Overview

overview

1

Static

static

Cancelatio...4.html

windows7-x64

1

Cancelatio...4.html

windows10-2004-x64

1

Resubmissions

14-12-2022 15:53

221214-tb5x5aad59 10

14-12-2022 15:51

221214-takkssad55 1

14-12-2022 15:47

221214-s8qc9sad47 1

14-12-2022 15:43

221214-s5989sdc2s 3

Analysis

  • max time kernel
    90s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    14-12-2022 15:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Cancelation 2805431 Dec 14.html

  • Size

    333KB

  • MD5

    b63e330eb0f58fdbd12c38247e99dd38

  • SHA1

    6ea53029c40acb462b6b58f185025041b15e5406

  • SHA256

    0b391821f77915a6e73a9b8caf414cb7e0ddad66e87cade38d20e44d5ca5fe6b

  • SHA512

    d7cc2ff091b4ffd03243c7fdbc18caa42a63ae1af951bd24811b98fe699481fbe58539b97a114683f22c6d4159b069bb3722073858b73b262fffa2892831b6eb

  • SSDEEP

    6144:bJCHs8Ctu7ggxoXujqn1tyR0iv7eTrvuKUiq64JQrUWbq/4KJ:bJh1tYxhjqn1tyR3AzFUO4mu

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Cancelation 2805431 Dec 14.html"
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:944
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:944 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:832
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x52c
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1588

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    265ff01ab9d84f3f12028e5000b0edad

    SHA1

    4c97929892a7466a086b11ad22f268931e39682b

    SHA256

    417d70d57dedcf8de22d35afeb189ff08be6b241a7d06d761304a532652b83f1

    SHA512

    9436bc3aba18f0cbe11b19c6b056803a59bf45b762c1e9cab031ff559f5f2c0c72889802d4c6820460700cb3c9b73cb19f307f294db50a43235fee851f4473d7

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\JJ9EY1MK.txt
    Filesize

    595B

    MD5

    0fbc5680d89fd6038af444f14908f75c

    SHA1

    ef9611b61dace0b78a114ff32efaee15500babcd

    SHA256

    fa35e25c05d728f27b6af0040253fd7aa6a06af156714d75fab2467974c1c00f

    SHA512

    71676f1bc91dca0c5540536d38c602d8c0d340658afda8204081846f544bb7e7cd2d270dae4014a749f3ad76711863cdf2dc11251206d8385ee1405442201d01

    Download Submit
  • C:\Users\Admin\Downloads\Cancelation 2805431 Dec 14.in3po31.partial
    Filesize

    241KB

    MD5

    f27a9cc9679f21a1e1d6432ee6e2a18b

    SHA1

    b18e2ccc877075a4f570e09035e738975f2f0bc4

    SHA256

    3bd9565b4913e7f39cefe1024d0e400c3fc29b0e4712789bf30b94c2b2fc20ce

    SHA512

    cc8c4456c722bb033ce32aced145f6833730370487c9efd42d4e4d49d95a905980aefdb5fe59ba5254b15509b7433710d9c539bbe85aebf5bcd3a76ad84f33a0

    Download Submit