Overview

overview

1

Static

static

FACTURA_35...F.html

windows7-x64

1

FACTURA_35...F.html

windows10-2004-x64

1

Analysis

  • max time kernel
    78s
  • max time network
    80s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    26/09/2022, 16:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FACTURA_356459.PDF.html

  • Size

    400KB

  • MD5

    48329b27eddd5ce90c0122cf72d9b5df

  • SHA1

    b1f896f0b675e9a9e1ad41ecf48a6f6721369613

  • SHA256

    7de3430ce45b0f729dc37af201d03af19324ca9370b00b7a0266d46f886c263b

  • SHA512

    35b1fab76c35505a476854fd1c0b2be99dc743179cad20ba1191cbfce9109730f9eb2ceb1f8847cc68ce7eb2d81131f7ed73bcf58fdb3a5c81cd71db7a85805a

  • SSDEEP

    12288:nK0BOU3+06BkHl81fs2mxOa4njhiYRxz1zq:6Uu0OkeVRVa4F1R/u

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\FACTURA_356459.PDF.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1824
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1824 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1964
      • C:\Windows\SysWOW64\msdt.exe
        -modal 393482 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\Admin\AppData\Local\Temp\NDF1296.tmp -ep NetworkDiagnosticsWeb
        3⤵
        • Suspicious use of FindShellTrayWindow
        PID:1624
  • C:\Windows\SysWOW64\sdiagnhost.exe
    C:\Windows\SysWOW64\sdiagnhost.exe -Embedding
    1⤵
      PID:1460

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      60KB

      MD5

      6c6a24456559f305308cb1fb6c5486b3

      SHA1

      3273ac27d78572f16c3316732b9756ebc22cb6ed

      SHA256

      efc3c579bd619ceab040c4b8c1b821b2d82c64fddd9e80a00ec0d7f6577ed973

      SHA512

      587d4a9175a6aa82cd8bb1c11ca6508f95cd218f76ac322ddbd1bc7146a0e25f8937ee426a6fb0fb0bb045cedb24d8c8a9edfe9f654112f293d8701220f726b4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9049e2285192649c37089a5473a9a5e5

      SHA1

      5a35c2ac7bd59231bc419e663ec2e71efbedfa44

      SHA256

      5c9f244e62e820833b055924fd8062260ae7128f153f767fca3c656e8fd35d54

      SHA512

      d781cd7e225a1b8dc597ac9b0501ebea25c00e18c80b72f9e92f52ca0e9dd0cb1c2e72539c016f9c387f1864f48031af00cdb48ede570181f1d4513beba01089

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      242B

      MD5

      c86f2d57a53580b6be9ae7b0e1bea4bf

      SHA1

      58ad248dd9ee3cc0dad991ffcb0af16646b38eb8

      SHA256

      55a143162728ba4daa805283f0f6a73e1355f108ca1bdcb70023977a19e4306f

      SHA512

      87ead9d7765503bb803f70e31e70712c12908bc838bc76ea08608fb2aabbc212f33938340f1d2aa2c7162e237514e662294d9615ae08cea6f545d56a76d8215d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\NDF1296.tmp
      Filesize

      3KB

      MD5

      f9a3d11dc8ac516b4d8a42524437dcf7

      SHA1

      a7a7f9af0213c95bd9c311cf32be6724067c7d68

      SHA256

      dfbe932c0b48b12ab389f15ceb5feb4af48b712582c4c021b2e9bd8b57b31d5c

      SHA512

      61ff99f46d70ef890da703075a97e9510eef72a28bb7adba96d3284585d33a617595e4957949e6c69ad117ea143cdd9c37799413380151bd2ed7f789c47114ce

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\0R7XH6M1.txt
      Filesize

      608B

      MD5

      059795be0dd8c1947e9005d381f14848

      SHA1

      98afd7f307fd89b507a461eab1199261319ce695

      SHA256

      32071e5cd6bfc10d0d55887e6e1ca3e9a505888a027e466a6269b8bae07fd691

      SHA512

      ff1f2e81e84164216af1d916a389a60e5a3dc018e5f02dd7b6d592f08cc1f8bbc13163a908e39916ae779fc0b09871476a0634c93ba98918bdf65b05e55c31a7

      Download Submit

    • C:\Windows\TEMP\SDIAG_2e269eb7-ab4b-49f9-8235-07a32a95289b\NetworkDiagnosticsTroubleshoot.ps1
      Filesize

      23KB

      MD5

      1d192ce36953dbb7dc7ee0d04c57ad8d

      SHA1

      7008e759cb47bf74a4ea4cd911de158ef00ace84

      SHA256

      935a231924ae5d4a017b0c99d4a5f3904ef280cea4b3f727d365283e26e8a756

      SHA512

      e864ac74e9425a6c7f1be2bbc87df9423408e16429cb61fa1de8875356226293aa07558b2fafdd5d0597254474204f5ba181f4e96c2bc754f1f414748f80a129

      Download Submit

    • C:\Windows\TEMP\SDIAG_2e269eb7-ab4b-49f9-8235-07a32a95289b\UtilityFunctions.ps1
      Filesize

      52KB

      MD5

      2f7c3db0c268cf1cf506fe6e8aecb8a0

      SHA1

      fb35af6b329d60b0ec92e24230eafc8e12b0a9f9

      SHA256

      886a625f71e0c35e5722423ed3aa0f5bff8d120356578ab81a64de2ab73d47f3

      SHA512

      322f2b1404a59ee86c492b58d56b8a6ed6ebc9b844a8c38b7bb0b0675234a3d5cfc9f1d08c38c218070e60ce949aa5322de7a2f87f952e8e653d0ca34ff0de45

      Download Submit

    • C:\Windows\TEMP\SDIAG_2e269eb7-ab4b-49f9-8235-07a32a95289b\UtilitySetConstants.ps1
      Filesize

      2KB

      MD5

      0c75ae5e75c3e181d13768909c8240ba

      SHA1

      288403fc4bedaacebccf4f74d3073f082ef70eb9

      SHA256

      de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

      SHA512

      8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

      Download Submit

    • C:\Windows\TEMP\SDIAG_2e269eb7-ab4b-49f9-8235-07a32a95289b\en-US\LocalizationData.psd1
      Filesize

      5KB

      MD5

      dc9be0fdf9a4e01693cfb7d8a0d49054

      SHA1

      74730fd9c9bd4537fd9a353fe4eafce9fcc105e6

      SHA256

      944186cd57d6adc23a9c28fc271ed92dd56efd6f3bb7c9826f7208ea1a1db440

      SHA512

      92ad96fa6b221882a481b36ff2b7114539eb65be46ee9e3139e45b72da80aac49174155483cba6254b10fff31f0119f07cbc529b1b69c45234c7bb61766aad66

      Download Submit

    • memory/1460-64-0x000000006F240000-0x000000006F7EB000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1460-69-0x000000006F240000-0x000000006F7EB000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1624-62-0x000000006F8C1000-0x000000006F8C3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1624-60-0x0000000075571000-0x0000000075573000-memory.dmp

      Filesize

      8KB

      Download