Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220721-en
  • resource tags
    arch:x64,  arch:x86,  image:win10v2004-20220721-en,  locale:en-us,  os:windows10-2004-x64,  system
  • submitted
    06-08-2022 06:18

General

  • Target

    attachment20220806-28922-p2h30w.html

  • Size

    1KB

  • Sample

    220806-g2pydabdgp

  • MD5

    c59bdb7ae1b6b6473ee1809f956242be

  • SHA1

    bba5bd5dc7f488563bf13313ba154f5d7a874ad5

  • SHA256

    1947505600b08e51be206bf1b4b56db0f975db534f3554327a6c0d78d5a9f59e

  • SHA512

    e467cb455d9945b24151a02d9c6bbdf9fabeb79eeb20c22bf304cc853c6dcc888559cecb113411a7cc233c6dc69623fd76b03d3300e2cd42a37a35a2a59e0079

Score
1/10

Malware Config

Signatures 5

  • Modifies Internet Explorer settings ⋅ 1 TTPs 39 IoCs
  • Suspicious behavior: GetForegroundWindowSpam ⋅ 1 IoCs
  • Suspicious use of FindShellTrayWindow ⋅ 1 IoCs
  • Suspicious use of SetWindowsHookEx ⋅ 6 IoCs
  • Suspicious use of WriteProcessMemory ⋅ 3 IoCs

Processes 2

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\attachment20220806-28922-p2h30w.html
    Modifies Internet Explorer settings
    Suspicious behavior: GetForegroundWindowSpam
    Suspicious use of FindShellTrayWindow
    Suspicious use of SetWindowsHookEx
    Suspicious use of WriteProcessMemory
    PID:3876
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3876 CREDAT:17410 /prefetch:2
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1748

Network

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Discovery

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation

                        Replay Monitor

                        00:00 00:00

                        Downloads

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                          MD5

                          29cfcce308fc86433aab93d24e4f06a1

                          SHA1

                          f48ec3b1dcfe201e9ebe797fa2c97fd006803723

                          SHA256

                          253a8be7fd3b8dd52b67f9bb3448ec4df3259666acfc1cd73f2b1d2f913d4d78

                          SHA512

                          0f5caac8fa23be8c07055e81996cb00626c01c2c00f1e292292941dfd90604ab5b5e82798d92086320c623b4fed7115d0b55cb7645b243d9ed542115b7eec8be

                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                          MD5

                          fd01f28234cd7a3c501226187db8e6a2

                          SHA1

                          a6a6fa0441595643c0a0db574ace38a69bdaf4d6

                          SHA256

                          56c265c95394f678fd8a90e4e2325c083855a21bcada3aaca675d59ce1476856

                          SHA512

                          5a8d19a86e0ce288c5e3da994fc4fbb09c973ba4b4abc8936499bca289b9c069b0fe14a8a79a8e359824dfbd36cb00bc46fcd6e5387befda4a6cfdd89b0a01c5