Overview

overview

8

Static

static

40cc6b2c11...5.html

windows7-x64

8

40cc6b2c11...5.html

windows10-2004-x64

8

Analysis

  • max time kernel
    122s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/10/2022, 22:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    40cc6b2c1150b2e9f24c5afaebcb98f97f2793f6e1c3c025e8766bb3cb31bc35.html

  • Size

    9KB

  • MD5

    85a4100c21bbd90356e686e066d4a990

  • SHA1

    a4760b7820c1eac077bda84cc29b97d79afd5ef9

  • SHA256

    40cc6b2c1150b2e9f24c5afaebcb98f97f2793f6e1c3c025e8766bb3cb31bc35

  • SHA512

    3c76b40ef6c6f8616ccf82449ef00f8ecf381478e93133c2443a770951b6c054ee479d880dd8843839aef7bbae646226ef24b0e641d610de4d7514b5f8858c12

  • SSDEEP

    192:Kw2KGoribWZFC9CLnd5NM7JL9w1tutJdAmiEVn3Zli1syGZ:URbUFC9C7idRFDiQnh

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\40cc6b2c1150b2e9f24c5afaebcb98f97f2793f6e1c3c025e8766bb3cb31bc35.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2468
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2468 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4624
      • C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe" /out:C:\Users\Admin\AppData\Local\Temp\\VjpwbG.exe /platform:x64 /t:winexe C:\Users\Admin\AppData\Local\Temp\\VjpwbG.js
        3⤵
        • Drops file in Windows directory
        • Suspicious use of WriteProcessMemory
        PID:4444
        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
          C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:AMD64 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD056.tmp" "C:\Users\Admin\AppData\Local\Temp\RESD055.tmp"
          4⤵
            PID:3940
        • C:\Users\Admin\AppData\Local\Temp\VjpwbG.exe
          "C:\Users\Admin\AppData\Local\Temp\VjpwbG.exe"
          3⤵
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:4968
          • C:\Windows\SYSTEM32\cmd.exe
            cmd
            4⤵
              PID:820
            • C:\Windows\system32\WerFault.exe
              C:\Windows\system32\WerFault.exe -u -p 4968 -s 708
              4⤵
              • Program crash
              PID:3440
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -pss -s 456 -p 4968 -ip 4968
        1⤵
          PID:2444

        Network

              MITRE ATT&CK Enterprise v6

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                Filesize

                471B

                MD5

                d3ff0edeee7d1ea5754d8a290ae01189

                SHA1

                253ee24a4776d30bac0aedd7ea213adea6acb6f9

                SHA256

                e2e542a3681c428c021d38e608dffa43da666f6f3c53f623c21dc184639b222b

                SHA512

                ab14449059ae31856026e8d8cb0ec0b4158da0fd19f2a73940a159574a9084ce6a09ac05fb80ef3ab11cd9b1395dce021872215baced48f9e8a0bf7311000db7

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                Filesize

                434B

                MD5

                51266d4ebb095fbef306587018556f32

                SHA1

                815ef83de3cd66f6ef44cd8875747145dbf37180

                SHA256

                7ea7720c5017cc9521da8eea2dfd494f4c62f67f75fc7ccc5adb9d6d68662ac6

                SHA512

                71ec13618c2d696d3c36b1c6560165ff0dbfc2e3166efd6a72a415e2b4b968c4986030484b8aa4432ac8ab18cc9e196d59644bc6ba9a83b4f7276641c1ec2dd3

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\RESD055.tmp
                Filesize

                712B

                MD5

                73697ada4111e01ffa967f49aa994340

                SHA1

                fe3aada4b7e1a227709e554abdefb4a063fa2767

                SHA256

                429aff510830d66b020b8a29429e070bc6b9c1d8273b0ff00eb7708ec49c3eae

                SHA512

                ee18931843732b4b52ea688bbe66059102b5fcaab366901d83d3e03c7b3f56e5af94ef93a9f007fa0b69b7645e38305bdaa67af8e350886fede878743a85095d

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\RESD056.tmp
                Filesize

                1KB

                MD5

                9e92b03634b8ed15d5270026f54ec28a

                SHA1

                11c6670c619e83930d565a25e571c81e90a5e8c4

                SHA256

                26f5a0cf7287f7eb30c0eb6cb90487fb9a3ae22cebe9b0db00ed9bc623ce722e

                SHA512

                d54b74820a6e5ab587cfd792c0b044622d3198df80aa3bf448648eec8dc27ffc6539443aa1b33d779963fb882bd4d0e9c388d612810b210d5b4c31d813a306e9

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\VjpwbG.exe
                Filesize

                18KB

                MD5

                64e4d58a153ec21a2d3e355e196c04f4

                SHA1

                6d1719551686e2e3588a3de85b442b0a87ce53a1

                SHA256

                20b8b3e64e967869a559fb5128aefb25bbf9245a06cd3b711d9422b2a22e470c

                SHA512

                99dbff28544d4c1789006f98e35004ac642dc6271de4291567e5294595ce3723544d68642fdc87b881af3da2e1fea3cba47a132ef9e42b7361c131544a2f9907

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\VjpwbG.exe
                Filesize

                18KB

                MD5

                64e4d58a153ec21a2d3e355e196c04f4

                SHA1

                6d1719551686e2e3588a3de85b442b0a87ce53a1

                SHA256

                20b8b3e64e967869a559fb5128aefb25bbf9245a06cd3b711d9422b2a22e470c

                SHA512

                99dbff28544d4c1789006f98e35004ac642dc6271de4291567e5294595ce3723544d68642fdc87b881af3da2e1fea3cba47a132ef9e42b7361c131544a2f9907

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\VjpwbG.js
                Filesize

                3KB

                MD5

                5dd739e7bd8e93781aa4391fc42bd616

                SHA1

                05dac67887d93e63bad51c770702a871dd1d0dad

                SHA256

                c754707989632d889dfbc45c7f3a72fbd2661c2d0a0c6239501df30a7c09a962

                SHA512

                54b88e2c4dc309a24b4e2a34ada6591e116241fc633d0d0900f0f49d45f994730c4ba9cfd820b33aeabff7ccb26083769d8fc114502d1fc0d5018e18b4622847

                Download Submit

              • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\config\enterprisesec.config.cch
                Filesize

                600B

                MD5

                a633faf3f9a119b9a389f473ac9a4a44

                SHA1

                6e3650268fdbda160198c7b8a1f0d5e0a8240622

                SHA256

                beb8f8a6cc1d0cd90943b1cfefe1a43a562da493ba5604233d94ab3e73d86115

                SHA512

                232fe016fdeaa1c91e32a658b225c2750a5a29052babfc358db0b17f2219d2b068bbfa4b1f1b0634cefb47541377860338208d6ef5ec7b2a8e13b99917da46c5

                Download Submit

              • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\config\security.config.cch
                Filesize

                600B

                MD5

                a633faf3f9a119b9a389f473ac9a4a44

                SHA1

                6e3650268fdbda160198c7b8a1f0d5e0a8240622

                SHA256

                beb8f8a6cc1d0cd90943b1cfefe1a43a562da493ba5604233d94ab3e73d86115

                SHA512

                232fe016fdeaa1c91e32a658b225c2750a5a29052babfc358db0b17f2219d2b068bbfa4b1f1b0634cefb47541377860338208d6ef5ec7b2a8e13b99917da46c5

                Download Submit

              • memory/4444-133-0x00007FF9C4640000-0x00007FF9C5076000-memory.dmp

                Filesize

                10.2MB

                Download

              • memory/4968-143-0x00007FF9C4640000-0x00007FF9C5076000-memory.dmp

                Filesize

                10.2MB

                Download