Analysis

  • max time kernel
    69s
  • max time network
    78s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2022, 19:37

General

  • Target

    INV-901926.html

  • Size

    253KB

  • MD5

    87a4e27f75284eda44b34b7a76524ca6

  • SHA1

    3ecefc2833ffafa0ac48da02bb2036f8763871a8

  • SHA256

    2134f796122f8a17b3f6f9d838cb11a705a44a47c732b81ba9ac982c65b966c3

  • SHA512

    b33e8fd914188feb7ca293811584e9c5910c52e17bc5adda9121db104d8f34c40b45e744eb248810ae0d6a0950851d4ddc5166a907ba2c5a1c55afc81cf1f9a2

  • SSDEEP

    6144:nrDYKFE6P/KlSwe1BBuCpFDN/mht1g+OQ9MKtL4TGDL:QKFE6P/KlSwe1BBuCpFlWng+ONK9

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\INV-901926.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1128
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1128 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1720

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    60KB

    MD5

    d15aaa7c9be910a9898260767e2490e1

    SHA1

    2090c53f8d9fc3fbdbafd3a1e4dc25520eb74388

    SHA256

    f8ebaaf487cba0c81a17c8cd680bdd2dd8e90d2114ecc54844cffc0cc647848e

    SHA512

    7e1c1a683914b961b5cc2fe5e4ae288b60bab43bfaa21ce4972772aa0589615c19f57e672e1d93e50a7ed7b76fbd2f1b421089dcaed277120b93f8e91b18af94

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    78672fc14737e7b1d2feb89ae1a87f4d

    SHA1

    f635a873db8a3a2dfff630803c7c703441de0278

    SHA256

    d5cfad0803d7721f19e476b9a3e6115e4c205911016240eeffc02fa3bf1806e6

    SHA512

    a414d72b635c0f1ee11e2f55e0a6c15ddbbbcf2b33fec2dfd68782387393612ab2112a6aebe9b8d2d3b04e47baf1fd6a13174c05c3bab60c1255d6d3ac48200d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    679aa74b6f4e53a09d702b01ce6a900f

    SHA1

    789a779c733e64a8c94f25ec8ced2fde05a8667c

    SHA256

    b7996c169cf333d6543d637e10c90453b50cde3f9120deda81cb7ed2f4518eb7

    SHA512

    d7d925eb35abcb75d0c6603eecea72dd8b9187935056cd6fe5f1bc557fb3619e3ea962b6a59db10668429b22b9e943dc9502434e887158d321c02860eafa9cfb

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\9OONVO30.txt

    Filesize

    603B

    MD5

    945daeac4b66b9fdfebd4301532ab74f

    SHA1

    f878df69d2938d4dea64d29a61fc0a519de40620

    SHA256

    d8b55ecc60518ac02c35d0f172d25f7d23066ef4aad38ef26d8497159912d9de

    SHA512

    bcbf9f55875f32ec970bf3bfe0cc42567e1abb9ec7b32ac8ec71bbed05cf9ba12926dbe9a77944684106bb6bb03daf804640f3eadc9fc980f04b055b1d1308d3