Resubmissions

15-09-2022 19:00

220915-xnv58sdhb7 6

15-09-2022 15:38

220915-s27c7sdea7 3

15-09-2022 15:13

220915-slrmtadde2 3

Analysis

  • max time kernel
    133s
  • max time network
    143s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    15-09-2022 15:38

General

  • Target

    email-html-1.html

  • Size

    3KB

  • MD5

    1369aef1e1c8d377ddcff22bfb2ae5c6

  • SHA1

    b85e4df8f005310db22c127f5efde202e0dc821c

  • SHA256

    02993b20269143a70431ae1976d8b0edfa6a150b040cc034700cecc3609b592e

  • SHA512

    5a3022b61ff7a396f2c45e9bdc8f3b51fe724ba87c8cefe2d72adeefa22a95e66d54dc498fbbd073fba1a03e58d48c86a8f8f2bd1354c155794a9888759a3b31

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\email-html-1.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2124
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2124 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2404

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    471B

    MD5

    64516f819c8da76f402e4b40799ddadf

    SHA1

    d8582566e6b62bf032adac5699c1649e3a009f94

    SHA256

    471042636f1151ffc6880459c33a579f669808e93f2043a073d1c8af241e28d4

    SHA512

    431396796a20d97b545e4cf07646b8ce5c9e47c198bd9f24b9d1546064b7acd60f3828eab3c52ff43db3d5b4814466176421d42d183795b0e04d6d10bdd07c97

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    404B

    MD5

    d08233489ae390070e1d13270e11b753

    SHA1

    109a27893f12047ffad86e285300820176bc65e8

    SHA256

    2c66e1714dd9a261de0e4f8d9c5ffe76ec291b814b40ffb32aa7464c46b9932a

    SHA512

    b8212cfb307767f833f80e9dcda4cecdbf8b4a8a2a79011a8fd321014e506fb7ea3545c7784477686131e1089f4ce87a8f31b50ef0fecb5f8dee2a4768885623

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\Q2BSIP0C.cookie

    Filesize

    602B

    MD5

    c9693453b23ccfef1f05aa14c7196d3e

    SHA1

    acb7c8e9ebe1a33ccaf74ebc6be9dee040f7fa46

    SHA256

    94179182b8ba19f73b3782d66f50d16e194c4c0aa3bbd5bd676df789802544a8

    SHA512

    a5ae61aa455506bc426e03dbee43792342c1538f9ea784609c2a4a27f647bc94d5ef17b22101ad58907d510e379e17ce0ea8ac2546f1020daaaebf9cf59f1431

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\ZDMM9UM6.cookie

    Filesize

    604B

    MD5

    cb1dd4c56177ad13476544317feb0aa8

    SHA1

    51881df65ae4872b3a2d1e0242336d823ddc5e3d

    SHA256

    c90966cd362ecf58c02f9c00525d343e8468eac3da395d8b1621fd8bdfacc120

    SHA512

    0fa3f387c979b1c01fe52bda4f1fe07171f075dba32aa81850a9e75b5a59823543ff99704aa15387e2c79c346ccb49f89cb60a504d467baee47117f4c60ee985