Analysis

  • max time kernel
    134s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    08/03/2023, 06:41

General

  • Target

    email-html-1.html

  • Size

    721B

  • MD5

    7fefdfcd443aa22909f65e6c5d1cd945

  • SHA1

    e31d2a416a266710fabf1ae44a6dde86eadf7fe8

  • SHA256

    71bf725486ed6565075b8cfb2ecdaaf91123d1f6070ff5971855bacf3c3136a3

  • SHA512

    3f0b35d2573af9d1ea86431594b439066829d9f014aeb895aa94182346f68757e8e6065694cb1a0f3f4ab5d05215f931aae397c6080952d36ab9d940f417ff58

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\email-html-1.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1392
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1392 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:916

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

          Filesize

          61KB

          MD5

          e71c8443ae0bc2e282c73faead0a6dd3

          SHA1

          0c110c1b01e68edfacaeae64781a37b1995fa94b

          SHA256

          95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

          SHA512

          b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          9f336ddd84af768f0f0ef92395bf7bae

          SHA1

          6faba305843545d685fd0cba635eac67e2a35484

          SHA256

          e77303307a84e2a21524fe49cb3e7564eedf57484ecb69fa7cbaf3c86b81494c

          SHA512

          e30d816681de95712312e9b016c1971ab0d98d6e57b0e2ba94bb4b13e680cf9728bcbcc0f875c82e73c647edb88c4da42888c87e6301638752aaf7ac8e2c9378

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2bfbe5b51fecb9f4399cbed9aef573c6

          SHA1

          e341d3bcaccf38dfbc460ba55df530b804b1b236

          SHA256

          30d8d517b5d2ceb8634e49a890616aa8cb75c7676b26da86e005a08a04039337

          SHA512

          799a2393dc4a873f790c7219146b96007201ca8444fecd754d6b783cfec6a00fa67c1800f990d0962abe54ae8b65760492a2ff54b5a6a4db8d66652aed90b4fe

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          36aa69724c993f2bd354508ea7326c40

          SHA1

          48b4a42f7b3456684e810d0e75a9bee9358847b5

          SHA256

          f0c2ffb2d78ce3ae4875e29daa25ac87a2ec7deb9a7d14170d74371b0ee1d743

          SHA512

          f95e5e611e8e80c4e0baa4ad50e7522e96d2315a4725351cc2cba550ab595a1af0b1becb2b2f5c06d4246b3ca561930ed9fbacbba04d10ff0f31af68ab94bf60

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1fc169a29794f222796b2b91b5a4d69b

          SHA1

          47bb99f2cced260fb8245c70be0380295c55503e

          SHA256

          6e0c18204c951ee8577114f1ecf497df5e92f788edb3ca9c1b08f993a07f3d5b

          SHA512

          97f1b8b668817db51cff1903856c63529438939e9c2c747029f64f739aa0108a6d8af6c8c92ca1f5530f833fb6101c931ea01b3855138f7c8ec10b40b4560421

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a0cc297fd8fb1b685877bffa94752155

          SHA1

          5104d802fb242375966c812242573f42f2117e48

          SHA256

          d56ae6b80473837768c26804362150d0f2ca030a355c98edbbe0e2103c2e9f26

          SHA512

          1fb41f31b5ee5c678ede226a9b0a93413a91c8044c6c585b8b0fcbf26b27a4276c5333837f285231ba5a49ab53f3a4c8192b41bba3de3a6cc1516ecf8337aaf4

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          3066fd262cdce7296d76f0d0a81ea705

          SHA1

          4a7736282ae3603d02529e1f249806ef977732b7

          SHA256

          7a1c82b206d8ac6c2e5bac2370d8ebb3724c3c8ab268b7986d35908a5455a0af

          SHA512

          16a41008e5e48d40ebb868d90dca876257c3811bad98e5f7c93cde203473c037160cb2b01c373f6617a4a119470265bc5dc548916412005531ea05d0cd4a9ce7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a8fcc15d44907ba29505b4234b6f12de

          SHA1

          f08266d009291c76e961d6068388b1d4e7179674

          SHA256

          3f8b4d3bbbb95d1d475ffa7aa30ecbd48c96dc847901e34e78da74716697f571

          SHA512

          3e3c53c95f806834245dc32f3e1df1fc39316fd83c335c4ed2b3316157557b412dea4446b77e39fe4743a0fc70962dd51a2b071843353c8826246d48362b5b05

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          103db54cd4f766c3b417831ef7eb1d5f

          SHA1

          50278c050dfd844020ab401f0e7044aa051f3743

          SHA256

          5f66b8ed759132a52f6355f0301deb0b0962b3b3916f5a0c89026b69eaf9e3c2

          SHA512

          e3f197e6be283e76bcfa29db06903de05898ccf6e14860ef028c2e03f7b6ddb1a889c3e34b6eef86ca9acf16dc2a685d51a4c0f4d082b62beba073a68e00f2a9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          88ef6a71c8fc74e207023afe3b3112b7

          SHA1

          4f5d2f1dd3cb673a0ab75f7f43a145a73dc74c00

          SHA256

          838b9699b4e56fe567acbbe9ca9dadb7c7242c8c0fa99fd0f26e475a34ae43b2

          SHA512

          1f1620da1efbc6fb6619781ccf3aa62e0895a4162da98b12ab51d4cd9d082b8e0fe04ad296df82433967bfce6be8262475461987a6eaa13b20cff9d95d208a2d

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOYUJSME\suggestions[1].en-US

          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        • C:\Users\Admin\AppData\Local\Temp\Cab41F2.tmp

          Filesize

          61KB

          MD5

          fc4666cbca561e864e7fdf883a9e6661

          SHA1

          2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

          SHA256

          10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

          SHA512

          c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

        • C:\Users\Admin\AppData\Local\Temp\Tar4545.tmp

          Filesize

          161KB

          MD5

          be2bec6e8c5653136d3e72fe53c98aa3

          SHA1

          a8182d6db17c14671c3d5766c72e58d87c0810de

          SHA256

          1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

          SHA512

          0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\IOBLSDLN.txt

          Filesize

          606B

          MD5

          1ccb3f10d080413f498879f0989421c7

          SHA1

          9e6e02e8e31c2d143b2e3b79310b24699dc88848

          SHA256

          5458b44d0634d1f133a7c9594c84dacd720c62ce563db5fe9f4ec48877ab4d3b

          SHA512

          e732102d5e41087d0168631dc796a2bb040b845fee313bcbaa12cd0cdf311ef63ec9704edb24c6edb421b309d61fa1769fc31586b1366d3980c5002ee09a6fae

        • memory/916-55-0x00000000026C0000-0x00000000026C2000-memory.dmp

          Filesize

          8KB

        • memory/1392-54-0x0000000002340000-0x0000000002350000-memory.dmp

          Filesize

          64KB