Analysis

  • max time kernel
    100s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    08/03/2023, 07:26

General

  • Target

    email-html-1.html

  • Size

    23KB

  • MD5

    dc66858d0ab79d70fb738ff81105ace1

  • SHA1

    bd5f9c9bc8f1a0560a1536e48bbe3af06a127339

  • SHA256

    c7c781ea2b4571c242c1b631339395e0777b4ccf381f9709d606901639d60c2c

  • SHA512

    84261aafc34849b61237a0899a23f867357f9849603ed1160263ee0528f46a8553a093a5e570e74a5331f808c3cf5078438abeff993fadb42312a77cc4b1ebe1

  • SSDEEP

    384:i71Ce/fO3AtYVSjJjjTPlKnM4foW08aP3YZYvVFvXmvKD32YoziyI5NCc7dM9J2C:fCJnzlKnM4foW08aP3YZYvVFvXmvKD3U

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\email-html-1.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2008
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2008 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:340

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          334123d9288af17eb6941aef45945e71

          SHA1

          7baf8d696c6220e31d7404ac7d90415dceafbf19

          SHA256

          028a26a1df4ca342aa21bea610ce11942a92a3546113f3bff7c6486c24e60057

          SHA512

          b985455fd23df8735ad6fe2d6d90621495433b1b88d5c9258fc10801daf4b6357bdbe06569a71431925d313180e9c485177f4942476c2a14417a9fbff504566a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          0c527c98b557bd2e557000a9e2e7aa23

          SHA1

          ada2bcbe8314925a63bf7ff33ffe62c1fcb27ff7

          SHA256

          ffaccddbc837694ba9c7095d7e38479bfa0197bb293f6fdcff2a6f4e51d14ea1

          SHA512

          53149f753271b6e0a135a28e3a1290ece04df09402420908c95176d96b39a43cc8cfdf134335e4fdb19ddc477c7369143b82e554b9bf9803291d1a596285c695

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b6a69c096faca54985da41890437ac17

          SHA1

          ff46cd4c28144c38a758cf2c3b8c77ea84ab3b29

          SHA256

          f0d4e8077bc159b3a8d4a3dd7e184f2791ea3740b23fed7d463ce8aefb846757

          SHA512

          87f840c46e680b9cdf29299b0ad46b1d209e1e413e7b0aa2726c35d53eb7c995cfbd30510407ce46f3d5b4b303bda3f89c13d9c5e17ef0d838facd9b644b11e4

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          88dc9de9076f65afbc4c54bdd9d228ff

          SHA1

          3987305dd8a624cf919514081275ad6826988a75

          SHA256

          f781ffcecc7ddb39c4927a5d9fa64730b953caa6bf0e5ea22fa9ee8997857ced

          SHA512

          2b190f361c3f62c3d6fe37b5bddc426f949cd5ad9e53460508fb058d55608dff44c5b18c65b5f336f8ceb3c481ab20211aa4e89a5a59adaae16e9a405c96a3d7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          dcbb3fb01c8597f89757b72061348f1a

          SHA1

          946244d6798cfc9cc9adde5fae0b070da7d3cde1

          SHA256

          1786a0271e4031dd434f39eb910f11c0db9c8247e9ec1975c64bacb9f23b4761

          SHA512

          bc6a04d234ec1e3b5f0447491b94bc6b4bc0ea8acace45b557a387687952890a8b388f46a2ecabca06ce6feb142c68a8ca40324a8b06620a2bd1ed3d1dba37e1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          cdc7a08c0ab9754e5d059b133ec1e475

          SHA1

          d94382b4a6ff3889d22852ece01677d2790e1dca

          SHA256

          a311870390562a09a7f74f310ca4de1e39411106c8b8e4403c27ca80c4d39f3f

          SHA512

          593a26769101eca7f17b82651b79d38776b2ac319959138afa1f9ea82463ef1228feadc49f4604b48917dcb6213b88cca1849608788a370189e9c75348e392e3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          f939c2b217c223ce79f7819ca243bd13

          SHA1

          fd2fb6ff673903ab3ec6fbdbf8c0fd3cce46da19

          SHA256

          065a94dcd06c1137088f12f58e59ac744ead1c4f199398b3f919bdd36cdd2980

          SHA512

          ab164d56836a25e4e950eb11e0849834b1314dcf92e38a33cfdacba16e14341adda49c000c762624292617e1c54e9a86ceb1424c0207e20d483d3515098b9a7f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6564c9654c143bfcb6a0857201da6897

          SHA1

          87b4ef6b75a11909308c6fcfafad93294f4de687

          SHA256

          b61c0ffd00ab48526212c130ee01b5fc00a0c57339e71b03cf3ccddb42e492c5

          SHA512

          256e95f97d39421b0cc5d62ccc7d1bc08d9015e3828c312b5e527e84d74ac41b97308f4db055de09824e888dc7d0f7f9cc7ce1134f94afc6cbe06b38f2d82c59

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          38fc34afaf207a675e4d2d49f8f15bac

          SHA1

          565832be6d38f29c61e6e0b37f60669a141aab31

          SHA256

          01facfe4811f6b144549b86cfa4de03f5880abb9bcd79ebd54fb8b7ee33046ec

          SHA512

          4954d59c3baafd6520d0f73c17394972137fa539a33238535f99a29470e6ace565e0f0cd1e1aded7388b919fc2742eb30ae93685b8e8d13dec9d970c83b34caa

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOYUJSME\suggestions[1].en-US

          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        • C:\Users\Admin\AppData\Local\Temp\Cab4EBF.tmp

          Filesize

          61KB

          MD5

          fc4666cbca561e864e7fdf883a9e6661

          SHA1

          2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

          SHA256

          10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

          SHA512

          c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

        • C:\Users\Admin\AppData\Local\Temp\Cab5180.tmp

          Filesize

          61KB

          MD5

          e71c8443ae0bc2e282c73faead0a6dd3

          SHA1

          0c110c1b01e68edfacaeae64781a37b1995fa94b

          SHA256

          95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

          SHA512

          b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

        • C:\Users\Admin\AppData\Local\Temp\Tar533A.tmp

          Filesize

          161KB

          MD5

          be2bec6e8c5653136d3e72fe53c98aa3

          SHA1

          a8182d6db17c14671c3d5766c72e58d87c0810de

          SHA256

          1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

          SHA512

          0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\UNKZDMBX.txt

          Filesize

          605B

          MD5

          d63368d2ee350d6c4de828c0c3c9109c

          SHA1

          7d0d937500f4d7ae0d2c5c94f9604846f876448d

          SHA256

          e3cb2b03f83d407a8a19f92fb7c5eaa0548db275eab0e3fab6c509c7ec5baae4

          SHA512

          00cb6f06bed5c4199a92b71482ee48a85199b42cdc697320e19d0222e00f0304ffe4ded4c827aea1e08d28649816d3c0d85a97a597d1bd810948b97fc4e7fe4f

        • memory/340-55-0x0000000002620000-0x0000000002622000-memory.dmp

          Filesize

          8KB

        • memory/2008-54-0x00000000025D0000-0x00000000025E0000-memory.dmp

          Filesize

          64KB