Overview

overview

1

Static

static

Cancelatio...4.html

windows7-x64

1

Cancelatio...4.html

windows10-2004-x64

1

Resubmissions

19-12-2022 09:03

221219-k1jlraef58 1

15-12-2022 13:27

221215-qp27lsfd7t 10

15-12-2022 13:23

221215-qm8xdacd77 1

Analysis

  • max time kernel
    121s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-12-2022 09:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Cancelation 0163560 Dec 14.html

  • Size

    333KB

  • MD5

    71b7bb5cf66f666c36dfe9c591ba9662

  • SHA1

    94b92cc5978d5bb72632bd97d65c5ad6ce195b03

  • SHA256

    1c7b03124e95748f2d00745e2adf1e9e28cb8ec524e8c14e56e92dba2d145581

  • SHA512

    3afe873800c1a138b31a0b2e469c874b51e333575af844b6733fa6a9c9b63f064f3e35dc15d74d6766af5fe91fe0e6accc9db45878b70841e4dacba6114656e5

  • SSDEEP

    6144:ZbHcjyHkPdw+2pY1AWq/z2YW8mMo7MUj2sXs7W5yAJ:ZbcjyH+1iaYnq4Wkm

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Cancelation 0163560 Dec 14.html"
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4404
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4404 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4808
  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:2204

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    fb4fd6eb88e9ccaa7ac2f01f20f2e92b

    SHA1

    f815f8837219c62fdc707060ff5db59026f321dd

    SHA256

    4661da0b257116dbb70c1b901004e85312b78102c65be48adf48183e8bdbf3bf

    SHA512

    58b377cc3d7362d07d1d4d8fa344e766d55c72d91f0510d423b36a709760107352659782d65c3419b2ddda2af629da6085d36c1f44e721ae3189ac1f27476c83

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    434B

    MD5

    3839e347f5c91b25bca719019eb5b0d1

    SHA1

    3baa14323d65ffae19e762392c67f61d188ade0d

    SHA256

    864d915465fca62bc52a95f733cf71392cb836aeb9d82cadb405484d1f304b8c

    SHA512

    b01bde0ebeb11510c3c68cef40e067dc01114deb321e2b260a6de7be126479bb42786b89df5ae514228c954f05e8aeea5fd9abb6e3072353612dc125362ab0f9

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5L546K0V\Cancelation 0163560 Dec 14.r8dqt93.partial
    Filesize

    241KB

    MD5

    1c72db11fd45565d6d0353771eb1ba70

    SHA1

    c234ef753f22522749e777acf189228a140281f8

    SHA256

    5b10007bc66a326117b9576f55b7b6ee989ad4de7eaa1c1b1ac873e0bb0d6e99

    SHA512

    7adb8f53c090970e32c197fe67da8ccef64e53da228f5b8b83f5f2361768006b0e9c5c763de8ba64f2302144197bc3a45a2a9dab50d17478a9ced1fd4d648e44

    Download Submit