Analysis

  • max time kernel
    187s
  • max time network
    202s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 19:00

General

  • Target

    桌面壁纸-高清.html

  • Size

    265B

  • MD5

    8add59acd6d7b416ef59d4c8dc7e1bcc

  • SHA1

    056a6bea7f7b14bc962fa79ce167c2432828cc3c

  • SHA256

    8cef4a991e9995720ecc8751da2be8618d108dbc667bcfaa67f0d7abb0c75930

  • SHA512

    6865ea244a5cd90bafbe2f119b8c25e0cde50b07a7aef210b504fc05ecc334582362e1886a8981237aa365f237bfeead1feaa9cfef8e5e25f0bed5b89c2859af

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 54 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\桌面壁纸-高清.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:804
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:804 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1500

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    581f82cc8305a1c86dbfa32c135533e8

    SHA1

    42a6a85cbe8afa61dfd158bfed6233d95a399e5a

    SHA256

    43f3a0648959ef386a331ac35622c928bdc49c88085e124b5181dbafbf80d6f5

    SHA512

    f88846042c4d00e0fd03506354e82387ce9e544f01aad6a2adc7abded66e53873caac176083d837dda67da02b4d8022f0e470a7753d995026849b0b791e715e2

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1wzfztv\imagestore.dat

    Filesize

    1KB

    MD5

    f5b40ff8dd81430319fd10816a4eff36

    SHA1

    7f613c47c660aa5f1bbef7d8a57e2b4ca1f3604d

    SHA256

    270f139bd6d2573c83ab5b49725d7b0eef7c5c2bac1f8ea5c36b9533ea927c79

    SHA512

    27306caa3ef3a67aa4632b6f8d483bb1ad5df14c5e8570d53c954eb36c81ff11e01875afcb3044702d3125eed92e5c02f3d1f657f6a561d0f532c419d1209688

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\RSEFRNX0.txt

    Filesize

    601B

    MD5

    103447933bfa643380d588630d9d0b96

    SHA1

    93354abf9e7a7253204506e385857b15d9c66901

    SHA256

    30f202ae5bae5e1d1a30f38ba1132deb43b8afb44c634828028c8e7ec9ea1a7a

    SHA512

    a8884e8e4ff29e87bf8d506d407ec7ddb695064b26bae442db04c52e8b68f4631ab8bcb94cab9013760e681df78e24df328092a1fd14c3cc8ed121393234c4ff