Overview

overview

1

Static

static

Claim_Copy...0.html

windows7-x64

1

Claim_Copy...0.html

windows10-2004-x64

1

Resubmissions

29-09-2022 21:36

220929-1fwnkschgj 1

29-09-2022 21:29

220929-1b8scacad9 1

29-09-2022 21:26

220929-1agbpscad8 1

29-09-2022 21:09

220929-zzeczachdr 1

29-09-2022 21:08

220929-zyvzbschdp 1

29-09-2022 21:02

220929-zvwrfscab5 1

Analysis

  • max time kernel
    48s
  • max time network
    227s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29-09-2022 21:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Claim_Copy_4958_Sep_20.html

  • Size

    744KB

  • MD5

    ddf5dcbc26beb02424101daddcb156ea

  • SHA1

    ae8a95ddd3e694b2fa182b37bb56f9fbe27c61e6

  • SHA256

    2468e9a24b9683e210b96542adf891839cece4418d1aa45b7117576971659ac8

  • SHA512

    20a20b48df3e7fb93ee71f582704ae733c00616742f7b03ce063049bae77168d046ce315be874b0a4197553b3bf358107e044ad37592cbbd515cc192b8c04794

  • SSDEEP

    12288:z6hZWwP5NgzdjT+Wnt4mkZK8uWpD0humBbEAEevW:u35SzdjT+1RZK88gmBbE5ee

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Claim_Copy_4958_Sep_20.html
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1760
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1760 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1204
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GTUA22LQ\Claim_Copy_4958_Sep_20
      2⤵
        PID:1800
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GTUA22LQ\Claim_Copy_4958_Sep_20"
          3⤵
            PID:1880
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -url "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GTUA22LQ\Claim_Copy_4958_Sep_20"
              4⤵
                PID:1312
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1312.0.1861858095\749011277" -parentBuildID 20200403170909 -prefsHandle 1192 -prefMapHandle 1184 -prefsLen 1 -prefMapSize 220106 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1312 "\\.\pipe\gecko-crash-server-pipe.1312" 1276 gpu
                  5⤵
                    PID:680
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1312.3.1332719129\1454328830" -childID 1 -isForBrowser -prefsHandle 1816 -prefMapHandle 1576 -prefsLen 156 -prefMapSize 220106 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1312 "\\.\pipe\gecko-crash-server-pipe.1312" 1836 tab
                    5⤵
                      PID:1796
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1312.13.59722501\399585373" -childID 2 -isForBrowser -prefsHandle 2780 -prefMapHandle 2756 -prefsLen 7643 -prefMapSize 220106 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1312 "\\.\pipe\gecko-crash-server-pipe.1312" 2792 tab
                      5⤵
                        PID:2116
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1312.20.2125936221\1932999215" -childID 3 -isForBrowser -prefsHandle 3456 -prefMapHandle 3340 -prefsLen 7643 -prefMapSize 220106 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1312 "\\.\pipe\gecko-crash-server-pipe.1312" 3468 tab
                        5⤵
                          PID:2308
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1312.21.2038103327\454680150" -childID 4 -isForBrowser -prefsHandle 3564 -prefMapHandle 3560 -prefsLen 7643 -prefMapSize 220106 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1312 "\\.\pipe\gecko-crash-server-pipe.1312" 3576 tab
                          5⤵
                            PID:2320

                  Network

                  MITRE ATT&CK Enterprise v6

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                    Filesize

                    340B

                    MD5

                    071ab7cb0b93cc1e2bb12b714edbecbc

                    SHA1

                    a541b71e4a5ce5f606415fd24bb7fcfb7bfbc400

                    SHA256

                    e6df9a7e7bdad5bc1df9b13b2435bcf51246243cdf7e377f9820f65adbee3acd

                    SHA512

                    74a1f9ac9e9e99edc5e5a2a7cc01b0c3edb74e0a79ace0931bcae600a0fa127435b46244dbd6a6b70bcfaab94bef023b6c236acbfb1c31674fab34c16e049e45

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GTUA22LQ\Claim_Copy_4958_Sep_20.fil3geg.partial
                    Filesize

                    391KB

                    MD5

                    80b44ac80643c7ddf6b39563a72a6097

                    SHA1

                    7d35a374f44608ca7ad6d9215f1b7b8a3d6c4b00

                    SHA256

                    f14da36feb9ebb27d63747326dcaccc114ba5fa4923d981675d4f400e679f0c1

                    SHA512

                    21bfa8eb13194b1d2f0264951159a91b76975ac04a0f05aab513d6c3b31ae88c8a8673b12cdb431e2c571ad2705676d3975136b1c1dfacedccb6ae974615e9a9

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\N6PWMYZ5.txt
                    Filesize

                    608B

                    MD5

                    9f19f45bf0bf583387b32b5f99e46bfa

                    SHA1

                    8e970dcaae283fa9c419de8a5996a99682f197bc

                    SHA256

                    84584dc827f87f1547008febb3e1bc0aabe7acdfd9b0d5ea08f4590136957086

                    SHA512

                    24b348dbb304cc735e77d14ef6e6483f344a4671fdae6c246ab7c4914e0d896e336643f23fbef0e4b5fe5d73b67f6499dd77c01236262f04a09fb1e9cecffb72

                    Download Submit

                  • memory/1800-56-0x000007FEFB741000-0x000007FEFB743000-memory.dmp

                    Filesize

                    8KB

                    Download