Overview

overview

8

Static

static

40cc6b2c11...5.html

windows7-x64

8

40cc6b2c11...5.html

windows10-2004-x64

8

Analysis

  • max time kernel
    104s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    19/10/2022, 22:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    40cc6b2c1150b2e9f24c5afaebcb98f97f2793f6e1c3c025e8766bb3cb31bc35.html

  • Size

    9KB

  • MD5

    85a4100c21bbd90356e686e066d4a990

  • SHA1

    a4760b7820c1eac077bda84cc29b97d79afd5ef9

  • SHA256

    40cc6b2c1150b2e9f24c5afaebcb98f97f2793f6e1c3c025e8766bb3cb31bc35

  • SHA512

    3c76b40ef6c6f8616ccf82449ef00f8ecf381478e93133c2443a770951b6c054ee479d880dd8843839aef7bbae646226ef24b0e641d610de4d7514b5f8858c12

  • SSDEEP

    192:Kw2KGoribWZFC9CLnd5NM7JL9w1tutJdAmiEVn3Zli1syGZ:URbUFC9C7idRFDiQnh

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\40cc6b2c1150b2e9f24c5afaebcb98f97f2793f6e1c3c025e8766bb3cb31bc35.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1060
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1060 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:316
      • C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe" /out:C:\Users\Admin\AppData\Local\Temp\\VjpwbG.exe /platform:x64 /t:winexe C:\Users\Admin\AppData\Local\Temp\\VjpwbG.js
        3⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:1088
        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
          C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:AMD64 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3600.tmp" "C:\Users\Admin\AppData\Local\Temp\RES35F0.tmp"
          4⤵
            PID:864
        • C:\Users\Admin\AppData\Local\Temp\VjpwbG.exe
          "C:\Users\Admin\AppData\Local\Temp\VjpwbG.exe"
          3⤵
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:1204
          • C:\Windows\system32\cmd.exe
            cmd
            4⤵
              PID:476

      Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\RES35F0.tmp
              Filesize

              712B

              MD5

              73697ada4111e01ffa967f49aa994340

              SHA1

              fe3aada4b7e1a227709e554abdefb4a063fa2767

              SHA256

              429aff510830d66b020b8a29429e070bc6b9c1d8273b0ff00eb7708ec49c3eae

              SHA512

              ee18931843732b4b52ea688bbe66059102b5fcaab366901d83d3e03c7b3f56e5af94ef93a9f007fa0b69b7645e38305bdaa67af8e350886fede878743a85095d

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\RES3600.tmp
              Filesize

              1KB

              MD5

              994f026294561ac58c840b3f2de42e8f

              SHA1

              c552f56ebf67d3cd0f47f3ae9b7e10b2862133d8

              SHA256

              ca08b8d4042fe2973f3e49449b83fdf73ebb107b2cbf64e83385b62891a6f045

              SHA512

              44d582981f0e91140a85c930f2ad10b8715c6aa93051f7715bbe2dbe3c3805f4c478483e04f669147ff3ebe9da342e412cc87b2aa4c24cc86148aedf887fe7aa

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\VjpwbG.exe
              Filesize

              18KB

              MD5

              f285a7e0d6dcf57013852182caf6ceba

              SHA1

              d9da82431f6ebe3ccffb7819a6a347cfbeaea986

              SHA256

              1588116a0665df26eb33de81d7fb274ea371fc90f570a6b4b3c9b2e4ec1b40a7

              SHA512

              3cdd127e465221813ea48bed69f55539520e82b4ce51b7efd0ee37e1f4a280093ba987e8c4189ee9f5cdd83eae628fdc7626db895b983d55ee08a48e9aea22dc

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\VjpwbG.exe
              Filesize

              18KB

              MD5

              f285a7e0d6dcf57013852182caf6ceba

              SHA1

              d9da82431f6ebe3ccffb7819a6a347cfbeaea986

              SHA256

              1588116a0665df26eb33de81d7fb274ea371fc90f570a6b4b3c9b2e4ec1b40a7

              SHA512

              3cdd127e465221813ea48bed69f55539520e82b4ce51b7efd0ee37e1f4a280093ba987e8c4189ee9f5cdd83eae628fdc7626db895b983d55ee08a48e9aea22dc

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\VjpwbG.js
              Filesize

              3KB

              MD5

              5dd739e7bd8e93781aa4391fc42bd616

              SHA1

              05dac67887d93e63bad51c770702a871dd1d0dad

              SHA256

              c754707989632d889dfbc45c7f3a72fbd2661c2d0a0c6239501df30a7c09a962

              SHA512

              54b88e2c4dc309a24b4e2a34ada6591e116241fc633d0d0900f0f49d45f994730c4ba9cfd820b33aeabff7ccb26083769d8fc114502d1fc0d5018e18b4622847

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZL6RSV1U.txt
              Filesize

              603B

              MD5

              0102646d01cfb11bd9c83c6579052b14

              SHA1

              9c8b549eea2df2f933055299f3942726fdd612ae

              SHA256

              4a52d46f62a90fc934fe6f33c5a5caa1d0a1d46cd8043c0e1c6f50e6c16b46f5

              SHA512

              3d86e76639ef2c46f6177560ae923fae8659d95a880981abae5385420540dd9ed96f70f0df46485e35ec6b0c2472e8cc4634b690f4807ad09f6cbf93c90bea21

              Download Submit

            • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\config\security.config.cch
              Filesize

              600B

              MD5

              f16f75e463e31d91f2f953dbf641395a

              SHA1

              fdc97ccfd01cf7ba5ea143045ed68e88f52cf4ba

              SHA256

              fd09d0d75b8f7b394e3955c8ffa155626080914f2bde3fc4d81d25c42f2cae97

              SHA512

              8fc593bde812955496fe3c8df69417ce7ddfce67022bbe8e39c9b3f9ce1c2271473c2d131e676c7c4da8314caf32d91bd1535bdf702f72dea9a37d60be6a4d73

              Download Submit

            • \Users\Admin\AppData\Local\Temp\VjpwbG.exe
              Filesize

              18KB

              MD5

              f285a7e0d6dcf57013852182caf6ceba

              SHA1

              d9da82431f6ebe3ccffb7819a6a347cfbeaea986

              SHA256

              1588116a0665df26eb33de81d7fb274ea371fc90f570a6b4b3c9b2e4ec1b40a7

              SHA512

              3cdd127e465221813ea48bed69f55539520e82b4ce51b7efd0ee37e1f4a280093ba987e8c4189ee9f5cdd83eae628fdc7626db895b983d55ee08a48e9aea22dc

              Download Submit

            • \Users\Admin\AppData\Local\Temp\VjpwbG.exe
              Filesize

              18KB

              MD5

              f285a7e0d6dcf57013852182caf6ceba

              SHA1

              d9da82431f6ebe3ccffb7819a6a347cfbeaea986

              SHA256

              1588116a0665df26eb33de81d7fb274ea371fc90f570a6b4b3c9b2e4ec1b40a7

              SHA512

              3cdd127e465221813ea48bed69f55539520e82b4ce51b7efd0ee37e1f4a280093ba987e8c4189ee9f5cdd83eae628fdc7626db895b983d55ee08a48e9aea22dc

              Download Submit

            • memory/1088-55-0x000007FEF4000000-0x000007FEF4A23000-memory.dmp

              Filesize

              10.1MB

              Download

            • memory/1204-66-0x000007FEF4000000-0x000007FEF4A23000-memory.dmp

              Filesize

              10.1MB

              Download