Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    02-10-2022 17:26

General

  • Target

    https://docs.google.com/document/d/16bxPZtIl6mdHKcHUx5EdM07ibra50fgWgV_LSG9GwR8/edit?usp=sharing

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://docs.google.com/document/d/16bxPZtIl6mdHKcHUx5EdM07ibra50fgWgV_LSG9GwR8/edit?usp=sharing
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1920
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1920 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2036
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1920 CREDAT:472079 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1796

Network

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    853c534a0ed0e9d5ee221f0a9e58f31c

    SHA1

    97ba4555e5023669771739e4af89282130279320

    SHA256

    ff71f2003e0a39804dda56afd336d652043671531f978461f36cd422df3d0a57

    SHA512

    4d878ae7ec723f890955326eac6b2226fdff7d0fbd739743e3d9cb421aba0cb35ff2f2a6a30b516e1b9356e1eb5d6f10eca55d18963f701d48c8ceb67da45020

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_14F2E352CCFE495001982FFDAAC3BE84
    Filesize

    471B

    MD5

    63ee7e605da25dbf1d62eea30a1ef246

    SHA1

    c86b43b61afc5926ee7bc124cc30598d37ceb661

    SHA256

    cb737283476421b6ce93b2909cf5277e82a7adbc3001f66946ff59ad6fabfdb2

    SHA512

    27d549dcb068d0dffbfad14b55b0517e42448a0326fec16b8a64114dec7f27438d4098c6d341beb8ef9648ea4334386a09480f85383dd4299d0fbbae80fc47ea

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_1ACD2B4A039DF3260017F7BF28EE7323
    Filesize

    471B

    MD5

    8c665d81a8995febfec300bd9f554c90

    SHA1

    aa3599f282cff5e07d5681ec4854b70a82590f6d

    SHA256

    57cd30b987eb23f54208b51c04daefd3657fdd84325f4035817b32e4ad5b5461

    SHA512

    d61ea2780655c746318e597563209af7fa0cd5a3d226f21352685643530f9c11915d0e91b5d4d931df52524a8876f9488b811a5c9c85cfa07cbf6374125905da

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    5a11c6099b9e5808dfb08c5c9570c92f

    SHA1

    e5dc219641146d1839557973f348037fa589fd18

    SHA256

    91291a5edc4e10a225d3c23265d236ecc74473d9893be5bd07e202d95b3fb172

    SHA512

    c2435b6619464a14c65ab116ab83a6e0568bdf7abc5e5a5e19f3deaf56c70a46360965da8b60e1256e9c8656aef9751adb9e762731bb8dbab145f1c8224ac8f9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_C89A7CE86B947A5BDDEC66331470004A
    Filesize

    471B

    MD5

    6abe76ca28fe176c44e7475b1d5c93fb

    SHA1

    a4a87a771c6f081e5dae3499c090551c6dd31acb

    SHA256

    451a8f3a3e654355467b434976022b84820c25b54f7b78472635c7dc3241423f

    SHA512

    5417d09ac430dc4098f42df3e0e35b8767ea73625e071b2d3cb48538a74c2ccfb1e29e89645a0bea6336eb0fe4ae9e3fe1e722fb17ed3afd807817f138901634

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    d7ad42de2d5d999fe27e98752c8f6a88

    SHA1

    28822122431e3941424d5d76778c87dd132daae2

    SHA256

    3b337270ed6650fdd9495969450c157299cc7acecede75968357b6c195b6ebab

    SHA512

    a65da4e49963acfb4b3e321abd4c597ff71be4e3f93be7ca9de9def89fb25818381107eaf225c932158517a007bd2d9804d594c9bac91d8d0f33ae064374a369

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_14F2E352CCFE495001982FFDAAC3BE84
    Filesize

    406B

    MD5

    4bcbeb54a3adba647b4e9d8be10f7a8e

    SHA1

    5dbea37a73fd098e8df0072faa7e41d662593ef2

    SHA256

    efc288adde802741eeea7c0091ca9d1659e55152bf75ea3a690cdad9ffe5dd7d

    SHA512

    95b51bdb037b5cd33feb6c108bf1a45aa4931137a6585d3c5b9cb8b9002ab41af60460b2c68fb25d40d083deb49478acac1c2efb46b1433d5370a5ed211b86bf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_1ACD2B4A039DF3260017F7BF28EE7323
    Filesize

    414B

    MD5

    1b23c6dcd4b347153ca41fee624afd8c

    SHA1

    62a01358a29f60d3d73d7c1f839266abd05d328d

    SHA256

    a8bac1ae304ea784b89f403fbea95bc8d91f072cae29b6a85cfcbd15b5ed80e8

    SHA512

    b0cf49a2b0721c1d1b9a77b0989b05853a4138ed5585c7e9934449f18865bb3a00954a86104f62bbe9c4ac79092d468b5a1ae8d7abe14be1aed3437a6c1e9dab

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    834b8575f27603edd64a83ce9f364a0b

    SHA1

    1a49454434bc64c77d77b5cc8dc8019b5304d174

    SHA256

    25fc184d4e722cad4439fcb92d257ca45c94d87d4c90efd20e1e54cc23baacac

    SHA512

    c726b7983e07f88e920e5c07dd173d3bf44c79218cb20b08813add9d739469dbf10480896791485f36c622c7044100eeb9c3d718baa4606937f6e9f3d265b5c8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    4e59fa045659fc8a00b63377aecfa67a

    SHA1

    facbef047afd7bf4bfe44d979cec390976794895

    SHA256

    bc99d105c181e483b07397858ccf80f17a900790384d4a1f50ce12aa20ef3234

    SHA512

    fddbe3b8eb5951566ad71a111afb6d94a65ee176e3abe592bc203fbb10434aa288b47f84f71faa91a1e5d45a8f6a009b81e6bb9853058a0352a4bf886266cb4a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    9a51124ac0c3cac3307b1772a41a8803

    SHA1

    ab05057fa190caf4699615f54e693306df48feb4

    SHA256

    53e97d6a0b53afa616554f2a7fd3e3aaf8f5e36817106f63a6b612b8e30d87c0

    SHA512

    afba224398a6a7602602ab62b51f9a9b7ec1bbdc4946cc2ddc64dae4e71cd249e69153ae603471e601c97e54be823157f6ae65ea557826b71ea9dd51c990cbf9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_C89A7CE86B947A5BDDEC66331470004A
    Filesize

    406B

    MD5

    5b26a0cbc2fa09fabd874594d014e45e

    SHA1

    cfa1e26a4de8819a13c5408f37817808fc21fc6e

    SHA256

    46e69593eb57960d4e46f60f564b831b68993f91d9f1bf5e43b8fa440cdf6f49

    SHA512

    67d6b3690a21d30fcc92d229609fa3059f52fb9e0614a97012234ebef9a05882f550164feaa600ee704c33adb99fdd219499c2d6b09d78ba188ed1a5e7490609

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\lwrmjt1\imagestore.dat
    Filesize

    9KB

    MD5

    c1b95a9d5914210b62281eb51021b96d

    SHA1

    1146692c69008f778ed6ae31f4334e4d572fdc02

    SHA256

    f74b346a678db09ce914fd1755a0d2a146026246f0730bba462b903093bd93ce

    SHA512

    329d0e2c419d6db338631120a5e266783bc492f6db0ba339c1f5ff72e2ed89a5a5161cecca7d8b7ff29543137513276df213420261fbe539b35e5ec30569fb05

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\lwrmjt1\imagestore.dat
    Filesize

    33KB

    MD5

    b2ce048b15d10acb4e375e992a414e51

    SHA1

    8be34264207f578531eca04a3b48223d2606124b

    SHA256

    d4c33699c4be529922090271349196f79d18d5e9193efd72fae693b59de602e0

    SHA512

    e0a058f8a0471078d9af7031effc33cb57653b0a4755531b7adf6867a8c0c12254690b053c5d7734bb68e851dde88d3ef1fe0ddaf862afedd43773edfb918c65

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\64VY71PM.txt
    Filesize

    597B

    MD5

    ab7e2304437f43dc047f333468c5cd7c

    SHA1

    c78e899a74111eb5bb14484e3222f0a646053b06

    SHA256

    07cb903d7c9be78cf3c77983931a939bfd128360ec6e5235069850eddd122b1b

    SHA512

    75df15bb0f19e005a61641a44df277fe8a5fd702b2f179849e25be6557eac2b94daa2ab0b1a745932d31f2cf765d11ef7c31cb3b7baf3a639a1251d75ac7831c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\FMYUZFBJ.txt
    Filesize

    238B

    MD5

    ef71a266ee0ea30134bf890a773944df

    SHA1

    b2ace2cb4197a45e0e26f6974cbf219bbdedbadb

    SHA256

    3622eda3b94a1ec15b56e30bab3ff1d3479f8cc93d34896320a5af0597316929

    SHA512

    363e178277be30f0e7517fd9d531e32ddb9a6639238996b0dba712d5dd673beddbce1aa113939fbc5c910c1c52418244026585e7f87611b5402c89e38f2732f3

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\OMH0CXEP.txt
    Filesize

    419B

    MD5

    861c1c0a0ea9283ad9793336c9de1076

    SHA1

    1c38c4e530bfbd2861332907af8cbb13f1b9b59d

    SHA256

    1018465e680d54ad11e321a57812a8b4da480e14b4f41d4abe5e1d5cefb40c96

    SHA512

    d38e8bafcbb180099d34d1554c9558eb8498b302a68ae5260b8aa30d6f3e35194d5dae9e52988d37b85f81785a7f92dc7e3096de883ba7d669089dd3f521cbe3

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\SU50VAOS.txt
    Filesize

    496B

    MD5

    f310b26b7fd4995438d329f0318177c5

    SHA1

    8a3f59fb543c1c41ece31ed99079c26f271b6273

    SHA256

    9cb411697c4b503d625ccbf8cc79181af1e44172f493daea2fe7324bdd3c31b6

    SHA512

    9c59835a1423c565d73bb5e7befde0b3c49308b83eb19de4ba022c2b8785188e6b8c3bfd0651a069406b71a779f7629b588e93fcdecaebb51f01d7fbefb7a82c