Overview

overview

6

Static

static

winprofile

windows7-x64

6

winprofile

windows10-1703-x64

6

Analysis

  • max time kernel
    144s
  • max time network
    224s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    23/09/2022, 10:21

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bcfe3e23ecba33372017d4a21923c9b197f0b42e9726a9873ae53ea5793a3385.html

  • Size

    608KB

  • MD5

    b3b162d4487c781362f9e5941251b474

  • SHA1

    9eaffba8db0b7938d779c35ce325466f86f5d2b4

  • SHA256

    bcfe3e23ecba33372017d4a21923c9b197f0b42e9726a9873ae53ea5793a3385

  • SHA512

    d8b4f5becb0170f77d9e73742512a00917a957916b16d1177074aeae4c5ce3a32ad8ee62fc1c7b02238a88369be317c8fa6c8e2ee60107d7663dcd6c593df8c8

  • SSDEEP

    3072:HClpGTetRqX4wROwRubY3YiV1ytmVHbWCUkPDlJtLn6CVhJc7MwaMyFeqmqDCMAT:HClpGTCRqXlR7RNSvLF2RPthZwRdMC

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bcfe3e23ecba33372017d4a21923c9b197f0b42e9726a9873ae53ea5793a3385.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4556
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4556 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4676

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          471B

          MD5

          0a8ccb22b686f8477bd7c0815474980f

          SHA1

          4a8127d2f3e3840737696dbbbae0bdaea33da790

          SHA256

          1792128e4ffcb7422d38888abd7879f2958acaebddd325a27a2144bea963e825

          SHA512

          53cb292ad44cb41d9f1e68d4b532a0fb6396b74a86edb2c95033d27620f60b58b6c45ba97291f8397a07a6556952f611901b88bd1983027197555983093738f9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          404B

          MD5

          765667985b26bff7fa48a4cccf77518b

          SHA1

          5e62cc033f1863ff1011a8f8baa423dd0c9754da

          SHA256

          fd9672ccfb12a433d1595dac053c0720fddf3bfb0fb199d33562394d901a810b

          SHA512

          4fe0045d3af72d59f2f44e90f51475edf2551b570ac6ba9de5ae75c3b34a41625a07fc23041aec37404ff9ecbb03e0de2cd48c643a8b552d9659d6569d5657fc

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\15D8HF04.cookie
          Filesize

          610B

          MD5

          35dc5effdff80ab93d3899b40554744b

          SHA1

          9eca4369ca20a0d3dc4fb9eb4193581b0c5d67a7

          SHA256

          f0cb395140eba0d9e7315b6cc49f7f018b232bb139572755d00e9e9c9ac7f9fb

          SHA512

          d161cd2cb851d38ee2f6717f6cb892ab6260180cb5ed49089b21739b836a88b6342cda2373e067c5bf562158d8175d8a8ee240efb91a4594d08e03cc281743ff

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\YH9TFD68.cookie
          Filesize

          609B

          MD5

          664a0ac30d79ffd54792b564fc93662d

          SHA1

          61ce0ad04b83e2abf749ed203417bed4fd83a21f

          SHA256

          30282ef9ab68020339568c4a3aaa5f31576112648b54f27c6391865d4ee0e131

          SHA512

          e961bc6f4c1a436e76de0e45ffa08ba78ffa71c4ce2a36dc1713084a0f975be2280895fc8e3d17902dd92fc458e8fd337dc73a5fb578af98f857bfa4ba7fcc03

          Download Submit