Overview

overview

1

Static

static

Cancelatio...4.html

windows7-x64

1

Cancelatio...4.html

windows10-2004-x64

1

Resubmissions

14-12-2022 15:53

221214-tb5x5aad59 10

14-12-2022 15:51

221214-takkssad55 1

14-12-2022 15:47

221214-s8qc9sad47 1

14-12-2022 15:43

221214-s5989sdc2s 3

Analysis

  • max time kernel
    110s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    14-12-2022 15:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Cancelation 2805431 Dec 14.html

  • Size

    333KB

  • MD5

    b63e330eb0f58fdbd12c38247e99dd38

  • SHA1

    6ea53029c40acb462b6b58f185025041b15e5406

  • SHA256

    0b391821f77915a6e73a9b8caf414cb7e0ddad66e87cade38d20e44d5ca5fe6b

  • SHA512

    d7cc2ff091b4ffd03243c7fdbc18caa42a63ae1af951bd24811b98fe699481fbe58539b97a114683f22c6d4159b069bb3722073858b73b262fffa2892831b6eb

  • SSDEEP

    6144:bJCHs8Ctu7ggxoXujqn1tyR0iv7eTrvuKUiq64JQrUWbq/4KJ:bJh1tYxhjqn1tyR3AzFUO4mu

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Cancelation 2805431 Dec 14.html"
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1648
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1648 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1348
  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Cancelation 2805431 Dec 14"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:776

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    1592f514f8c0500701faaa1fa20694de

    SHA1

    345e98bb8bf7275e12e633479f83cd39bfcd3f95

    SHA256

    7310a9aea69d2c6940fca6b1c2293e5133b6dd36fccead5006aa69fd7f64a6ca

    SHA512

    f22cae3380b5da061269fca80e9b67bf17224c2b43ba61280dd8ce3597f1ee03b939d53a17fb5d331ba3ed8d10df5f57954bf0903b285c2fd938bcf58a78cec4

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\W0GG67RV.txt
    Filesize

    608B

    MD5

    b1f59884222b0d1e06046c7057fea83d

    SHA1

    0f5be2da6c33ce1af41edf1a04a07fb03f16fa1f

    SHA256

    2f7ea3438faeed2108aa6ab8c00105dfade8a4c2359d69271ad3c37d44c0c65b

    SHA512

    eca4ade947d68902a6bff4c20c4759edee006b02edc44f9c4207a9993a3bbe5fc4243b73824c220bdd51d39a3609dd1b78982222108e50c50c2ce8d8b29da1b8

    Download Submit
  • C:\Users\Admin\Downloads\Cancelation 2805431 Dec 14.v0fmmxi.partial
    Filesize

    241KB

    MD5

    f27a9cc9679f21a1e1d6432ee6e2a18b

    SHA1

    b18e2ccc877075a4f570e09035e738975f2f0bc4

    SHA256

    3bd9565b4913e7f39cefe1024d0e400c3fc29b0e4712789bf30b94c2b2fc20ce

    SHA512

    cc8c4456c722bb033ce32aced145f6833730370487c9efd42d4e4d49d95a905980aefdb5fe59ba5254b15509b7433710d9c539bbe85aebf5bcd3a76ad84f33a0

    Download Submit
  • memory/776-55-0x000007FEFB931000-0x000007FEFB933000-memory.dmp
    Filesize

    8KB

    Download