Overview

overview

8

Static

static

URLScan

urlscan

1

https://www.microsof...

windows7-x64

8

Analysis

  • max time kernel
    112s
  • max time network
    114s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    27-12-2022 23:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.microsoft.com/en-us/download/details.aspx?id=8109

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://www.microsoft.com/en-us/download/details.aspx?id=8109
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1748
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1748 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:672
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:1144
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x590
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1420

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      61KB

      MD5

      fc4666cbca561e864e7fdf883a9e6661

      SHA1

      2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

      SHA256

      10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

      SHA512

      c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      61KB

      MD5

      fc4666cbca561e864e7fdf883a9e6661

      SHA1

      2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

      SHA256

      10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

      SHA512

      c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      0ced3b941599b4264e711ee5b8a6bb67

      SHA1

      1bdbc760955632c3f86e762c8204ebb8a02959f3

      SHA256

      a1d95b8f34ebd5b62d0ee939546109b5bb36ccb472b46468caf381a4ee9198f5

      SHA512

      f88b097c102d954bedc132c8b3633fce2ca1d521e7f792f5d5e3dc379f10991a7a58255c8f624822ae0a1c37032a30feda643a0ccafc0ba842149c607ae01dce

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      304B

      MD5

      241d6dbe9fdbd6c4e10176d7c0e2e206

      SHA1

      2b69ed155ac32fb7d6a813b3d0c433775f9bd3f3

      SHA256

      7a6eabadcfdc93d432f9f3f1eb386031e0c9ee956ae6f92fcf09be6e2cb8d856

      SHA512

      c4c48e9d1ced32e1c81cad3473bcfeff2a73be658416f85414fff80a8e73d533b9f3724cb7aa01d5424f3a7c7d36bd9a08aa891acf7c648e15a05e2006766ffe

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9b41c68c6aff4dda1f67ad3233b04721

      SHA1

      708a5b04d0ad8c839ce1adf1131872141f02463e

      SHA256

      b2d850a7c39437d6763d37ee6983eea464f55432605528588612af9af1ea4d89

      SHA512

      c6632371828a4a16fad666ca4041cfea0cf245f0a8e4e788ad864b600e8df2a16dec6dd05a9329c50e131f062b7bd05946e9b54018e9d82c4407ca7d195c1458

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      242B

      MD5

      db88f7afdc55325c5af9270cad45a6ad

      SHA1

      a12a2689b2e2aea3f3cb064d50146b9dc9a16cdd

      SHA256

      bc5c217c9e6dcde63720ea745fb5f58f09b038d82b0a9dd76056776a73c75adc

      SHA512

      8841ed68581a96168f230ca5aa68538c059b1ede0fbd2b5c0dd0fc9e4d552115fe4f891bb8b69a0895691d4f0fbaff3dd45878d8086abf6bb6901724da06803b

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\mlf2v8h\imagestore.dat
      Filesize

      17KB

      MD5

      39fc6f1fd8438884d077d68a03f151f2

      SHA1

      56b74b421907debfcfa8d103413e05fb2c5441ea

      SHA256

      0d88a0431f265eb514bac6a3c0ae40e12c91594cf45cf3047b4f40d5e0e5dcdb

      SHA512

      937b15ef285bbcd1b5b1686eaadcd18ca6a75a7b9fb262fd19d0d75dda5da88eb4f900a93cd02bd4c1f3bc185e058033cdc0b24cfa57bcd7f53aff87051502fb

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YT1AL9CX\directx_Jun2010_redist.exe.cayo9m1.partial
      Filesize

      95.6MB

      MD5

      822e4c516600e81dc7fb16d9a77ec6d4

      SHA1

      7e5d2e5e1a13fbc47f990cc55cbdb428cd12f759

      SHA256

      053f76dcbb28802e23341b6a787e3b0791c0fa5c8d4d011b1044172dbf89c73b

      SHA512

      04c6347e6db6cff037a1292a88bf062c3e4042fb265a665afdbe7616aed7936f4955a35637a86c30332731762e0052b6f5c721f9fe7682d147e0965a7fb77a63

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\FYGR9MP9.txt
      Filesize

      968B

      MD5

      f6d0eac41ce5833ae761fd6bc85395e6

      SHA1

      ef2bb6c4cf8739f355f864e35d28365c43bb3976

      SHA256

      d68362c17fa9fa40257b1ceba3aabb616cd3ed669d58d096073bf3bc0c2bc33b

      SHA512

      568aa1e16ed7c95a622c7449e4c1bf01e0668d2abc35cb56123c073389696d0cf9f13a17bab6f1be22c300b48abfb97c70603be3fce686ee81c455d1af3c20f1

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\HAXYL8TZ.txt
      Filesize

      1KB

      MD5

      01a039ac5666e747eabe237f7f564819

      SHA1

      42a0a6c102e4af9960a19990c15634fe6a7359e3

      SHA256

      f246eb835c28c6c620e48271c840a76e5faa3d122728b5ec5a924512b9e1a4a6

      SHA512

      bc57fb74bbbc86a6a9aeee93210903f1b42b4485157402233d75ab5f0e469f48d92dbda8b06803bb972f2dac9469c0321961da34991d9b1360a46556cbc951e0

      Download Submit

    • memory/1144-65-0x000007FEFB7F1000-0x000007FEFB7F3000-memory.dmp

      Filesize

      8KB

      Download