Overview

overview

1

Static

static

URFT06GSBA...F.html

windows7-x64

1

URFT06GSBA...F.html

windows10-2004-x64

1

Resubmissions

30-09-2022 14:36

220930-ryr9faegar 10

30-09-2022 14:33

220930-rwy9zadgh5 1

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-09-2022 14:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    URFT06GSBAWRP_001_PDF.html

  • Size

    198B

  • MD5

    497443cc310648bda5f2a737147b8e7e

  • SHA1

    8b97df0f61c01d75dcc8c47f3a147f24a81538b9

  • SHA256

    22670bbf031cb76a3d98d4fe13e60fa0412401f4b40bc94e186048ddbf63ac26

  • SHA512

    bf19a9c3c6f3a0a118d3f425f00308b2478c1f11eb0ae9028a5c1891e1b71276aaae3b9eb8f6750df8345378820d69046563ceb94963e64ca8776e05d9cad641

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\URFT06GSBAWRP_001_PDF.html
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4876
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4876 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4604

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    b471dd02d20e38a6695cf3cdb539ce96

    SHA1

    d5006f272254f2639c3b7cd53a4a623aee592ac5

    SHA256

    b6f5d3c2883398ddf4f651161f90a7c85469e1f9d764de6f8481845951d1d149

    SHA512

    a8f8e19635caacf0ba160c9f502514542c9e785070aea3976be688dba8e1bb8a8b0483c286484d619451d47e3f3236bc9f44177d0f8ccd0c5a064f7aa890cf58

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    f7c6f2c161512c50aeab66855d8691ac

    SHA1

    085ec098d8c65a857e56308860f033b982c0ed19

    SHA256

    ab973bc37225a03561b3a61596db37b00a7f24fdfb8f68e86aefba6c5c9d636e

    SHA512

    ddca85bb877d8c281aecadbdbb625a4498ebef55ae4a55b69c10d69f80e50a225873dd2384cf33ceccddb3d6520884659eb1290f45d3e40b810e35601d883abe

    Download Submit