Overview

overview

10

Static

static

2a00d95b47...6.html

windows7_x64

10

2a00d95b47...6.html

windows10-2004_x64

7

Analysis

  • max time kernel
    230s
  • max time network
    234s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    14-07-2022 14:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2a00d95b47cb04f233ce7351b842234410ec89c455f7515e8234b4d350b99406.html

  • Size

    839KB

  • MD5

    6742059d39462d81438ef4d97af53d43

  • SHA1

    f6441fe1691cc77b400fadf210db421ada166b18

  • SHA256

    2a00d95b47cb04f233ce7351b842234410ec89c455f7515e8234b4d350b99406

  • SHA512

    ba92c3fbcb62c15008f146fde736fea857da02d776b13b8992ab8cbfce62d1ab1046e0cb0b1373d5092a4f9040853268df8bfda5e6faa14c970ce2e2a1a43ba5

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2a00d95b47cb04f233ce7351b842234410ec89c455f7515e8234b4d350b99406.html
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2120
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2120 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4032
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1864
    • C:\Program Files\7-Zip\7zG.exe
      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\FXS_5979900\" -spe -an -ai#7zMap29584:84:7zEvent10448
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:4156
    • C:\Program Files\7-Zip\7zG.exe
      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\FXS_5979900\1395\" -an -ai#7zMap3542:118:7zEvent11019
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:3764
    • C:\Windows\System32\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" data\assets\images\ilHD.dat
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2316
      • C:\Windows\SysWOW64\regsvr32.exe
        data\assets\images\ilHD.dat
        2⤵
        • Loads dropped DLL
        PID:1368
    • C:\Windows\System32\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" data\assets\images\ilHD.dat
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:5072
      • C:\Windows\SysWOW64\regsvr32.exe
        data\assets\images\ilHD.dat
        2⤵
        • Loads dropped DLL
        PID:2488

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      471B

      MD5

      4e64144e228300de42014cbc16141081

      SHA1

      a8f013082dc51a1e6ab624fdec2628b2ac4b9e7b

      SHA256

      94333b66fadfb3b501b8cf09acad2a37c7ccd4bac4fac50987e26b87da49b334

      SHA512

      024c8564ecc30be3458308e990afde66c7e945592c7624752740d8202bae451829f0859cb8d1032a09f57613b656324321a7260324000757062fa4d8c414452c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      404B

      MD5

      cb2ab60028dfdc02b5a2d9acc20c824e

      SHA1

      0df8f74b49e2a8e4d3722862784b5c9499d54e59

      SHA256

      4205a7178370b1eb5789e9bcd3fe0c9843b8412f8a114d6607feef06410197cd

      SHA512

      5bb7c2dd7097bb1c4fc6428534ea58bf66b166ae2944544002a9a8ee4e4899ba83a56f3846fcb8d78e0100ee7cdc0d4c1104cd832db0f9f6683c908de7c21952

      Download Submit
    • C:\Users\Admin\Downloads\FXS_5979900.rqvosm0.partial
      Filesize

      457KB

      MD5

      f9df78130be1d212ded36a820be9d61b

      SHA1

      e0abc1483e65d83fe3414fc8ecc734473a0d9b78

      SHA256

      d3355c4e4f690977831dbdb223cfb0b861cc6f06cf359e2da88efa6e205d13d0

      SHA512

      0bad7d5ca6fcc6228efbe88eea952cf1cf763c459403f44fae9cc9e0fa3a6709ed1154ddf8183965c32202feb2142291e9f995be7ddcd10258bbcba63390a7ae

      Download Submit
    • C:\Users\Admin\Downloads\FXS_5979900\1395\DATA\ASSETS\IMAGES\ILHD.DAT
      Filesize

      670KB

      MD5

      1f7dd197ecf193e23a0c329568c65696

      SHA1

      556615a28102c40f67c9d09c828675bdb950557a

      SHA256

      01090ff0d968128575357b9841a3a8d6837b6e13c7b309f656f4543a2181b551

      SHA512

      221c549f6e9e3f3e96957bcf84085a5882efc394e16a6d9a445c1a806f55f46cabd3ddaf2eafb6f9b6ef7821c0647ee345c27b3b000ec21abe91bf215e73fca8

      Download Submit
    • C:\Users\Admin\Downloads\FXS_5979900\1395\DATA\ASSETS\IMAGES\ILHD.DAT
      Filesize

      670KB

      MD5

      1f7dd197ecf193e23a0c329568c65696

      SHA1

      556615a28102c40f67c9d09c828675bdb950557a

      SHA256

      01090ff0d968128575357b9841a3a8d6837b6e13c7b309f656f4543a2181b551

      SHA512

      221c549f6e9e3f3e96957bcf84085a5882efc394e16a6d9a445c1a806f55f46cabd3ddaf2eafb6f9b6ef7821c0647ee345c27b3b000ec21abe91bf215e73fca8

      Download Submit
    • C:\Users\Admin\Downloads\FXS_5979900\1395\FXS_5979900.iso
      Filesize

      842KB

      MD5

      dd084d0ac9942ddd3e233a7fc8bc6ad7

      SHA1

      eff46ccf03925ff6159f9e21314dbde57cba0727

      SHA256

      d35d5a00e32f57eef75079a7575e49e5f95d13bfc0af02baf9bce6aa68e8604d

      SHA512

      868a5238554a8ed0269bc2d174a2eba187b9a805f1a3065ffd4f6f90e1adc8b3e4ae81aa655362e5777a9ba7c8d30ecdc976d40b69650ab10a1b47c83ff7d4da

      Download Submit
    • C:\Users\Admin\Downloads\FXS_5979900\1395\data\assets\images\ilHD.dat
      Filesize

      670KB

      MD5

      1f7dd197ecf193e23a0c329568c65696

      SHA1

      556615a28102c40f67c9d09c828675bdb950557a

      SHA256

      01090ff0d968128575357b9841a3a8d6837b6e13c7b309f656f4543a2181b551

      SHA512

      221c549f6e9e3f3e96957bcf84085a5882efc394e16a6d9a445c1a806f55f46cabd3ddaf2eafb6f9b6ef7821c0647ee345c27b3b000ec21abe91bf215e73fca8

      Download Submit
    • memory/1368-135-0x0000000000000000-mapping.dmp
      Download
    • memory/2488-137-0x0000000000000000-mapping.dmp
      Download