Analysis

  • max time kernel
    281s
  • max time network
    186s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    23-09-2022 22:17

General

  • Target

    159da9373c6c34e826209e5314ff4267a8460d5d9293320679fd55832fb99825.html

  • Size

    606KB

  • MD5

    c8fa3c8d38befc5c96b4b25e9209cdd8

  • SHA1

    057625d4cd8bf04ddaa7131b1136a155fefa9de5

  • SHA256

    159da9373c6c34e826209e5314ff4267a8460d5d9293320679fd55832fb99825

  • SHA512

    b176c6cd0073289550aa7b3a8e93f2fe1265dc10fc19209d826d3b9911e25a4a03d2a0eb867947039a27fb5ffbf4c7a0c9ef0f247133e2e4f7f6fb50fbdc1e62

  • SSDEEP

    3072:aClpGTetRqXXwR8tAuwRuuV3iV1ytRNNTbWCUkPDlJtLn6CVhJc7MwaMyFeqmqD4:aClpGTCRqXARbRVZSvLF2RPthZdHMb

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\159da9373c6c34e826209e5314ff4267a8460d5d9293320679fd55832fb99825.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1060
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1060 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1240

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    259910549aa6b07f1db853a8cd32ee46

    SHA1

    057ac46a11694c441e68e63e34bec3749a127c0f

    SHA256

    5440417f18d14eaae747c2099623a7679cb665db4ed4dafeea16f049d31255e3

    SHA512

    6fb0c0c7a57d14adfe89ca2a5f0a56db5f8dcff50965cfcf350282490bd022c8ef495ed6686aa0844dc2aa4a80f2716c185b9b933fb4d824edd3608633822a77

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\4Q6F7GDN.txt

    Filesize

    602B

    MD5

    d1787dbea1ee01aea336fb8f563c8edb

    SHA1

    3414a7a27993738a10582652943902c6621ed3df

    SHA256

    0dc44f9f1182a17341487e68f1b3c6573ea254d1ed2d9be6575eaa21e2f53fa9

    SHA512

    3f3609865ffb61ec1ef118058da906e0168d2458e7b1a5ee4f2606d6dd66a8433e7e3db13fc52027de4e1184c875bdfce9700e39fc991ad9a97de6cc5201bc6a