Analysis

  • max time kernel
    82s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/03/2023, 08:44

General

  • Target

    email-html-1.html

  • Size

    7KB

  • MD5

    b571305d4066b0a0af515016ab53fe5c

  • SHA1

    894f5d8fde9bea13ba2751e61f77b55b526da2f1

  • SHA256

    7ea5ced2ea813b1a4e99e59dca9cd41d4982c3cd2037c5aa45c74006f2dbc547

  • SHA512

    cef7c2c3970c0f33febbe5d77e4ffda7e200ff1ca001d811d00b13eabc870eedd506b48c8c6891a846fc6595331ed4e98e19dba4d146ffd7668bb87ab69a02b0

  • SSDEEP

    96:/v32fQFMSsSGSdSeS/tSItSgMiS/UBSeS6wGMSrSmHiSCTqH1cM+UqH6SMheofk/:332fQeXNyvoPVquvRIQjCTI3+UmScFZ

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\email-html-1.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4868
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4868 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3144

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

          Filesize

          471B

          MD5

          90884e2bd142d691c86f7ceb558b3271

          SHA1

          c8a2c0c342259c59840dd9a5803da7be527cbea4

          SHA256

          d3f2acb4126c4b345cd17f15fad6b0d4bcd23e87c03e1527d655ae54382acbe6

          SHA512

          9cb3c77a77180a525dc5bad372e73a0383ba8b02cef54ba04fcdf5d4eba0156badf42f960525f4bbafc44aad952df48de1de2462f3023f5b38d58940473640ff

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

          Filesize

          404B

          MD5

          730342a1a8fb4fdba960a6551fe582a2

          SHA1

          b63d97a4b17bca1b2cd717007fa48bfc3ff04e01

          SHA256

          0c2766ce6640e65a892d89b84baa5456958ea2653b10aa1d6b5b5aaed17a7e4b

          SHA512

          b47521075c863c7a9a87c0545d11c3ee9f3aa89b1ed829232c4cdffebba9c6e6164299c499c2ab7bea60f59785e91282db98928025ab536821cb59b00ce93986

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver29DF.tmp

          Filesize

          15KB

          MD5

          1a545d0052b581fbb2ab4c52133846bc

          SHA1

          62f3266a9b9925cd6d98658b92adec673cbe3dd3

          SHA256

          557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

          SHA512

          bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\suggestions[1].en-US

          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee