Analysis

  • max time kernel
    135s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    08/03/2023, 09:16

General

  • Target

    email-html-1.html

  • Size

    7KB

  • MD5

    af52b3b43d6a5e8c9fd2b49a1e6089a0

  • SHA1

    48d6fa01093120c2f8937bf0d32c17ca3a8de201

  • SHA256

    0109ad6284b8c851f80318956877e5aad38db7eed1b346934c13668d41af7f2f

  • SHA512

    5e2363cd33ac088fe6a33b1d906f126e7c390eeef95ea77598a1ebeb05e92fe18ffa090d29b03fe1ea0a7b3dd85a674480c546c873e15729678869522b6b29f2

  • SSDEEP

    192:9prJ32fQeXNyvoPVquvRIQjCTI3+UmScFZ:Yf3XNyvoPVquvSQjCk3+RBFZ

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\email-html-1.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:932
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:932 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:524

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

          Filesize

          61KB

          MD5

          e71c8443ae0bc2e282c73faead0a6dd3

          SHA1

          0c110c1b01e68edfacaeae64781a37b1995fa94b

          SHA256

          95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

          SHA512

          b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6c5f4008b7d8d3165dcda6845ebfa4ee

          SHA1

          0a5b7f36687585cc1928fc393d511946dfe95992

          SHA256

          5155ef7e86a53da64b721c02ceba61da95b10882fabc111c5531511dcd9aed20

          SHA512

          0cf80211eb02ca563d1c00b4d6da2ebc9bf8bff82cb466e50882063d0926f7a6465d38b5d128fbe4ed91b9ee71b22555e769cfc0a5d8a997fa6bc0e5fc6fd070

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          4b4f22ead90045d08651f38dd5a3b92a

          SHA1

          3c6ef25b4df99060de4fecc83e0ce7514457d8c9

          SHA256

          9d6e45730b1f4fd743d451afebb89041d3fbfa6f463d7485264b5a71382336f1

          SHA512

          7bc18daf957ca530d696ed404aa54dfa225d0d73f7063284e5923e9a97001b2a1d28f2de82d1c311456c380acfb2ce620eb6f86d50da1afbf701eb8b6605616e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          73dc40208361fab6971e72fe9e4947e0

          SHA1

          b50b8f134864c29aa5c80542695132228a9f3d7a

          SHA256

          e18adbd155bde1e2883e8326e2bdfcb8c2c64715245e0995325900198b4dce2d

          SHA512

          4983f0a0f8b06d8219713615b21c9e966b373ae8c8a3d44d3733152ce88734eb16adb6ad52c364892b5723e7e796c8291e8d4ed84c47944939f1e03273a9ed6f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          901cc0fdee9181c65cd39eff1d941973

          SHA1

          7e87657fa4300bf031f5eefe4912313f91a40eb3

          SHA256

          fcce04a0ba43652f094588b3bf58dfa0b940df68ca9fa1b266a741f32049baec

          SHA512

          c1298ab58136ed980ee35e69d71e89edc0a2f7bdc18df4a831a2b1c8439cebf368b4a1c6f6a284567e5a0f9904efbbb601abb096598184425db5c12306240c28

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          223f58550766b2a9f2a0c67ed760412d

          SHA1

          f60ae7576002b0ee3df592a5d62cc16ad1be0104

          SHA256

          e9b1eb8d81693e0df49043b5e98835c759e152d50fc65c3f1dd457e150865f0d

          SHA512

          7c75d94dacf2879ca2c4d562c13a51d68da95b5fe7d357c331b7f8b98bb2a13a4fa00cc93411ce71c2d4fb7a18462cdec0cbadaf69f548c20a7c944552a3cd83

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1fb8aac7e74a52df80ead7cf74f1e3c6

          SHA1

          69d66075a281a665b68af5184064babd2ff0e40b

          SHA256

          a39f335586723d62754f0d909eaf9c98595e34a24304c9a9437d2ea2c064e0af

          SHA512

          5d544a60b2cce4cb9f44a904c9f1d9ca1cd8ce293aec0a8e7fd185981cb4da015c91f8f947ce16afef559f42a98f946f2587524ce7973901431eeaaafc8c16e8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          244527499e61d79e8ce975490c420d78

          SHA1

          5d6efa6cbe4a393bc981a6d0d18e33fc9f92d63e

          SHA256

          f6a8404b142a0b93695a482c62411d5c555bd6aa40ac200c7ace309286ba1d63

          SHA512

          74a3001f6e4f0eece881aea9fa3034e1cc16eb0b556872226d555b50745afb0ffeec184ebbb2ff42694130e250d2c511f7715d95cf6eb97063975c150108bd7b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a35ab5e65528f332642968b8a8c089bb

          SHA1

          18130527279075c8c8193958aba23d72223798f1

          SHA256

          8fdbeb55b02108a0bc4c59b86e5bb98c063b489162881fc7f754cdbfb424a681

          SHA512

          7d7ae56c4fd171b7f8e8f6903f407abc9b99895f82d6b0ba8b32b4234e1d250148c183e1000153f43dde46152f686c919a7a1580ceef9e1c1de9d90f9b9f6cea

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          da4fccb1f0dae4d7d784dd8750eb50ad

          SHA1

          f7e3ca51cbfb8a17b3b01e6e8f4c0a43cfdb1b59

          SHA256

          2cba16bb572a66039ddf055db4044fbe71aed0c655f3fda0fc918f668ac49aaa

          SHA512

          961afff88b9357a04ec5346c924637eb56ab2c5a7adc3b434394c3437e0beb80e7b74e85e40dbfd50e44f76b967c11447bccaf1e454d240859dda99e575f6bdf

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TOS3MI7U\suggestions[1].en-US

          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        • C:\Users\Admin\AppData\Local\Temp\Cab408B.tmp

          Filesize

          61KB

          MD5

          fc4666cbca561e864e7fdf883a9e6661

          SHA1

          2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

          SHA256

          10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

          SHA512

          c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

        • C:\Users\Admin\AppData\Local\Temp\Tar43A0.tmp

          Filesize

          161KB

          MD5

          be2bec6e8c5653136d3e72fe53c98aa3

          SHA1

          a8182d6db17c14671c3d5766c72e58d87c0810de

          SHA256

          1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

          SHA512

          0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\W2X8VH0P.txt

          Filesize

          608B

          MD5

          54c0e4da06c36bcfa6d80238ba4ab0ea

          SHA1

          1dab0140fc0c2fae0872791ef70b06ca435eed68

          SHA256

          156b40eeb4cd593074f50f058b51441b02dd29cefb4dd6db04a5fa6c36471ce2

          SHA512

          844bd5e704a85371ba4e139bb185662057f546a54e2738edc11136b854526d4d019fff79d417709306986f9c1454c9d68cb850e9681a363bb2166344f9ee914a

        • memory/524-55-0x00000000023A0000-0x00000000023A2000-memory.dmp

          Filesize

          8KB

        • memory/932-54-0x0000000002C10000-0x0000000002C20000-memory.dmp

          Filesize

          64KB