Overview

overview

10

Static

static

8

2d0d46d5-2...f6.eml

windows7-x64

5

2d0d46d5-2...f6.eml

windows10-2004-x64

3

Mail Attachment.eml

windows7-x64

5

Mail Attachment.eml

windows10-2004-x64

3

2022-06-29...on.pdf

windows7-x64

1

2022-06-29...on.pdf

windows10-2004-x64

1

2022-06-29...TR.pdf

windows7-x64

1

2022-06-29...TR.pdf

windows10-2004-x64

1

email-plain-1.txt

windows7-x64

1

email-plain-1.txt

windows10-2004-x64

1

RE_ [SC27W...on.eml

windows7-x64

5

RE_ [SC27W...on.eml

windows10-2004-x64

3

Dlist.serv...rt.zip

windows7-x64

1

Dlist.serv...rt.zip

windows10-2004-x64

1

2665187713...om.doc

windows7-x64

10

2665187713...om.doc

windows10-2004-x64

10

email-html-1.html

windows7-x64

1

email-html-1.html

windows10-2004-x64

1

email-html-2.html

windows7-x64

1

email-html-2.html

windows10-2004-x64

1

email-html-3.html

windows7-x64

1

email-html-3.html

windows10-2004-x64

1

email-html-4.html

windows7-x64

1

email-html-4.html

windows10-2004-x64

1

email-plain-1.txt

windows7-x64

1

email-plain-1.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    100s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    13-03-2023 07:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    email-html-3.html

  • Size

    720B

  • MD5

    36b46d261735370ac92ee7a9c3183857

  • SHA1

    be22c9d280eb8e48c0440a84844ace26def0b778

  • SHA256

    3bfd28637a5db1338eb2d7d8c1be92f819157951b35780ec707fb80bb169d9c7

  • SHA512

    c989545679f1757be4c8ad061283bd1dfd5eef82613b9e90d4c4958ce408260239eac64959bdc1a3fe66f06dd07098af290a98e63e3024ef751ba01071e51609

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 43 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\email-html-3.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1424
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1424 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1472

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f49ff0b7a79ae9adbb7ed131eed4af3a

    SHA1

    98468afd856cbbb6db00e2a97dfe7f62704264d9

    SHA256

    acd88d4e8a9e8be5ae9cbd99e6be91be0aacbc627f813d4b26238617889e3f3c

    SHA512

    e53bd28452b4b8015d112f679440e925e54ac10e51797bbf3f54b8ca6db301a2be1e970ad098029c67b14fd0328be01aca825ae2033e8f9b53938267aea7b978

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c4be3091114282a8a2402c19d77b4180

    SHA1

    6dada7bebfd18449d496b597437eb9d23d7ba33e

    SHA256

    a0f043ed74892030b629c977926aec5cd312b2942119ed040a35239ba26683ca

    SHA512

    e04fb1b63c3431fc373bb24515cb2d268256aa9a5706a26517182990442e5e82b3929d1a1572fac0b8f29a76b1af77a2660179cdd87e0cb1265cc707818b9368

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9b12bf0fc50654a2f1733689f44f546a

    SHA1

    60e5624ecec36265838a3d7a54ff83ac5263944e

    SHA256

    75e8b49e1d35c5766973f6281c2465069b6744e9ac348be38c4dad0b1fd00270

    SHA512

    2760f5275ea5316a036f150412466d0b283c21996a5b0caa9a4055d59672645b1b1283b401d44e0009d2a6e6a91b8ed2dd038cb11af85d3513efae1e51022b5f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d798c309815e1ab54737343dc2fd4ee6

    SHA1

    f6daae97b7c1a451e8bc4f928c8ce993fa33e0f2

    SHA256

    8b3981999bf8b220a4f8ca392cdf8c71b133707e3bbe0552227b5101acab416d

    SHA512

    82f3d29b933ba622f85a49e6a7eb98cc496109949cf1806390aea924cd43340144bc6eb0473e15684f39102f7720df7561b359705d1e713741b391709d59e0a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    56d1d91997b3f49a32f2e1bfef84520c

    SHA1

    da6302fee7ac5c636dfb7a3a3d16992145537edf

    SHA256

    48282ea0f14ac5b3ec0c886d50243bb139957d6fab6c32b8e2a136a079e675ef

    SHA512

    905f7bee73a5563f3d5c46c6031f3aff1e039163b45de3b4ce5a72fd63ad7d1e38b3f1d6bb85f52bfa17fabfd3bea76b5306e23605c4b12b913dc68f26f8e38d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3baa3acddf51e29353c81747be07955b

    SHA1

    e17805049e869d4d8b30199ccb6cec3b7dc604c7

    SHA256

    b83d3af9b5aec40066824844e6064bf8a78ad7fee84ea3e66035e9310fd2b07e

    SHA512

    2493250c692527caa66a719f7409e4e995eb433e6d385db43d1ef4d587285bb9eb74c7e9b07ed6324f47ab4135c6ef00319c223c05481ccf2b2c5e57eb7884f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    38fcd8ca7a089c94965b70ce5a7bf5ce

    SHA1

    c3613dd9534bd40d5adaf5dce2f6094d617100c9

    SHA256

    c67fee0035bfcdd74a91b5df209b34902170c0f9837d9c7e74b0bf967a8b29d8

    SHA512

    58053b2963202b9e7cbacb91c1bb1bda77ff5592f6c7bf9e8921fe024bb6b1d73e415ce8225ce39e5863dcaf6750fa704c26b84bf560bda11b389211ea06cca1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    366a1a2565127af06aaf62f8926968d1

    SHA1

    ec0221c7845f1eb427aec7b89f682e5433b4cd87

    SHA256

    0b7b20ba2bb43aea407010668ad7cead21072f052bf63b6913b528c30a128268

    SHA512

    bc03ae142c782541f61b117100eb40b191d88d02c0ca1b3b11c2dcee7c99a13e25fe7c1484c36b9ac2aa1749bfdcb9d65f3d04b928276128ff8c2f3c0115e6bc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACT9UUKV\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4BE2.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4D4C.tmp
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4DAE.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\GD095WQ5.txt
    Filesize

    600B

    MD5

    64884737436694c29ac1aa80e9ec16df

    SHA1

    fa77a1e41b7bd2350f6d4948509f79e2b593d048

    SHA256

    6d5365f9b89d6e01051b2648d23599bfdb3a14ae530e4a9e0de852146650aece

    SHA512

    2cc4396bc5de99834d702b7fbe4e4ea509752869fc2db59ae19d5504f1ead456b8d36d4cbaa18a95f79451d6b6cbc6b465b5d9e6b2e11caa083b88b65fbf9048

    Download Submit