Overview

overview

4

Static

static

�...tp.dll

windows7-x64

3

�...tp.dll

windows10-2004-x64

3

�...me.dll

windows7-x64

1

�...me.dll

windows10-2004-x64

1

�...tl.dll

windows7-x64

3

�...tl.dll

windows10-2004-x64

3

�...tl.dll

windows7-x64

3

�...tl.dll

windows10-2004-x64

3

�...at.dll

windows7-x64

1

�...at.dll

windows10-2004-x64

1

�...pp.dll

windows7-x64

4

�...pp.dll

windows10-2004-x64

4

�...ss.chm

windows7-x64

1

�...ss.chm

windows10-2004-x64

1

�...ss.exe

windows7-x64

1

�...ss.exe

windows10-2004-x64

1

�...2n.dll

windows7-x64

1

�...2n.dll

windows10-2004-x64

1

�...at.dll

windows7-x64

1

�...at.dll

windows10-2004-x64

1

�...at.dll

windows7-x64

1

�...at.dll

windows10-2004-x64

1

�...at.dll

windows7-x64

1

�...at.dll

windows10-2004-x64

1

�...rm.htm

windows7-x64

1

�...rm.htm

windows10-2004-x64

1

�...al.htm

windows7-x64

1

�...al.htm

windows10-2004-x64

1

�...ey.htm

windows7-x64

1

�...ey.htm

windows10-2004-x64

1

�...rm.exe

windows7-x64

1

�...rm.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    123s
  • max time network
    163s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    26/09/2022, 05:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sKw˪c餤/pages/survey.tem/survey.htm

  • Size

    5KB

  • MD5

    dc11f24b47988915c61f9d36ece40a44

  • SHA1

    7a8df04eafc7145bba77914eb57c26a69f2edd13

  • SHA256

    ddd148c7e85599b1573261a298f8d5ad132b3eaca9611c4127a3afc699a38505

  • SHA512

    6f1946ea3a40b3eb4fe7de5fcd7b1e9a89252babc2b4525cebe15b35f32c106d37b1b3cdcd9f5f4a711b94c4dd6ed2df608bdf18f250528f0f4d63022832d1c3

  • SSDEEP

    96:1AGq3u5pZV4zfYeHQQgTRwSd/hsyPxQunD53IqzugssBX:1iqvmzzwnTeSdHPmodkst

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sKw˪c餤\pages\survey.tem\survey.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:848
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:848 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1932

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\A9N2RW7F.txt
    Filesize

    606B

    MD5

    4a879be5181f2f6702264a55a8f4a0cc

    SHA1

    93f47ab5bb51ecdeca4710ac0e22e4dc1b1e8996

    SHA256

    f88dd8ed5e6f33dbfc41ac8cd964686928e4dc1b8be101a0f9b459e603e3f84c

    SHA512

    faaae5c776df9d97f1e742efc4c1b79485261edc01e30c583ab34cc9fe07b746c0272baaa4c0baba4f4f0822c05fe0f6f905c336b9d7e73b14e560f98e28f0fa

    Download Submit