Analysis

  • max time kernel
    200s
  • max time network
    209s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    02-05-2022 20:18

General

  • Target

    070320e6c928e85d1acce1bffb8e590904050fb57c43dfad637c33aaaa7d7161.html

  • Size

    312KB

  • MD5

    7465af5610f88ee6188854de6141ed08

  • SHA1

    a56bbd845af796a7f0018ccdd92c93536c2b4aba

  • SHA256

    070320e6c928e85d1acce1bffb8e590904050fb57c43dfad637c33aaaa7d7161

  • SHA512

    1fcab1dccf45ab708906023a6b4cdd3bae0ce55c9640043bb9137ed9320419ae835c92c9417ea2f1ceed3242e42b33b25c2fad0b5b07c2d5224a61320d84f6c3

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\070320e6c928e85d1acce1bffb8e590904050fb57c43dfad637c33aaaa7d7161.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:940
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:940 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1868

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    60KB

    MD5

    b9f21d8db36e88831e5352bb82c438b3

    SHA1

    4a3c330954f9f65a2f5fd7e55800e46ce228a3e2

    SHA256

    998e0209690a48ed33b79af30fc13851e3e3416bed97e3679b6030c10cab361e

    SHA512

    d4a2ac7c14227fbaf8b532398fb69053f0a0d913273f6917027c8cadbba80113fdbec20c2a7eb31b7bb57c99f9fdeccf8576be5f39346d8b564fc72fb1699476

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a811e524c197250babda73a04e6f0082

    SHA1

    861b807301b11e7e71008b4f1cd6db0621d6f3ee

    SHA256

    181f490d7551b111d1453aaa81819f443373419781ad86070a0f815cf0fada3a

    SHA512

    c2d307ab4f90cc8b3c6dde08c1e53c7f5f695da1a5a13360235502e195e14a018a70d1325000dbc46166204e0d7086ea4177441c23a26a0848f3e09650863161

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\NCFITCUK.txt

    Filesize

    603B

    MD5

    5ee2d6ee96fad7608d16ac8dc231d326

    SHA1

    e78b2da726d66c3a9e4a218d7f98ecd851fe1cea

    SHA256

    d89a5c10c94a019cb9db8f6de7fbe592eb41e6ec957218ef15f48f97708c1664

    SHA512

    a9d985d75e72987f459908f1c4a74a2fa9c285eb8e1c1c180cd7ebc8ea8da161245bf0c3f4b0836963e6cc34f385db3dca16f11e0eff47cc0a505ec4d42eb658