Analysis

  • max time kernel
    145s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    08/03/2023, 09:39

General

  • Target

    email-html-1.html

  • Size

    23KB

  • MD5

    dc66858d0ab79d70fb738ff81105ace1

  • SHA1

    bd5f9c9bc8f1a0560a1536e48bbe3af06a127339

  • SHA256

    c7c781ea2b4571c242c1b631339395e0777b4ccf381f9709d606901639d60c2c

  • SHA512

    84261aafc34849b61237a0899a23f867357f9849603ed1160263ee0528f46a8553a093a5e570e74a5331f808c3cf5078438abeff993fadb42312a77cc4b1ebe1

  • SSDEEP

    384:i71Ce/fO3AtYVSjJjjTPlKnM4foW08aP3YZYvVFvXmvKD32YoziyI5NCc7dM9J2C:fCJnzlKnM4foW08aP3YZYvVFvXmvKD3U

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\email-html-1.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1372
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1372 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1416

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

          Filesize

          61KB

          MD5

          e71c8443ae0bc2e282c73faead0a6dd3

          SHA1

          0c110c1b01e68edfacaeae64781a37b1995fa94b

          SHA256

          95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

          SHA512

          b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          401f6bd7f6ef8089fd3a3426362cafe8

          SHA1

          5bf597287d898ae21b2054762576e10d543c1b1c

          SHA256

          ec093796aa8eb5f138895013a3422ba083a18fbf43e239b3cabaac086191a1fa

          SHA512

          fe18a0bb840210be8c7c5e0faf4602a14c9c4abfc7bd02a95e47f30caf0ffcd9cfd3d5f65e9972b2edb634783f7042363fba02228f7b52003d152c1789169225

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5c7fdc138725ae3e186c620cdb7f0479

          SHA1

          e5bb01e07cd50413787b8bd0c5cdec016d7000b0

          SHA256

          9002dfe36ba5ccb5ba31e3f15157bc22ff33a0a645eb9ed3e16ba8cebb5aa8f7

          SHA512

          89698e125fb0e271186dd21c683467e86b7fccd0957a619b80a4dce3985f4dc33de91fd9e87f00ee21d6c20b489b5bfc919ffed4e59c65ca06b974083309fb1b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b02ba92828b88879ddcf2c955c04d361

          SHA1

          a485b8fc3bc9b427cd486a5ee274d227be115efb

          SHA256

          a6cbc0831112f4025dd0091285db91f813d08494db6b58711decc5c956a9a60a

          SHA512

          a4f6f22b17cb971d0161ac0eccb2ffccde14cdb400c3bb1f4f8f234054ba149250bdf5bf79de91278c13a051169ae863f3c378802a784e57e290a0520ed0c4cb

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c2eb4e2a8716eab25efb090c0af7328f

          SHA1

          bf9fc278a8059e2a8a7fec3f589f4dc2152a692a

          SHA256

          0c72dbf410f66bc97f2105afda37bbc1230909ba3836d31307f01cf4873df906

          SHA512

          c70ce29b9f699d073e5642367bcdb1797ed1c3016edde6bbcbb86217ac5c21a59ea4e112d9962993e9510436356cf8a4e270efcf4eccc07370e6a7016da535df

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5f6c1903f44aecc27e7de56849ead20b

          SHA1

          8fecc6a2e2195333125b4d29dc59f0cd29a75be2

          SHA256

          c6e6181699d5196911b65ce83adb372067089384704fb2b5f3f0fd475f02a027

          SHA512

          3b83383625ff0c8421657a844639db308a310240bc45f2909ab5db3132e518dae65694da3fe154da476e6ba5841210b056adabeb1b0bf52f6d0940e4fe5dd91e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          ad156bf871587e0e28afd8758633279e

          SHA1

          3c66eb778c9066bce25d27d03efd6387256ef11c

          SHA256

          c2ba8a6a69ca6252353191e1b83633053a100afb036b8a18da1dfe536593cb4b

          SHA512

          2d01a473346915f7fa08f2990415d87e33a05df2a774d25889ddbe639e911c9a5819e1172355b5071329c9534bed0d8d27d03cadb5304ecfcc5e4f80c306ac07

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          0c6253d8b13299fde6a15d248620f6d1

          SHA1

          a837377f612e7a7a4f94af141f9bb57868da96d8

          SHA256

          a422dba3b10ec0d2b491e03d6605e86d3be6dee8dffb4233d593a06f923eb09f

          SHA512

          87c04ac6e96bc068a5a779450d6d36358ef017112e090b950ccdb502d536bb761ebbd38733f828375e3b69834c96f8e5e9823156cb30edeff6243d58e48e51b8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          51f206dd36b1ccb3a0fb2b5cc2f579c2

          SHA1

          b2d4023abaf30691035217e56c84b830d00fa7f8

          SHA256

          baf24273fac423a961826d2d3b757b7e35815078ba1d381d86b7ab62ccc8f433

          SHA512

          db4b4436e2d09c9b9048d59076c24857bd1c89709f89a37849b560bfcabd79f3cbef338bc8134703d994051494da51c8f60c5e6a720beafa0186f34d2e09b346

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7FIT0B8\suggestions[1].en-US

          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        • C:\Users\Admin\AppData\Local\Temp\Cab5506.tmp

          Filesize

          61KB

          MD5

          fc4666cbca561e864e7fdf883a9e6661

          SHA1

          2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

          SHA256

          10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

          SHA512

          c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

        • C:\Users\Admin\AppData\Local\Temp\Tar5636.tmp

          Filesize

          161KB

          MD5

          be2bec6e8c5653136d3e72fe53c98aa3

          SHA1

          a8182d6db17c14671c3d5766c72e58d87c0810de

          SHA256

          1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

          SHA512

          0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\NWZEGKXZ.txt

          Filesize

          606B

          MD5

          65b65878736b8a2e0f75a55fc264bf19

          SHA1

          e7435af065242bb97aa10b2f9eb949cbf5d8a800

          SHA256

          177f2c166de2b31c50ce74284d6eff5f1206b433054bc9809237c348ec2a0b43

          SHA512

          61e97c0204330bdcdcad6a90fb7a24d33837b1dcb7bc262a6496cdd7e534750e75741817097929c84d150475dedbd4af8ebae6bd81628143d4573bff0e8f1a9c

        • memory/1372-54-0x0000000002D40000-0x0000000002D50000-memory.dmp

          Filesize

          64KB

        • memory/1416-55-0x0000000002FA0000-0x0000000002FA2000-memory.dmp

          Filesize

          8KB