Overview

overview

1

Static

static

Cancelatio...4.html

windows10-1703-x64

1

Resubmissions

19-12-2022 09:03

221219-k1jlraef58 1

15-12-2022 13:27

221215-qp27lsfd7t 10

15-12-2022 13:23

221215-qm8xdacd77 1

Analysis

  • max time kernel
    70s
  • max time network
    143s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    15-12-2022 13:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Cancelation 0163560 Dec 14.html

  • Size

    333KB

  • MD5

    71b7bb5cf66f666c36dfe9c591ba9662

  • SHA1

    94b92cc5978d5bb72632bd97d65c5ad6ce195b03

  • SHA256

    1c7b03124e95748f2d00745e2adf1e9e28cb8ec524e8c14e56e92dba2d145581

  • SHA512

    3afe873800c1a138b31a0b2e469c874b51e333575af844b6733fa6a9c9b63f064f3e35dc15d74d6766af5fe91fe0e6accc9db45878b70841e4dacba6114656e5

  • SSDEEP

    6144:ZbHcjyHkPdw+2pY1AWq/z2YW8mMo7MUj2sXs7W5yAJ:ZbcjyH+1iaYnq4Wkm

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 53 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Cancelation 0163560 Dec 14.html"
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1828
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1828 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1616

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    f858ba1a816dd020e5af93bff48aaa7c

    SHA1

    171a4e5f3fc126ed213d0cefcd64639f892cb31b

    SHA256

    e0cbc49b2de6d153786f381793895f2011f0f918cf9c17ccdc9fffa611546921

    SHA512

    fc2a6de8eaa89bdfd8b4efd951e1a06919db0a27fa3ff571804d0220c8ba4797021a162461dc7f065d91146219979f33a821d6b8ff862f88e4ef66871ed19d74

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    434B

    MD5

    4b9720101d049086c35908191a9f4cf8

    SHA1

    a92ee797afc7d95ed5db7dd0087b93c16ca6a86b

    SHA256

    0c353e1ee99a30693c3209fb539cbd84acd26cd16269a126f4f76c9c5064ce99

    SHA512

    2e95fc2c8cdebbbf5ea07474170be9f4376c7a5e895ca111249fccf9a2c5d55478bd1f327921a1ffd132e41ae6641b9f81e27dada7afe78236c8b41c90ad77c7

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U78J56H1\Cancelation 0163560 Dec 14.w4oeghz.partial
    Filesize

    241KB

    MD5

    1c72db11fd45565d6d0353771eb1ba70

    SHA1

    c234ef753f22522749e777acf189228a140281f8

    SHA256

    5b10007bc66a326117b9576f55b7b6ee989ad4de7eaa1c1b1ac873e0bb0d6e99

    SHA512

    7adb8f53c090970e32c197fe67da8ccef64e53da228f5b8b83f5f2361768006b0e9c5c763de8ba64f2302144197bc3a45a2a9dab50d17478a9ced1fd4d648e44

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\IJBF43OS.cookie
    Filesize

    610B

    MD5

    e9e39aa200c1f187f3d0a01b9c864dee

    SHA1

    226c4921d9445e1103226305873d4d0762c4e9ea

    SHA256

    de5bdff33beec6352b2aa9118eada3b0d9e87efacbeba76eb4e1663587c464ba

    SHA512

    6c003bc704eb848ff7f3f306c6754634df386fab66f90f0c29865b2b38a2c053fbf7adec123b6e87b0420a582b99fee0081ccf87acee9d6dc2171796f01819e9

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\KK24TBDZ.cookie
    Filesize

    610B

    MD5

    ace23af6b7ff1fa7597add250912cbe5

    SHA1

    12ae77bb5d59fd7f14d26ed8cfe6f7a4ccda254d

    SHA256

    71f08fb124f5aea1e9402488850d95397c52d9c2b70a80d8a19b6187c8fac0bc

    SHA512

    9ac8663818b90bd00275365ba3a47b967b70614ce791df5f5c4d6e06293520d6d3d065c34e0a5059bb96a7aee045200861fb5a7f0c35bb15084716fd65d261c7

    Download Submit