Resubmissions

19-12-2022 02:22

221219-ctxwssea96 10

19-12-2022 00:57

221219-ba2vzaha3x 1

Analysis

  • max time kernel
    90s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-12-2022 00:57

General

  • Target

    e4963436-be97-4aff-b3ea-b3735869c783.html

  • Size

    312KB

  • MD5

    75a1afe9efce8d010eb4015b4fecc15b

  • SHA1

    1f20fd519fd1aba34c709cf6f71109b4ca4a75f3

  • SHA256

    bfbf81e27e11025e5b090f813f6c28ea9f03ec247bd3fdf5acb82d97336ef683

  • SHA512

    a448e304f80205f801c5b29ec5befa3c3e13c27603b3dc4e3347b0758c3e57780413a442ce6da6b64bc394aba87fcaadd3c6e840283a91ed5deb2c1ff5d306f5

  • SSDEEP

    6144:vEvF6rfeQQDZT0ybB2oOY3wHbb5BGaSg2rsisHOSem3N/DkSf3Yx1VJSxt+ooYu/:Ms2QQDZYQhOwwHbb5RSprsisHOoAK3YX

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e4963436-be97-4aff-b3ea-b3735869c783.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1208
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1208 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4912

Network

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    fb4fd6eb88e9ccaa7ac2f01f20f2e92b

    SHA1

    f815f8837219c62fdc707060ff5db59026f321dd

    SHA256

    4661da0b257116dbb70c1b901004e85312b78102c65be48adf48183e8bdbf3bf

    SHA512

    58b377cc3d7362d07d1d4d8fa344e766d55c72d91f0510d423b36a709760107352659782d65c3419b2ddda2af629da6085d36c1f44e721ae3189ac1f27476c83

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    434B

    MD5

    ce7fe7182efaba2925303777a0e52a40

    SHA1

    797892dd3d4e7b813bc9926e96b158371cf0d8c6

    SHA256

    ed32b1235eb54bd67ca2d5e26b1ba8b57f218d2ca887bf1c03c717458016ba55

    SHA512

    6cfa9a7424ab88f76c3c5643526fef1bdbc953754dd03caaadec4fe6baf760616b183b7678c04b54e3720f4acfc54d5b0256c1d29e5f4bffd6c3a29988c60646