Overview

overview

10

Static

static

Document_2...).html

windows7-x64

1

Document_2...).html

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    08-11-2022 15:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Document_2173_Scan_(Nov8).html

  • Size

    1.8MB

  • MD5

    74883888d9279c414e01db7e654306c2

  • SHA1

    a4a22d336b6fdf9adccedf7518a0013d2622e36f

  • SHA256

    08d93a2201ddb766209a9a6adf88c377a2617a6d963bd408c3dabe92ae8b9b5e

  • SHA512

    ae4757db86561c4085ef291e33691a18e6375cbbf100dfd7aeb8533ea937d8c41e0f0a8b7410904ea183e904701edd590416744322b9f2f6ed4e1e68f37ce8de

  • SSDEEP

    24576:F2XNH1C8Q24r4xUL4/tcE9rhEfzA9n3UX7lGFPvvQjouYabAXgBlgbqRWuDLe:M9VCHQWmlojouldBl9RWue

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 43 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Document_2173_Scan_(Nov8).html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1388
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1388 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:956
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1552
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6cb4f50,0x7fef6cb4f60,0x7fef6cb4f70
      2⤵
        PID:1728
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1064,10982073600339292309,3634488150437025125,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1056 /prefetch:2
        2⤵
          PID:1000
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1064,10982073600339292309,3634488150437025125,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1280 /prefetch:8
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1832
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1064,10982073600339292309,3634488150437025125,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1736 /prefetch:8
          2⤵
            PID:624
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,10982073600339292309,3634488150437025125,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2024 /prefetch:1
            2⤵
              PID:1844
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,10982073600339292309,3634488150437025125,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2132 /prefetch:1
              2⤵
                PID:272
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,10982073600339292309,3634488150437025125,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
                2⤵
                  PID:2120
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1064,10982073600339292309,3634488150437025125,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2624 /prefetch:2
                  2⤵
                    PID:2252
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,10982073600339292309,3634488150437025125,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2660 /prefetch:1
                    2⤵
                      PID:2296
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,10982073600339292309,3634488150437025125,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3536 /prefetch:8
                      2⤵
                        PID:2360
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,10982073600339292309,3634488150437025125,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3624 /prefetch:8
                        2⤵
                          PID:2368
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,10982073600339292309,3634488150437025125,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
                          2⤵
                            PID:2436
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,10982073600339292309,3634488150437025125,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2144 /prefetch:1
                            2⤵
                              PID:2508
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1064,10982073600339292309,3634488150437025125,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3932 /prefetch:8
                              2⤵
                                PID:2572
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,10982073600339292309,3634488150437025125,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1696 /prefetch:8
                                2⤵
                                  PID:2684
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1064,10982073600339292309,3634488150437025125,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3352 /prefetch:8
                                  2⤵
                                    PID:2760
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1064,10982073600339292309,3634488150437025125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3948 /prefetch:8
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:2800

                                Network

                                MITRE ATT&CK Enterprise v6

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
                                  Filesize

                                  1KB

                                  MD5

                                  7ed55478d555cb8377ac6f26628056d4

                                  SHA1

                                  fa1b8535c06b30914b4c23b185ac89ea9d884b04

                                  SHA256

                                  4a502dd143766bdf1bc0737a0a2e813abf0003579257e0acd299046091a7ba58

                                  SHA512

                                  34f23c0b850bd69d9a171ffe0b85449d8fe1fe7976e7f363d374f867ee4a7d9f610e0ba06fc5138cb016444b7b2e75c62e266e8a75fd9cd2dd37f55752ffaa17

                                  Download Submit

                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_FB33DE4BE9BB439EA06A0D7200BF0991
                                  Filesize

                                  471B

                                  MD5

                                  03fc468285706210a3ce339d5a223c61

                                  SHA1

                                  fd32b7fa20b5c53cc2aebc09a3defe4c890f61be

                                  SHA256

                                  9401d1803a9bac1dd2297405f8cf32dffdc375912ccc1c7bcf884f59a0ed64ab

                                  SHA512

                                  5112c2d7b87326b9b1b1fb50933b36805cfaeeedc0a53324f73d846e7a32fd38565554ca3fbdefad624dc06b8c98d33195c4575a76f5f29178ef10fdde542c7b

                                  Download Submit

                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
                                  Filesize

                                  724B

                                  MD5

                                  f569e1d183b84e8078dc456192127536

                                  SHA1

                                  30c537463eed902925300dd07a87d820a713753f

                                  SHA256

                                  287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

                                  SHA512

                                  49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

                                  Download Submit

                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_3B0C6F9A5FE4CC35B9E0194525154B89
                                  Filesize

                                  471B

                                  MD5

                                  96791bd486db22c41012d25318835bdf

                                  SHA1

                                  b32c813f16b84a6b2660bd527843da5e368af8eb

                                  SHA256

                                  61a4589c35910af9f8d20ff0c7eca296a77a336ab00730573fe9ce7cf2cc72c5

                                  SHA512

                                  2f5a304602a160dcacbb945fb48b3534093990abe596fbc230f1b4d5f078e485edccbe671b421fb27ceab7da72cfab3ac6344be06bfa8fa0cb5e769fcd35f1a6

                                  Download Submit

                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
                                  Filesize

                                  410B

                                  MD5

                                  d6b1f3f00388d12321db4b8735fab738

                                  SHA1

                                  a8df4642cc252b0ef6f3c60f6096683a575dc504

                                  SHA256

                                  968480d2cf8272fd4c3e2a529ed4e91dc43dfd40fefc2806f19dd0d06f012b9b

                                  SHA512

                                  033c7d20bd8bd6f82345008959b7950270c04a582c36048d672b8f449de9396296aecfbe0220f453856a9a95dfa49085b01002e31765e98e04138fa4cb90e17e

                                  Download Submit

                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_FB33DE4BE9BB439EA06A0D7200BF0991
                                  Filesize

                                  410B

                                  MD5

                                  7dd260a22e79c4c7bdbba8ae458dd6ca

                                  SHA1

                                  be5dc1414232b67e3a7a3b4aeff7c9d4b6930d34

                                  SHA256

                                  20b8a9abcc8ca57d37d4be9f86cac95a0295fcc73935164da2331c3a69f8814a

                                  SHA512

                                  74407adbfe9a8761a09a7472d487903d50bf83d4ebd4da34bdaade0844099dca7001990bae98d7eb96279024ec595425a3980a51c24dfd943d8ad579163ba7cd

                                  Download Submit

                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                  Filesize

                                  340B

                                  MD5

                                  1e535a7eb62c53862012d2c57bcdd219

                                  SHA1

                                  98e24d87ecd22ff58eff3ac18b02fefff7c8a358

                                  SHA256

                                  7311c7ab5abd5112993aa21913300ed1ca3e2632653e4c0babd7509ae78e41d8

                                  SHA512

                                  7d122a28ecacb12db976cd76f2e4f13cca09fc1a832c2211b8d635c559d52f8d1e6314b3742457864ed2410b4698d575f4b44e83d3eead382c963161544765f5

                                  Download Submit

                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
                                  Filesize

                                  392B

                                  MD5

                                  78680e10697528800517fab82f8baa0d

                                  SHA1

                                  05eafe346f5fa20e28ec94349e53e1539dfff1f9

                                  SHA256

                                  ed06a53e6b10d884de9574cb610f2cd395f456210f1e7e1b7f2e403dafb4b627

                                  SHA512

                                  584f11e74a04fc110d3adebb2bd64025b737d7fb494703fc68d03d79e2ae14781070b9228044eed899e634b275d20e978e5a6e8f02e3860d2363a4de95ad55b7

                                  Download Submit

                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_3B0C6F9A5FE4CC35B9E0194525154B89
                                  Filesize

                                  406B

                                  MD5

                                  0336274ef461d90e94211e1b9897178d

                                  SHA1

                                  46a67cb28181ce53dcb32709169da7bd8d0bd34d

                                  SHA256

                                  d8394783b467a9c788a66b979d17e9430948ecf0d328308a980d8249785b47e3

                                  SHA512

                                  ca5e63f73f316f853a180fd65b500771131f8f794217d1c63526005547f9c998ac9c1a64aa3e5edb5d50cf4c601ec92c9cc90532a983addfdd80f7a0105448da

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\PC59WBYL.txt
                                  Filesize

                                  529B

                                  MD5

                                  8079cc7ce74470b6fbcc20766710793d

                                  SHA1

                                  82d2a877131ea42217621bcdf153152bc4f2dc26

                                  SHA256

                                  270a0c82b29af99255a7506d2762ec1f15a1776610ac84ccaea2e652a5562330

                                  SHA512

                                  3827b217c13632d79ad39f846a56d976d515b4f2db549a4c45a11f315064569839bfa0d76b30e0f09d8150b70f1a5419551e902f87cdc8c4e3c4ba6d7732c54e

                                  Download Submit