Overview

overview

10

Static

static

5b972dc497...be.htm

windows7-x64

1

5b972dc497...be.htm

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    18-11-2022 11:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5b972dc4971863fd6c9e01f5de1621be.htm

  • Size

    978KB

  • MD5

    5b972dc4971863fd6c9e01f5de1621be

  • SHA1

    e3c260cb820411998ae941fadcb14472ac29add5

  • SHA256

    fa7ed25f6b2b152c0cce541986163e1f88a8eb5ecb7ec375a648c4516ecd21fc

  • SHA512

    1df7cf4af183336e98c544d80b0d304a5a491b6922a841f163efd52baefd06c9b6ffaafe92e5bc6b5f82d79568b825be44c1c3cf2d55bf5eddb11499ec178e42

  • SSDEEP

    12288:mnJSRMyEWfUvDZ1k2f51vorLZatzeHcdt9XODfNWGqUl2gZVfsNueqtcAMeVtqCM:mnjv3kUcZEcDfN9l2ZNuxtcAMeV/M

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5b972dc4971863fd6c9e01f5de1621be.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1232
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1232 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1508
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:904
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6484f50,0x7fef6484f60,0x7fef6484f70
      2⤵
        PID:1984
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=992,5412512708207669631,8001742862589924447,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1064 /prefetch:2
        2⤵
          PID:1696
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=992,5412512708207669631,8001742862589924447,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1252 /prefetch:8
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:624
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=992,5412512708207669631,8001742862589924447,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1800 /prefetch:8
          2⤵
            PID:608
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=992,5412512708207669631,8001742862589924447,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2084 /prefetch:1
            2⤵
              PID:1948
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=992,5412512708207669631,8001742862589924447,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2072 /prefetch:1
              2⤵
                PID:1296
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=992,5412512708207669631,8001742862589924447,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2376 /prefetch:8
                2⤵
                  PID:2116
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=992,5412512708207669631,8001742862589924447,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3340 /prefetch:2
                  2⤵
                    PID:2208
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=992,5412512708207669631,8001742862589924447,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=968 /prefetch:1
                    2⤵
                      PID:2252
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=992,5412512708207669631,8001742862589924447,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3504 /prefetch:8
                      2⤵
                        PID:2316
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=992,5412512708207669631,8001742862589924447,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3568 /prefetch:8
                        2⤵
                          PID:2352
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=992,5412512708207669631,8001742862589924447,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
                          2⤵
                            PID:2404
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=992,5412512708207669631,8001742862589924447,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2180 /prefetch:1
                            2⤵
                              PID:2476
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=992,5412512708207669631,8001742862589924447,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 /prefetch:8
                              2⤵
                                PID:2536
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=992,5412512708207669631,8001742862589924447,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3324 /prefetch:8
                                2⤵
                                  PID:2596
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=992,5412512708207669631,8001742862589924447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4416 /prefetch:8
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:2640
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=992,5412512708207669631,8001742862589924447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4364 /prefetch:8
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:2648
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=992,5412512708207669631,8001742862589924447,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4420 /prefetch:8
                                  2⤵
                                    PID:2656
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=992,5412512708207669631,8001742862589924447,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3820 /prefetch:8
                                    2⤵
                                      PID:2760
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=992,5412512708207669631,8001742862589924447,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4296 /prefetch:8
                                      2⤵
                                        PID:2816
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=992,5412512708207669631,8001742862589924447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3716 /prefetch:8
                                        2⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:2824
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=992,5412512708207669631,8001742862589924447,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3568 /prefetch:8
                                        2⤵
                                          PID:2956

                                      Network

                                      MITRE ATT&CK Enterprise v6

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
                                        Filesize

                                        1KB

                                        MD5

                                        80a3e5557b36ced6706793d8c560c4a1

                                        SHA1

                                        09f050e337ae21d267faa599de1a1357c0a51ad0

                                        SHA256

                                        80818d67bb8a0f7f8bfdf8fd3cdef935f1dbb8d0575b2e5bf4c3e02a56a84f81

                                        SHA512

                                        66a939065a60ff78b519e3fb74344315ff6d94559c75a269faa50463fb48ac4c6193d75282f046fcef2ebd00259b8e0546686308a3962c98de233372da7a9bed

                                        Download Submit

                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
                                        Filesize

                                        724B

                                        MD5

                                        f569e1d183b84e8078dc456192127536

                                        SHA1

                                        30c537463eed902925300dd07a87d820a713753f

                                        SHA256

                                        287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

                                        SHA512

                                        49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

                                        Download Submit

                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_A348BF23A300F99B75A74D30ED4C5443
                                        Filesize

                                        472B

                                        MD5

                                        75567f40088f4b1c757a5911de96f6f2

                                        SHA1

                                        152fccecc7c260bd74b271a17136c7042a60c17e

                                        SHA256

                                        960b76e59563e2dd5e3177c2ac016fe6384631fc75321ed9c3cddc461040dfb2

                                        SHA512

                                        672c0f996a89d2ab09f4045168205f74c4f7533c3bc08fcbe2853a74a3958b3db59161df527a30d57e677e9a9892697b08ee9f169f64b37c29366ce381a282d9

                                        Download Submit

                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_DD5E18651A85E635F184F73BE6D3DB70
                                        Filesize

                                        472B

                                        MD5

                                        feaeba711c7421b074e726f89ff34e0b

                                        SHA1

                                        c590c0b76a7a78ab51a4dabcd8f20a1b172b02fb

                                        SHA256

                                        ebe6e312ea7116713547fbd756805843b1c242ad22269158a79305f1819fa990

                                        SHA512

                                        a42aab8fffeb74708dc35d6cacd16a0f0d30869531e455b063023484d9134a8a2f8520aae78576abe2bf8dfc974165e9e69e3e355ea07ffa7538ed3179b7580e

                                        Download Submit

                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
                                        Filesize

                                        410B

                                        MD5

                                        631c4719f3874d9a2d49e0040abb8762

                                        SHA1

                                        05bd437f374bb53f312a6294931e0c7f694470af

                                        SHA256

                                        0056057ca5daaac27f2d2145ed1f45e6b089dee2b2e0f44eefa137b0cf0e607c

                                        SHA512

                                        ff70a89fa34f506fb4ec0ce36f00f67e398565aa86f11c96296272dcbbb15e292be515da4d8d02c58d5c0d3f7cce593a37ba43130504237d428c3298b3af49df

                                        Download Submit

                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                        Filesize

                                        342B

                                        MD5

                                        c1bd51d1fbc91cfba1a3249b50d12885

                                        SHA1

                                        675cc05fdff8a00991ca1db941adbaafd9aad3fe

                                        SHA256

                                        4bf6d756a79bd8be5d4cea0c3826843379e3efc6955cbda1c9844b0e2a720e20

                                        SHA512

                                        27c249f5e27f7adbc2c52508076ee22b0f5dfee375d7206e4955a2cc4e49be183402bceaa6af1aa9425b65d5f032e6b8574e586441a5c74a1a81406a1756b21f

                                        Download Submit

                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
                                        Filesize

                                        392B

                                        MD5

                                        9999a4d50e82ac5d175874a30a95f43b

                                        SHA1

                                        99877357c6f34ed2f1ea73f3084d436c5d6ac287

                                        SHA256

                                        a92ab2559773e4bac1993362e01e81f2fcd217acb6933677a2df6bc9f9ad6344

                                        SHA512

                                        3a6bd5dd2789b6a931e9098c517089c81b45800f5a96ab768873b216a28561f96f6912823588818afe378f242ab3be48a291e6d00fa5c29368e3ebe5cb5657ee

                                        Download Submit

                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_A348BF23A300F99B75A74D30ED4C5443
                                        Filesize

                                        402B

                                        MD5

                                        5ad13412f11ecc6893459a01db7a884f

                                        SHA1

                                        44a9bce7499c6238006519dce1b3bb17d12327a6

                                        SHA256

                                        03b335525f9a4037e15e32f414eafaf8bbfac3188d1c4fde453b6cbbfced1399

                                        SHA512

                                        b3a754162c3f16c8a484d2cbb1d76b247da13f36b40a2079e580ca789e7860567c6b31388e1055afdb155523ff13eb5af3e326f57dccaaa96b11e4af2aadebbd

                                        Download Submit

                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_DD5E18651A85E635F184F73BE6D3DB70
                                        Filesize

                                        406B

                                        MD5

                                        f34376cd1d7bce5f182fa8b374d0e87f

                                        SHA1

                                        29b59af8c321401a25db72278dc0c881b1649e15

                                        SHA256

                                        5b91dc0f11c56695fd88ea2e88de6a1ad2cfbfff4bebe9551e3a030a06947ab4

                                        SHA512

                                        a2a312c40aafa3fc90d9e17b6c676d7f45ebf96304dc826d0e9ec199568114e6c3f561ab1ecd38d3cdeb6db226f31b76724a696835aeb58038856ff2896f18c1

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\J68WO16O.txt
                                        Filesize

                                        601B

                                        MD5

                                        46415e647ca0f027d89ac470989ee3e2

                                        SHA1

                                        0c7cc9e06f9d6e50ab1a7d76f2ded15a3f360a86

                                        SHA256

                                        daf2145acb161c1b0a32ce685c1cd21f5385d835f06644d78dde88cf9c8a95e7

                                        SHA512

                                        5044bbc2fa3ad467cdc9489aa015a09034ce2dc9081b8c6d5b97b01b8c52d354c16c3833886be184f830cc95ea59e8c5795cf522fcf53f72466861cb329a87f0

                                        Download Submit

                                      • \??\pipe\crashpad_904_WVUZLXXMLNRJHEAB
                                        MD5

                                        d41d8cd98f00b204e9800998ecf8427e

                                        SHA1

                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                        SHA256

                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        SHA512

                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                        Download Submit