Overview

overview

3

Static

static

erxczzxEr0...ore.js

windows7_x64

1

erxczzxEr0...ore.js

windows10-2004_x64

1

erxczzxEr0...rap.js

windows7_x64

1

erxczzxEr0...rap.js

windows10-2004_x64

1

erxczzxEr0...een.js

windows7_x64

1

erxczzxEr0...een.js

windows10-2004_x64

1

erxczzxEr0...x.html

windows7_x64

1

erxczzxEr0...x.html

windows10-2004_x64

1

erxczzxEr0...ght.js

windows7_x64

1

erxczzxEr0...ght.js

windows10-2004_x64

1

erxczzxEr0...ain.js

windows7_x64

1

erxczzxEr0...ain.js

windows10-2004_x64

1

erxczzxEr0...zr1.js

windows7_x64

1

erxczzxEr0...zr1.js

windows10-2004_x64

1

erxczzxEr0...es.jpg

windows7_x64

3

erxczzxEr0...es.jpg

windows10-2004_x64

3

erxczzxEr0...ore.js

windows7_x64

1

erxczzxEr0...ore.js

windows10-2004_x64

1

erxczzxEr0...rap.js

windows7_x64

1

erxczzxEr0...rap.js

windows10-2004_x64

1

erxczzxEr0...een.js

windows7_x64

1

erxczzxEr0...een.js

windows10-2004_x64

1

erxczzxEr0...x.html

windows7_x64

1

erxczzxEr0...x.html

windows10-2004_x64

1

erxczzxEr0...ght.js

windows7_x64

1

erxczzxEr0...ght.js

windows10-2004_x64

1

erxczzxEr0...ain.js

windows7_x64

1

erxczzxEr0...ain.js

windows10-2004_x64

1

erxczzxEr0...zr1.js

windows7_x64

1

erxczzxEr0...zr1.js

windows10-2004_x64

1

erxczzxEr0...s1.png

windows7_x64

3

erxczzxEr0...s1.png

windows10-2004_x64

3

Analysis

  • max time kernel
    151s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    30-06-2022 17:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    erxczzxEr0rgdxvngEr0hjhvhhxEr0cbchkj8282infoyxZdzc/h0el0pIED0Er0/index.html

  • Size

    37KB

  • MD5

    2cda3d712eda3eaa8b8f1d047186082c

  • SHA1

    bcdeb6ceef9b9ab9bbc48681ac84f6ca9c77e888

  • SHA256

    cc243cb9d3f75fc87a3c899a99e182279c4b49e7c823f89bc9bdbfaf5ff65d84

  • SHA512

    81d144d1587736c8f2994d03eb935352facb0ec221bd36738a159f1c8efd53ca0927a6dd9b407589cb337b4ceababe8dffef2bb6b883d3f3eac6544813614628

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\erxczzxEr0rgdxvngEr0hjhvhhxEr0cbchkj8282infoyxZdzc\h0el0pIED0Er0\index.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1380
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1380 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2024
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x44c
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1572

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    60KB

    MD5

    589c442fc7a0c70dca927115a700d41e

    SHA1

    66a07dace3afbfd1aa07a47e6875beab62c4bb31

    SHA256

    2e5cb72e9eb43baafb6c6bfcc573aac92f49a8064c483f9d378a9e8e781a526a

    SHA512

    1b5fa79e52be495c42cf49618441fb7012e28c02e7a08a91da9213db3ab810f0e83485bc1dd5f625a47d0ba7cfcdd5ea50acc9a8dcebb39f048c40f01e94155b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    6692568915a71cbac2a66ed8a1627749

    SHA1

    e390212ffde5dd317a3d45dba2cc9ceec804b659

    SHA256

    836cc0b937a686ae90ef4f8c8a1042962717f8210598ab1630a6ed02204d9765

    SHA512

    f3fa630b0288c8437c7f7051300f8773cfe8663cbf73d9dbfdf4001683470ae2951456e5499becaf0bfebf201b13d3af63651952e94a7226be65dbc75ef1b16b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\3KH8M4H0.txt
    Filesize

    608B

    MD5

    4a7eb350d537e0b92ab150853eb2e4a7

    SHA1

    fecd63ff92bddde5c9a22516472cb49a06af0b3a

    SHA256

    877b1112c809816bb4d15aa5cb6efed8d036900610244737e2cdbaf54bd7d16c

    SHA512

    04afbf1041e1936bedd2a5966f7e565af483a08658509056c628c6130ce38daba5c0e099abacc2c8fc96df7ca7642efcc79805ca7bb94bd9919c2b7c93725d4b

    Download Submit