Analysis

  • max time kernel
    94s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-12-2022 13:16

General

  • Target

    sample.html

  • Size

    27KB

  • MD5

    7c5abe0163cd5d05919b3da44b682c99

  • SHA1

    44bece316e08d498c9c75fdfd070b372d8f24b2d

  • SHA256

    5840d23b4b4a06536fe7d77b207778741d19d243d0ea724ddd493a041cd02475

  • SHA512

    32e36bf1008026dace4750f5de59c5136d59263d98d6f43b6a7d4d0fe51df17276e35be41d7976727e786935a75982070dab06519c7fae56d195d017b10962a2

  • SSDEEP

    384:CXqaRSz03qRoCh7A9FMEhe+UA+PTNNGfOxXk5es9J88baRE2ImcJKsZWUtE:9BT3BxXk5eqcPIm5sZWUtE

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4864
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4864 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3112

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    471B

    MD5

    59cbf91b9d6a9125354d4e347a6381b9

    SHA1

    11a7a4b4419b4c453a7efe57f3306253c6724777

    SHA256

    9106126edd0af3facd734b8b930f512f0ff1500c91f8a79d558d83efb77e784b

    SHA512

    3550c3ec49dc55f55ab5dd65b5ae8dc5cbb39e669d9fd63540d965620af12880031c11d9dfb46a84eda29e671170e5e499fb6a32bf56bb03b61dd5f82b3910f2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    434B

    MD5

    ba39832d4c0a8565496d66b3d3a662ba

    SHA1

    6dbab8da3c2e3301cb2bc297afb73e5839f0bcd9

    SHA256

    98bfb599c26194b34095b89af3f3fece76793d81924e47ded24795c24982c745

    SHA512

    1669f5b7879b73f12d55a9d0beef5a195653ddafc8542cb53487623c24151630b47092508ac8dfe4c1f9197f628cc1f0047930792cd133c037becb22f9e47cef