Overview

overview

8

Static

static

All-In-One...IO.cmd

windows10-1703-x64

1

Separate-F...ot.cmd

windows10-1703-x64

1

Separate-F...on.cmd

windows10-1703-x64

1

Separate-F...bs.cmd

windows10-1703-x64

8

Separate-F...mi.cmd

windows10-1703-x64

4

Separate-F...er.cmd

windows10-1703-x64

1

Separate-F...on.cmd

windows10-1703-x64

1

Separate-F...on.cmd

windows10-1703-x64

1

Separate-F...ey.cmd

windows10-1703-x64

1

Separate-F...te.cmd

windows10-1703-x64

1

Separate-F...64.exe

windows10-1703-x64

1

Separate-F...86.exe

windows10-1703-x64

1

Separate-F...e.html

windows10-1703-x64

1

Analysis

  • max time kernel
    1585s
  • max time network
    1588s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-es
  • resource tags

    arch:x64arch:x86image:win10-20220812-eslocale:es-esos:windows10-1703-x64systemwindows
  • submitted
    01/01/2023, 17:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Separate-Files-Version/ReadMe.html

  • Size

    84B

  • MD5

    574e18c1f9b32a47f988ac91588901ba

  • SHA1

    4c0827e3deeb84cf442e0356dfc1883bcb131fbb

  • SHA256

    8932bacd828c0716b136af6aa15011aed0015e7838006f2cff7a64954a5696b0

  • SHA512

    4c480c530af4218e5ac276228a372fcd799912eb183685f805b6c47b5d6971be42a4dca2baa016425dc2499367624cb70de12d280ddcb7b613001460dbf820f8

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Separate-Files-Version\ReadMe.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3996
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3996 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3844

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
          Filesize

          717B

          MD5

          ec8ff3b1ded0246437b1472c69dd1811

          SHA1

          d813e874c2524e3a7da6c466c67854ad16800326

          SHA256

          e634c2d1ed20e0638c95597adf4c9d392ebab932d3353f18af1e4421f4bb9cab

          SHA512

          e967b804cbf2d6da30a532cbc62557d09bd236807790040c6bee5584a482dc09d724fc1d9ac0de6aa5b4e8b1fff72c8ab3206222cc2c95a91035754ac1257552

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          471B

          MD5

          027df0b91ab13d531f20cbe734581e8d

          SHA1

          654acf48fa8b335801f34d4340686f0fe8cae2cc

          SHA256

          c335932390bedc672598c304c49b1f5797fc7f06fe97703438fbe44d556d6446

          SHA512

          cbc288aad30c8ae622cc5c24d4b221030a8f8277b0f2e5746946b4d12873a9ebac060153c40f4b7ae52005c3ef295fc805e0849f0cf0b9cfbf747114f451d794

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
          Filesize

          192B

          MD5

          b37621871a652f392f395b201d933deb

          SHA1

          f12b089b22661410ac7f5b41bf34434ca484da88

          SHA256

          3fb65e3ee12fa48215fcf5b7c21cf55dbb7a23958e0759fe27efb8b0c00dd81a

          SHA512

          26c8f01e4e9d09bf1ead2d9a4189ac2a32765cd461beea9084204b33c691d93df45b3f0de29b8a5175a236a02e940c9a703abbd7c6255becd044476c2422d738

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          434B

          MD5

          8a88fa802a15dda0a29c99cfe579877e

          SHA1

          ef2bdb79dc4b418fd3c55f711eed8b67e2462b6b

          SHA256

          10f29a5e08db5bf996fb26d604d76ab5dfbf52c99867e69a92a20893931714ca

          SHA512

          06824e97adc300e3b04410ae827d338b1a019573e304c2d5b56f29eee1280fa59e6c48e0f82e2dcd680ea2e939fe7d469465971a9d38a0a2fcf2ecdec7694c6c

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\4BLR2ZXW.cookie
          Filesize

          610B

          MD5

          d0882f214d3a884faa03189594262830

          SHA1

          8688a35cadbd3a5a642b05193529b1c9275899f3

          SHA256

          120d5850a1dbd34a786d968e193db5fd2c97e3b8dead064e715e21b185075375

          SHA512

          ff26c5bed60a7f4aec5ccf4d6190687123a64c974d8f637ea357b7aa149c2dcb84ef96c4f525e6c8ddddf62458008e2fa47b4460c2c7a93529d888067e686301

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\6PFZW0WB.cookie
          Filesize

          610B

          MD5

          7715295358a259126d57b6375a79cf14

          SHA1

          7d598be66077ce9e07488f021811bc139178723d

          SHA256

          33d61dc99ef860376f7b4d66b2db2643ee60d9d9e4fbc08bdf4aa604bb62f184

          SHA512

          380e5f41a523be8febae8f44e438e953d16583e20fbccfdf57caa273253e7e8253c90767103570bd00b9b337637a5d3afa6dc1cb45b01894a032c4539c275723

          Download Submit