Analysis

  • max time kernel
    130s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    20/10/2022, 20:53

General

  • Target

    fe4c494b6ccf1910e2bf0ab9507070ed0dcc0807ae9eedd846885e26e285dc0d.html

  • Size

    30KB

  • MD5

    793fe3f5e81a654b2dc8af65fb5bde7b

  • SHA1

    0cc5c3c37c55cb5a4ef469bb3b5854c902fbc142

  • SHA256

    fe4c494b6ccf1910e2bf0ab9507070ed0dcc0807ae9eedd846885e26e285dc0d

  • SHA512

    9586efe5bd9ee230b386abd3840b2c24411e1444560f54366dca02ab0b428bd5113ca4e18ec233c833b439bc520b7786021058551446f84cecf7afe811dc42aa

  • SSDEEP

    768:rV7WlF6UpMCCdBLLL0qFABLLmBLLHHuLnBLL+BLL/BLLG45HIn7tzuFsDARJClS5:rV7WlF6UpMzBLLmBLLmBLLYBLL+BLL/p

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fe4c494b6ccf1910e2bf0ab9507070ed0dcc0807ae9eedd846885e26e285dc0d.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1476
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1476 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1660

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    60KB

    MD5

    d15aaa7c9be910a9898260767e2490e1

    SHA1

    2090c53f8d9fc3fbdbafd3a1e4dc25520eb74388

    SHA256

    f8ebaaf487cba0c81a17c8cd680bdd2dd8e90d2114ecc54844cffc0cc647848e

    SHA512

    7e1c1a683914b961b5cc2fe5e4ae288b60bab43bfaa21ce4972772aa0589615c19f57e672e1d93e50a7ed7b76fbd2f1b421089dcaed277120b93f8e91b18af94

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cb40c23b4179d4bf6c5bd72f1b39ffa8

    SHA1

    2514c76cd97f3e70280859d9b20f4589e29f2188

    SHA256

    610d957d3ec5f91d7edf382d8029c5f09e32dcaf272139681e3d2c4177542a50

    SHA512

    527f7a13e2dab8cc1c70c27f5e274ef5f5d7cb6aa2367775585eb9e34d05d9c0c23df5592597997bb8bb694a3e5a7cb69bc6bd56775a6c01b2fdb2b14e55188f

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\JGFYH1PS.txt

    Filesize

    601B

    MD5

    894dc442d06a8e807b889f708d6219d8

    SHA1

    7b20bb962c04f9fc4523c61981145b0db1f01940

    SHA256

    b6be4d823547eec59ff18fec7ddf97d2d4ac9a08d36237e53c1ef60812246ed5

    SHA512

    bdc604b3c7bf6035bd072412e59edb71ceea374a09a825b8b119d4765ed165b19db2941e04b200c5fa4dcc3cf33230a296ff2195c33833c9cd6c2c34a0beddbe