Overview

overview

10

Static

static

7c04f20104...6.html

windows7_x64

10

7c04f20104...6.html

windows10-2004_x64

8

Resubmissions

15-07-2022 09:27

220715-le15caace4 1

15-07-2022 09:08

220715-k3z2hsabg6 10

15-07-2022 09:05

220715-k1622sabf4 1

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    15-07-2022 09:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7c04f20104e661f361144cb549006e3fd7d3f960d0c410627bad2a795401a5f6.html

  • Size

    1.1MB

  • MD5

    6033e14dfeb0699ee4c1bd6b9c5ea95f

  • SHA1

    a5e5776da0391a064cbe823822956c0137cef76a

  • SHA256

    7c04f20104e661f361144cb549006e3fd7d3f960d0c410627bad2a795401a5f6

  • SHA512

    b2a5f6543eb830b675cdad7041d5529634ccdcf6ce8de89d98cd7cddb8adaeec56d6f9104d92808d276f2e86e7015a2918fecd8e28b41c5913e511637f264c6d

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: LoadsDriver 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7c04f20104e661f361144cb549006e3fd7d3f960d0c410627bad2a795401a5f6.html
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3480
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3480 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1856
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3624
    • C:\Program Files\7-Zip\7zG.exe
      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap20255:100:7zEvent28613
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:4060
    • C:\Program Files\7-Zip\7zFM.exe
      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\3590\Report Jul 14 56956.iso"
      1⤵
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:3584
    • C:\Users\Admin\Downloads\3590\calc.exe
      "C:\Users\Admin\Downloads\3590\calc.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2524
      • C:\Windows\SysWOW64\regsvr32.exe
        C:\Windows\SysWOW64\regsvr32.exe 7533.dll
        2⤵
        • Loads dropped DLL
        PID:1064

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    2
    T1112

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\Downloads\3590\7533.dll
      Filesize

      663KB

      MD5

      813f8790abac50bd495c21b679a5d54f

      SHA1

      21739063a633c8c81a9ac04d3f8d48e11e536038

      SHA256

      0ea61f67684730bdd6c5ddeb74c32d2622f54006b7a3ad5cb9c45dac15513eed

      SHA512

      165837bed0344ff6c2087ab056df448c3a9a6a0c28008060b7b016b9781b708fd7ed12b7070ea4da88bd32474862b3e8d565395a10e7aba00d78c9a4e9bda4b4

      Download Submit
    • C:\Users\Admin\Downloads\3590\7533.dll
      Filesize

      663KB

      MD5

      813f8790abac50bd495c21b679a5d54f

      SHA1

      21739063a633c8c81a9ac04d3f8d48e11e536038

      SHA256

      0ea61f67684730bdd6c5ddeb74c32d2622f54006b7a3ad5cb9c45dac15513eed

      SHA512

      165837bed0344ff6c2087ab056df448c3a9a6a0c28008060b7b016b9781b708fd7ed12b7070ea4da88bd32474862b3e8d565395a10e7aba00d78c9a4e9bda4b4

      Download Submit
    • C:\Users\Admin\Downloads\3590\Report Jul 14 56956.iso
      Filesize

      2.6MB

      MD5

      dd57dd9f92379afff3a44df0e1764825

      SHA1

      8e4690c45c391b6a93db0584f164318ce7bd17e2

      SHA256

      3973fbe964aed7a74d5b2c13f54e876e0e7ec7ff9a5188753c6f9ae3bc0ef2c5

      SHA512

      985f18b7c394989925b96ca6ddb489ba491ded17ad31552befe24451281ba1e5f08853c1be5113b4c0fb7a16da37261f2abb5f613a7c5ed9a8c2f8d9dcb88645

      Download Submit
    • C:\Users\Admin\Downloads\3590\WindowsCodecs.dll
      Filesize

      4KB

      MD5

      21930abbbb06588edf0240cc60302143

      SHA1

      48bf9b838ecb90b8389a0c50b301acc32b44b53e

      SHA256

      8760c4b4cc8fdcd144651d5ba02195d238950d3b70abd7d7e1e2d42b6bda9751

      SHA512

      36b092e22b953a4c984530ee1f3d01aae88084ed8146918316438ee37daefe76ed3cb6dfa39c7a020871a92fc2df0a22b5f4146cdd6437339fe3cff4792db4f6

      Download Submit
    • C:\Users\Admin\Downloads\3590\WindowsCodecs.dll
      Filesize

      4KB

      MD5

      21930abbbb06588edf0240cc60302143

      SHA1

      48bf9b838ecb90b8389a0c50b301acc32b44b53e

      SHA256

      8760c4b4cc8fdcd144651d5ba02195d238950d3b70abd7d7e1e2d42b6bda9751

      SHA512

      36b092e22b953a4c984530ee1f3d01aae88084ed8146918316438ee37daefe76ed3cb6dfa39c7a020871a92fc2df0a22b5f4146cdd6437339fe3cff4792db4f6

      Download Submit
    • C:\Users\Admin\Downloads\3590\calc.exe
      Filesize

      758KB

      MD5

      60b7c0fead45f2066e5b805a91f4f0fc

      SHA1

      9018a7d6cdbe859a430e8794e73381f77c840be0

      SHA256

      80c10ee5f21f92f89cbc293a59d2fd4c01c7958aacad15642558db700943fa22

      SHA512

      68b9f9c00fc64df946684ce81a72a2624f0fc07e07c0c8b3db2fae8c9c0415bd1b4a03ad7ffa96985af0cc5e0410f6c5e29a30200efff21ab4b01369a3c59b58

      Download Submit
    • C:\Users\Admin\Downloads\3590\calc.exe
      Filesize

      758KB

      MD5

      60b7c0fead45f2066e5b805a91f4f0fc

      SHA1

      9018a7d6cdbe859a430e8794e73381f77c840be0

      SHA256

      80c10ee5f21f92f89cbc293a59d2fd4c01c7958aacad15642558db700943fa22

      SHA512

      68b9f9c00fc64df946684ce81a72a2624f0fc07e07c0c8b3db2fae8c9c0415bd1b4a03ad7ffa96985af0cc5e0410f6c5e29a30200efff21ab4b01369a3c59b58

      Download Submit
    • C:\Users\Admin\Downloads\Report Jul 14 56956.zip.p7j7ta0.partial
      Filesize

      696KB

      MD5

      24d11d69dd2e86ebc0856c346082527a

      SHA1

      ccf6e1ca31866627de38fe1e2d42517e03d54e80

      SHA256

      c7728e2e03c96a8d96d4637bc7eebad73b38d5abc87f6032f76ac2b6b7b7e22f

      SHA512

      0278aa51926810fcaa443e1ef1c2fb2d9a1477e963809861e8cf8ec80215c669c113ad81b1e1699ecf8231b02abd43e2d0db2bcebaed3048293cd39beabf07da

      Download Submit
    • memory/1064-136-0x0000000000000000-mapping.dmp
      Download