Overview

overview

10

Static

static

8

8a60139c-1...39.eml

windows7-x64

6

8a60139c-1...39.eml

windows10-2004-x64

3

Gmail.zip

windows7-x64

1

Gmail.zip

windows10-2004-x64

1

0419675272...02.doc

windows7-x64

10

0419675272...02.doc

windows10-2004-x64

10

email-html-1.html

windows7-x64

1

email-html-1.html

windows10-2004-x64

1

Analysis

  • max time kernel
    127s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    09-03-2023 13:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    email-html-1.html

  • Size

    5KB

  • MD5

    2e75004e9f6446855b1c3043566efd3a

  • SHA1

    a1edfd9c9b4f4cf14574e94548e762efcc4c8f42

  • SHA256

    7a77d940487f5259d969b1f18f5d474cb12095c841de71fd7762b1e823222283

  • SHA512

    2599560cbd0987e9e0d13a7ea70074bb39237da66f6ef355081fcacfd7ebfeb2b47f9b1d9b9d587a63b0478e7f78acb4c05e9e34a36a0c8e6b4b72a64f3b1de3

  • SSDEEP

    96:/d3CQJB9KiUTGq8F+HL/qaUqtRdTv8W5Oe+6WU7:tbKLGD8LDYa

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\email-html-1.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1152

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    852d008aed9776263a113b10947d8ad2

    SHA1

    abb2ae2bf44f66e376201ae98ceb856eb94a2d97

    SHA256

    f80635c8278b6810e16ba1fc796d3dcfa0be7fea606830605771331fce6abc58

    SHA512

    fac94137f5c2a82e67760df73357c6dcca4647278638f019012267186e81d5dab22bb89e25364e78724bcc9d313543c6cf46a2ea49a9bf7b187e259e5819f4d2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ad3030164d8c09dc82479abb3f4d144d

    SHA1

    f62567b185bd77439ffb13128d08442647bd286a

    SHA256

    cfa42ace54eacfec459313e4ff8b30324365a224db97c2320ff43bbafe11c618

    SHA512

    98fdcdb111c1fc61c885ffc8c4a77cc8e3ca933d2930714fcb67d1b983472dfa91ca5d9b9c1b0c5c1a1a541fe19fe9dd4e60fbbc02ea538ac9746174e8ce22b4

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0733855a6956cbf2bae801576b5da86a

    SHA1

    36e9c5dcbb339302b5fae574b4347dd685096a22

    SHA256

    f593f59880742a820eeb600d1e1f8f69496358416cbd3efbafae049a79517eec

    SHA512

    68ac30c6b081bb40cd2ebd09b0254e53c7838403695c6bde941f2e2d78109f6a8c69a36e3c9bc8718bc2ecfa890610357f68bdc4f125d6279717c837dc37727f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e402d1eab967e9f85d14b3018680aa2e

    SHA1

    58a463f812422f9cf505c6b3e24ee98469317605

    SHA256

    dcf22cb26983b30e6efec3f71a0c48f3d1f92f57e6d54ead4aa6bea9397bde50

    SHA512

    b3fa2ae53b02476d52ef1f0a3184c210a8f81fdff62fce15e59d27fb84522842c6a11ebd286f91b18369a0bc092cb5e5a6fec4aaed727e95b8d80c22e46e5bb7

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    46e7a50b11a08f45fdc7ffeba2d4aabe

    SHA1

    27ba38fc6f9984f53486b2549c5235a1367bb5db

    SHA256

    9bdf573363c4bc870b67c0e6fafb71b9da18d038538301fa199f37de8715c150

    SHA512

    424c6fb726601c9bc85a45074c82acd6ba86c65d41ef25274e0c269374fb19d416b295a51eb3c3c06d8c1733912497888c2390e7fc8ad6cd39760093e7f89161

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c1fd6a40f0b96a01b224ef6f8c8c8680

    SHA1

    c878747d0294cb8fa5267708f61a3c2d20330261

    SHA256

    167331e760323f54e90806ea2f8277213ff3c1d9ba1e234060f1be61dd192189

    SHA512

    a1105ce36b1e36709aa29cbe20047ae4af9c2d4ad738205f0a201ac48d3321f98045e9da85bd152abaeec9acabdc8b5bbf60c3d3cc3598e8d360b2ae922b43b8

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3d8aba2691b76c17a5f4584fe74dd42e

    SHA1

    81e324ddc3134ec62e5d447cfdd458296049e5f5

    SHA256

    057717f53c3cf6bfec36633ad4642b39ac6684c3dc25d1c4584da9e6b8dde433

    SHA512

    2ce75d3c3f89682be0dd711962b22d3e20911b14e135ef7686d668322783bd5a43acc495e8b5e77e858466125b86a23f5353b7bdafd8fe15ea9d3c36beaf17fa

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7FIT0B8\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab458B.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab463A.tmp
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar46BC.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\T9N64U84.txt
    Filesize

    605B

    MD5

    656ed8d33a8369cde22884ef69946525

    SHA1

    7558ad3fb0d3a82b8fe944c91328eb76e6f48ffb

    SHA256

    b59c5a897c9c9dc15f8cc681e8519fea5eb7eb60cdc3575d6817ec2292eaddd7

    SHA512

    3212479988f949bcb5caa5c5e5d92ba403e07f61488508378a87dfc0c888ac8d2c178aa02266d2f35c065bc6020524ac8e7de99edde7bec5d74ef0f75a6cafcd

    Download Submit
  • memory/1152-55-0x0000000002C00000-0x0000000002C02000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2040-54-0x0000000001FF0000-0x0000000002000000-memory.dmp
    Filesize

    64KB

    Download