Overview

overview

10

Static

static

EmergRepor...3.html

windows7_x64

1

EmergRepor...3.html

windows10-2004_x64

10

Analysis

  • max time kernel
    474s
  • max time network
    501s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    04-07-2022 12:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    EmergReport_722623.html

  • Size

    6KB

  • MD5

    3dcdd230925500c73cebb38f49944529

  • SHA1

    bb1a4d6d4fc178024b2052cf9b593fcf585a4fad

  • SHA256

    bff5cf2ca7959cd062c426f37c209ba6a92e948a73e897fac30309c956e80c1f

  • SHA512

    a39baac7dee1362db9b894f60161b71b9c7313b876ed86eab8ceb9dd192526fcf6f30875fbcb93d5bf51f3946314cd74f7c6c2218b69590d4fc88e172e219921

Score
10/10
googlephishing

Malware Config

Signatures

  • Detected google phishing page
    phishinggoogle
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 15 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\EmergReport_722623.html
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:60
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:60 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4560
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:60 CREDAT:82958 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1172
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4184
    • C:\Program Files\7-Zip\7zG.exe
      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\EmergReport_722623\" -spe -an -ai#7zMap13094:98:7zEvent29103
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:2584
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
      1⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2876

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    2
    T1112

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Web Service

    1
    T1102

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
      Filesize

      1KB

      MD5

      1df8b1ce9fd2598386bbb321f4e33fa3

      SHA1

      4fa207ba7e93172a44753f8c6f3da32e45a4afbe

      SHA256

      d60154f27a0380d662fbf5ccafdc4ae6c9fa62d7ce1017f7ad7d783a11e831f2

      SHA512

      829655cf339f523efd1fc7926f9ed5d89c36be57e67fd6145ccb48715bcbe37bc22b7627a76c83a7bed30d0b25929d8aa3755cde6cae7a0ac9b6ebc8aa4c44c0

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      471B

      MD5

      755a2c14793fdf61404083001b6dc8dd

      SHA1

      f9ed4b81926bbee26a3d54f132b5f49a3d0afe71

      SHA256

      4a44f2334c81f285534e6e584382946f217f7c98c446ae2156271d704247ee31

      SHA512

      3b914baa405306a98bbdd251b8f2bb5540c6c388d84a084b327db50d2cfe38b9e2e1a2b95eb8a5ddfe5488f77b91a0739ea403c2db6b5df5e19daff22b93205d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
      Filesize

      434B

      MD5

      e32c13f650d9897549bba12d0102227f

      SHA1

      50785383c286a8ead18a20a60308752332f4d828

      SHA256

      fa39ab34555317cf5832145da218ed6da0c942f8f21a97a56c0cdd9bf8f0a360

      SHA512

      f014ad7b8b4feeb497f6edc0e8041e5c2603914905844465da20e058fdd08de4cae20895150fc5622ab330813f01d618ec7f892ba99044894e2eabc23e3eb636

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      404B

      MD5

      79af57a5596dc1919b023f1b302ce77a

      SHA1

      e0c40ca804d17bbfc4c8ed15d397de51d06da45e

      SHA256

      a3d9b693cc3778ebcf0274e6f2bde6b8a697a21fe4b602bb0af577c8168561cf

      SHA512

      23b2202dc4ebce06100e671026155e4099644f4b0acfc83c135ef6f7720981aadf231b46ba327ec27af9ffdabcaaaa2b210572f1a73ffa6c8dfed3e78db1d6b6

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1dmutkj\imagestore.dat
      Filesize

      34KB

      MD5

      a00eb1f76e3f7f890e25b0e7fe4ce003

      SHA1

      7cfa2999839724619275321303c428cfe1c985f9

      SHA256

      108b4afdbe33f28e726b8706b83cf8dbcc6a3d5717d8852a70c6e34cb61a0f47

      SHA512

      bb3de7c225a615b41ed91f2a692ae074934ae2ae7dc61537c6c0812f3e6b16377fc043629e17753de668416f09a2fba4df4a4d656c5d315a898effcecd764062

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1dmutkj\imagestore.dat
      Filesize

      38KB

      MD5

      a482347ffb3fd97267a7abd42fc557be

      SHA1

      9ff66b10695bc695764bf9921f6fe13ceb769f23

      SHA256

      147bf8dd7923ff635b54919149c66ffb22914504bb3f6a65f43d41cf27b2b218

      SHA512

      ec9783c060f1b77dcf7842dd0df702cc79401d319947bb5c033a5e93dcde1f5694c519721fc00efc29cf2dcfad7c0dfa5c60fe0f053681536ca02fe2c58b338c

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1dmutkj\imagestore.dat
      Filesize

      39KB

      MD5

      aa41f3ac8bf128d7471f1ee9f98a69c9

      SHA1

      0d16b1e0a7d68bcf7c4d8f884b035499502f73c5

      SHA256

      2be32020b2a6aff62464a737efb2358b4ca648ba53db0e6a0f145672e91687de

      SHA512

      a82c4c21a410d4a8d3f51abd391b8a67c303002442563beb38714136f8fe00ee34919996d23f03afeb1b756756eeb82defaf82cea847bf477c51ad6ede6d6f0b

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NN4R666Z\favicon[1].ico
      Filesize

      318B

      MD5

      de86a6f000f8f84e20bc7eb2c7d320e3

      SHA1

      35af87deef9e6c081d834d08963ada2530dc0618

      SHA256

      6a5e064af00286681a3ae734e5407a2ea883955d875c5490e597d1ddb8eda021

      SHA512

      e06a8f3101e1cad5bb965a8543fff987a2e22f8ed1fd9aba00c86bb937118f75b280bcfb1c6649f5ec96d6182582aa64a346e7dd7637c0f73a26f79b3a3aee96

      Download Submit
    • C:\Users\Admin\Downloads\EmergReport_722623.zip.b4eqgil.partial
      Filesize

      1KB

      MD5

      4d739d86d31bdd6809db775483b17445

      SHA1

      f64542a4d219dbc82a714f24d367eb43ab35e529

      SHA256

      a95e23e735e11ac6ad3e030a2eef354c77c4650f9e3bddde0fca39d3b45d0dc3

      SHA512

      b536fd4abbd566e4654e14d87f4a784b89000608224ccd12bdfe8165d7018b2a1e08ea9859af3ae70eab105604ae537ed579edc01fb19eb9d3b00ca65f9a4ed7

      Download Submit
    • C:\Users\Admin\Downloads\EmergReport_722623\EmergReport_722623.lnk
      Filesize

      2KB

      MD5

      0abb78ce2baf5eb0342a6f4517167cc7

      SHA1

      26cad8654d502fc0442faef23fcc09df970e6f8a

      SHA256

      fcc2afcc0f1bf756917d9c02df73d6dfdb0a7090f66ed347ca2138c598d892ab

      SHA512

      ed68a35156f0085874db91bb2c75d5efbefce6dcf67cd8329d5179d087bf9dce15a1e4cf18032a89d007fdb84f9e368b02822b3e763eae222f0f6dd11107cbd6

      Download Submit
    • memory/2876-139-0x000002155A100000-0x000002155ABC1000-memory.dmp
      Filesize

      10.8MB

      Download
    • memory/2876-137-0x0000021573F30000-0x0000021573F4E000-memory.dmp
      Filesize

      120KB

      Download
    • memory/2876-136-0x000002155A100000-0x000002155ABC1000-memory.dmp
      Filesize

      10.8MB

      Download
    • memory/2876-135-0x0000021573FB0000-0x0000021574026000-memory.dmp
      Filesize

      472KB

      Download
    • memory/2876-134-0x0000021573EE0000-0x0000021573F24000-memory.dmp
      Filesize

      272KB

      Download
    • memory/2876-133-0x0000021573A00000-0x0000021573A22000-memory.dmp
      Filesize

      136KB

      Download