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-169-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-170-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-171-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-172-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-176-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-178-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-181-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-182-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-122-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/1776-120-0x00007FFAAFFE0000-0x00007FFAB004B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/4312-144-0x0000000000000000-mapping.dmp

    Download