Overview

overview

10

Static

static

5f21561d-c...7b.zip

windows7-x64

1

5f21561d-c...7b.zip

windows10-1703-x64

1

5f21561d-c...7b.zip

windows10-2004-x64

1

SCAN_DT6281.html

windows7-x64

1

SCAN_DT6281.html

windows10-1703-x64

1

SCAN_DT6281.html

windows10-2004-x64

1

IncomingPa...es.cmd

windows7-x64

10

IncomingPa...es.cmd

windows10-1703-x64

10

IncomingPa...es.cmd

windows10-2004-x64

10

IncomingPa...on.dll

windows7-x64

10

IncomingPa...on.dll

windows10-1703-x64

10

IncomingPa...on.dll

windows10-2004-x64

10

SCAN_DT6281.lnk

windows7-x64

10

SCAN_DT6281.lnk

windows10-1703-x64

10

SCAN_DT6281.lnk

windows10-2004-x64

10

SCAN_DT628...es.cmd

windows7-x64

10

SCAN_DT628...es.cmd

windows10-1703-x64

10

SCAN_DT628...es.cmd

windows10-2004-x64

10

SCAN_DT628...on.dll

windows7-x64

10

SCAN_DT628...on.dll

windows10-1703-x64

10

SCAN_DT628...on.dll

windows10-2004-x64

10

SCAN_DT628...81.lnk

windows7-x64

10

SCAN_DT628...81.lnk

windows10-1703-x64

10

SCAN_DT628...81.lnk

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    09-01-2023 15:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SCAN_DT6281.html

  • Size

    1.2MB

  • MD5

    f0b615c8a648722fcdcc6a1f055c0bc0

  • SHA1

    5e6a22b9044c9d684a3392391b23a762182ef5b3

  • SHA256

    4efc4cc462a27245945ee90465caef589b71c41b33bf6d24ce2e6f74b75fdbe7

  • SHA512

    9a5de209c7eaa3f0766fa0c4448302fd778401da9720347b5a4e5ae10eb6e6a065b7a86391c8dcac1d38f998ed4091b6a21fbcc3ad8f717e1e16737b757e2d75

  • SSDEEP

    24576:dcEyMGTCmlO13OxIZGrntxnlvdcA09Xq3RzKJzIcZBENivdcAEYMfvG:qB8eDnt5Bx+AUBDxFMfO

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\SCAN_DT6281.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1652
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1652 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4108

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    bdf470191c4a6769b83735c86bc6d2ca

    SHA1

    dbea8d53edd104d2db101927fdbd8814f93c4dce

    SHA256

    898b176b737906173625a8fd4074c4cbff5fb0f3c21e1fd3dcc1cb5be6977b8d

    SHA512

    0e7590bc87ad090bfca8707fb1f4e69001b9d923983f64972499f4ae62281310d5cf72f7e8dd3d8c2e78ec2d7310a73c1d4ddff4b29eff0439161b7c8f56099d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    434B

    MD5

    a59b6fd3fa1bee59539e06ea2a64fcc6

    SHA1

    12d4fa651ebef060049e2dfb74db681e7aa4e9dd

    SHA256

    fb9052538bf538a979721894ea09e7bfdf1090d5b78f2ea503fa5b2f5c9ba8fe

    SHA512

    9e85e6f1af01ae9bf7fdd5f70955f3b3e3edb8f399c89e8b4b601596c40d56919932fd75cb7974c0c5332e18f2daa4ba0ace634e1a3565c50ea7a711198c3f17

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\7OMIKPO5.cookie
    Filesize

    610B

    MD5

    05bddd3577ddbd3962ad7f6eaf15bd93

    SHA1

    1bbceb09cea2f381d589a2cb52c69024f93d618c

    SHA256

    a02f80933785227cf4999e4c7521668874911132e94ba59f3e2393d15ccdcaa3

    SHA512

    939b807ad6ac597db58746fed59d9afb3f96a5847c4fe9791572aba026ab1aa4d54e75b22d682d0d8124be754601f93adce9dd8c6abb40b15c3698394edb54f2

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\WQ8Z4HF9.cookie
    Filesize

    610B

    MD5

    4ac8391abcd2d5513748fa46d235af43

    SHA1

    96250ef39250961d01d57e6a8fc1513ae06217ce

    SHA256

    411ed7f6f4ec0e8a3b384afbd917999b701e65b3793e4ff5444b0f4846ff3828

    SHA512

    dd39a47a350deb6aad34f28b8109d6e4bcd0a956bd122d835bce66fef3fb5849e45a7eccc802f3de9030378a89ab6e330d55de884d05e6a582a525c98d2e8946

    Download Submit