Overview

overview

5

Static

static

Remittance.htm

windows7-x64

1

Remittance.htm

windows10-2004-x64

5

Analysis

  • max time kernel
    95s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    29-11-2022 04:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Remittance.htm

  • Size

    266B

  • MD5

    995b65b96e6d62f5f15232cabeee227d

  • SHA1

    e9c55fe6c03c6d6e3384c47589b11fbcc09f4dc2

  • SHA256

    3cc6860519543b336cf74baa4e89816f3cb58f6ff7c71646e8ea142a3b7c1236

  • SHA512

    aca62c3c63145e264d9f80eee5396322ec8807776f277693418eba7599005512632a5ce911d841322bf64adbb244c01d49206f10b71855bd2b757b948672aa1e

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Remittance.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2036
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2036 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:596

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F
    Filesize

    7KB

    MD5

    64bd9a644bd182581368e3ce024dad9a

    SHA1

    1520bd16d65200bfa86d889eb88f4f62a65dd007

    SHA256

    5814095df174f580f08019718d2f8d05177276906620e36564588ba4b19ddfdb

    SHA512

    af1ec9959334ae377a1b199a44ec31a3cadc1273512f8a2644eb8b3b21f24d4afe1c0515a3bb685bd35a0856c2d6383504ee7e72ae67f87f3bda0a8ff91ec5db

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F
    Filesize

    232B

    MD5

    25073b49445a2c7f5f0393e84b1c7194

    SHA1

    3c013da1c0c12635ea0ab4bfa6537cf58c4c9fef

    SHA256

    0b55ad072f5f4da7676ac845f61a49c4a9e98b63cf6301e590c04cf3fe5feec7

    SHA512

    e4ec3cc49b3e6729e6cc022b150bcf2e0007da59d4721ad176dd56d5d512acd2e7e410d8cb71543e627a447cb0d55c2396f5922f976eaee7a1525adfff08235c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1f11778913056c2c09683d2e5ace0a5e

    SHA1

    bed0b6c9761a6aae7652c9d0665a66663feb9f37

    SHA256

    78f31914c2f8fb761c139bc5a8d75aa6fca3a09a73ded35ab147b2cbb10d19f5

    SHA512

    b5a808291763dd7fc57ba0313c0d3d8411bb06e5567b91669fe8e003d7032dcb51fdaa19d161a216a87704e5502eedff32501a3396c3c3c08eeaa920b88ee35f

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\try74lz\imagestore.dat
    Filesize

    17KB

    MD5

    50a59dc7476f8b59055cdc2045d33bd4

    SHA1

    3485805db1f79c3b6cdd9d230c1694c18314dafa

    SHA256

    8799e7b35dfb82a127542658ca26d7515426649acdb99fc4e5eec3c2b1d2b026

    SHA512

    80057da562f8edd72c84ea2d3b0d982e8b00b360c31fe2968a61d3c757fd0f59a0ca03313374d0b80826d3254c3aaa9bd0b925576806a87eff2cf5d96c74cebe

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\KR3GOCOG.txt
    Filesize

    608B

    MD5

    3b7578b1c2460a0f69617caa0c70bed0

    SHA1

    a60457620b53992d6321701ef894cd9a4761fa29

    SHA256

    28abda7e45149ab42dd1bb1b6ba39ef0c65ed53653ae4c454bf66fb027cb07b3

    SHA512

    50c5281acb508eab941de10f6fe8c4280ec2074c6aa09e5e6aa253bb7753fc05a96e860435c5d07cba373486144caa77e8bdd7fc90772cd2fee828676a82286f

    Download Submit