Analysis

  • max time kernel
    134s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    08/03/2023, 08:44

General

  • Target

    email-html-1.html

  • Size

    7KB

  • MD5

    b571305d4066b0a0af515016ab53fe5c

  • SHA1

    894f5d8fde9bea13ba2751e61f77b55b526da2f1

  • SHA256

    7ea5ced2ea813b1a4e99e59dca9cd41d4982c3cd2037c5aa45c74006f2dbc547

  • SHA512

    cef7c2c3970c0f33febbe5d77e4ffda7e200ff1ca001d811d00b13eabc870eedd506b48c8c6891a846fc6595331ed4e98e19dba4d146ffd7668bb87ab69a02b0

  • SSDEEP

    96:/v32fQFMSsSGSdSeS/tSItSgMiS/UBSeS6wGMSrSmHiSCTqH1cM+UqH6SMheofk/:332fQeXNyvoPVquvRIQjCTI3+UmScFZ

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\email-html-1.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1052
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1052 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:684

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

          Filesize

          61KB

          MD5

          e71c8443ae0bc2e282c73faead0a6dd3

          SHA1

          0c110c1b01e68edfacaeae64781a37b1995fa94b

          SHA256

          95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

          SHA512

          b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          89eaf8bd9107a7f6a33c744f659357c0

          SHA1

          495fd0ab6434364c9fc62d84a610999f94e71c23

          SHA256

          3adbf3a37d7c98a6c46b97194e9f60bfc27c66e6751438663b578231264f09dc

          SHA512

          0089cb33aee149cfb0593380a30271c57b56583e4865a9a97841e0c635f0e84fc0e920d6c414e49cdfba1d662f4239ff8b0e426c910cf6765fb262ffd361b4dd

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          07a15a37c1364f5848c60dad195a96f4

          SHA1

          65062bfb9b36229a50a50548f7f3a59f8b97f329

          SHA256

          4607a38ebb4aea26f143d2ecec613352a1ca826e6bfc2b3e4cfda300533096c9

          SHA512

          9ae473513dda458ff1f6788f63fb2cc2b9c363911fccf828aa8b5db85ea7b752f717968850671470f29e36a906e677413ca1b13387aaab26081642d534941e42

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e5960eb7a1bcf98c16f6f34f4d1de06c

          SHA1

          9c12bf81ee1fd9180a7f7134d22c801fd718efeb

          SHA256

          8d054f11b19e3cd269f430c1debd8f42b2992a02c8764ed74d2284e683ad8ec0

          SHA512

          94820b19f70b08c688591ddd0162128e0d56a6208d53ce9d6758c2d60bbf62830c00ce94189e6bc1fa21af0eb787d368f7a8d45d5f1af8c42ec7cfb17ed96d1b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2b2500d68dcbbc6d4aaf1d8ab7f686bb

          SHA1

          05deb48e5f5b20485fe20b88a74025f57c3d4bca

          SHA256

          12d22cc717894de9a6ee88141a216d55578349fdc2ded3320411b2b93730c15a

          SHA512

          2b69e8326ad1713147ca80fc8ab25d56ec36ccf25ff39674fa3bbb9ac56cc2c0eb1ad34261c1bd1e92f419c1de5046cbb8f904a63a224e5fc8773ed55dd26fc9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a039dae7785baf837624173b118b59af

          SHA1

          bcaa26726c1c30d794c2affc4785c03b491dca0d

          SHA256

          5e3f3e4e45acb8aeb9d5eec39d543451940b6494d56c2a0106228905168b84d6

          SHA512

          52028e9969545a4fecdfcb6f197a6da048e10a02a3a27b7c0d39889c0b83a1778506c66a1891d4c4c9bc1559770c18315fc3ce01ed029d42dadb4c6c38e1b571

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c19aff12b3dca15aa4e8bc30f97256be

          SHA1

          2b0b5c14bb5c23f86b122874ddc5d8b84f800b02

          SHA256

          bdd9c25a0c21c8f248c94a01a97974b4bfad6ccc5f9de35392d3bf1a800e7771

          SHA512

          4d88ea9253c142dcc679abc8cf437253be6969526c2ec3cfdb54d57d4231358b75536a1d96690a1cf5a8fe49e12304a4f72d3a35f22cb002ddbe2b5a004fa5b6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7a0f66ad55108dde9fd3fa595d0d2a72

          SHA1

          260bbef511d67392feb0b491139e128fb31bb62c

          SHA256

          3b9196cc50d5ac0ae5f1f62d3db2eb8f237189806f0cd2ed3655bd220915cbbd

          SHA512

          21feba869458f910222f1b8fa21b87b0634bc57c104ddb59a51baa501b589a08b6c21cf10f6e59f41131ccde70b9a5364808e5f6ee53031c2d9b2a80106bbdb8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1fd4fa200a91b162022d362186497b52

          SHA1

          8e705f7053c7943d7d3271c3a9f0d8a3155cb4b4

          SHA256

          98cfc337b98bcb57f9684271aad2eaa1ec4e56681258d147c22de338cfef0556

          SHA512

          b2a205dee493090443be7837d6ee5c8e6280ba1316793d10e3223f15d8d5c8e9079c4b21e61e50d58c860eff5caed5eeb0e6f75021f17a53a2b25dd1b0ad187d

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOYUJSME\suggestions[1].en-US

          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        • C:\Users\Admin\AppData\Local\Temp\Cab453D.tmp

          Filesize

          61KB

          MD5

          fc4666cbca561e864e7fdf883a9e6661

          SHA1

          2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

          SHA256

          10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

          SHA512

          c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

        • C:\Users\Admin\AppData\Local\Temp\Tar497A.tmp

          Filesize

          161KB

          MD5

          be2bec6e8c5653136d3e72fe53c98aa3

          SHA1

          a8182d6db17c14671c3d5766c72e58d87c0810de

          SHA256

          1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

          SHA512

          0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5H6IAMI2.txt

          Filesize

          601B

          MD5

          4bf27cf657b2c6b9023e08f5b90cab0c

          SHA1

          4ed2d91e408e9e8c00fae8cd2d17e6445e995dc8

          SHA256

          49492d8c2de4914df81fe79ae93834096c35c5642f00f967bb386d7ae60230bc

          SHA512

          19776a54694a7883166df8413a1c2fa0fd6121f17389d6895c619c0c38b5d1169d77a9206e075665868d7db034af9736bc3052a236983accad4dbd2d135067ef

        • memory/684-55-0x0000000002D00000-0x0000000002D02000-memory.dmp

          Filesize

          8KB

        • memory/1052-54-0x00000000029E0000-0x00000000029F0000-memory.dmp

          Filesize

          64KB