Analysis

  • max time kernel
    135s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    20/10/2022, 20:59

General

  • Target

    87f6ff0dccf24e487297960fcb127277b56c436674c969f3a7410eed254b2105.html

  • Size

    70KB

  • MD5

    304027988a6b2cb3b73525bc8cdc2043

  • SHA1

    13f28a438c16a9d97414c35941cdf4e5ce534777

  • SHA256

    87f6ff0dccf24e487297960fcb127277b56c436674c969f3a7410eed254b2105

  • SHA512

    40e30b626749bf47378f3b627c154d2a2eb858b576916b03fa6936bc469a566f5e649d5f9df2a8d8be0e3b726518d572fa893c410a3b7a8ceaa4c6753438fb82

  • SSDEEP

    1536:+gLQQW8puGwGAY8eB6agFPvoZP3h3PYydtPBopPytGPcJSd+wQYQ6d3:+gLQQWVGg+wQYQ6d3

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\87f6ff0dccf24e487297960fcb127277b56c436674c969f3a7410eed254b2105.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1308
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1308 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:468

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    60KB

    MD5

    d15aaa7c9be910a9898260767e2490e1

    SHA1

    2090c53f8d9fc3fbdbafd3a1e4dc25520eb74388

    SHA256

    f8ebaaf487cba0c81a17c8cd680bdd2dd8e90d2114ecc54844cffc0cc647848e

    SHA512

    7e1c1a683914b961b5cc2fe5e4ae288b60bab43bfaa21ce4972772aa0589615c19f57e672e1d93e50a7ed7b76fbd2f1b421089dcaed277120b93f8e91b18af94

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1dee56416ba9f0d948c1b11bae42d594

    SHA1

    97e1b81d2a86a3d3a221bd577818618863c59281

    SHA256

    4528483bb929549fbf3ed6c48075bc60cac99ff1fd5e11a10bd569961f21354a

    SHA512

    2ca0e1982ec22b8aeac78760051af88c557f8f77a56b1d4b282e90e40b9d74943805bd950e0a80a5d4f692d3f5a0433f9dca38682ae2efd98a9f225b09b32f0c

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\HF5SZG56.txt

    Filesize

    608B

    MD5

    8e2b6cceec1f4c68f6292f852796a524

    SHA1

    26db2727ee874c23ed7054ead717ea30fe0f50ad

    SHA256

    1c872bc73daf94cfbcc08ead6e042c77a6094dbe5293a302725619c697d53535

    SHA512

    fc1526c1aba2f77067c0fc4decc136078c4116b55358d874056c065d5da95cab6c24019063e6d48a4542ab4431ba85d0cf2f41e4de1f190ea37d9d87e4e16311