Overview

overview

10

Static

static

8

003e0d05-e...4f.eml

windows7-x64

5

003e0d05-e...4f.eml

windows10-2004-x64

3

QS75790832...QQ.zip

windows7-x64

1

QS75790832...QQ.zip

windows10-2004-x64

1

QS75790832...QQ.doc

windows7-x64

10

QS75790832...QQ.doc

windows10-2004-x64

10

email-html-1.html

windows7-x64

1

email-html-1.html

windows10-2004-x64

1

image003.png

windows7-x64

3

image003.png

windows10-2004-x64

3

Analysis

  • max time kernel
    100s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    15-03-2023 04:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    email-html-1.html

  • Size

    7KB

  • MD5

    202ac828678e3a929218ceabc1207ba8

  • SHA1

    736b26d3bbc0aa11317163b04e63823857556189

  • SHA256

    5dc69f8c8aa949846e6dd2f5fcc7e488c038d9972f40a5f4b0a2b5f0acfeca34

  • SHA512

    6be42e4623e621608caa13b009bcd05bfde3a2fb28b12c4d5b5a93d5e40539e89bda5b61ccbbd86b200b1870443f48b8a902752617965911c9d7ad8c498fedf0

  • SSDEEP

    192:9XZIizvXCE9ZTaj1GgOjljqj5rDsqj9jIj6plnMGr9xHI9KZ999+ATugwn2c9jN1:9p3vCE9ZTaj1VOjljqj5rDsqj9jIj6j8

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\email-html-1.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1540
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1540 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:692

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    75344078038dcbf41292ee4d0887c167

    SHA1

    5c7aea10534ee649f27c2f0c3270bd76f3065c42

    SHA256

    d19ddfb79e7f1d42c3f11227285626c67275c53ac67ea9ae87d7bdd823d97a36

    SHA512

    e3a2ea07e1dbcae2fc139a3c13e3a6da82c7cd4197758d9fb8f92d507f2afddc6782bfda3eb98c39c401dc918c1e2af421e6be540b2bbbf6e68145086a0c5f73

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd078b73f6cebdd21adffb77f606dbe7

    SHA1

    8305e81ccaea47750121753171f1fcb06a35157a

    SHA256

    0a3d9fc4817291ece89d8f536a7b892ea8d612b4c0f5df684cff943382760c5c

    SHA512

    708cca5d19884ba93e1164b35febe88c94c2a617b781c2f9e32de8397e0b449e393edb64f4198842a07e275c0572775a1d343f4a7320073c22b4047624f7cfc1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ec3a97d46ec24cdd405aaa4e481db946

    SHA1

    61a69b4bf10e4e852fb16a4449d0959b692b6a59

    SHA256

    c304c93b86c1b212f6a48c00612958b4cde5b9bdb61b8c7b1fadf94498874cc8

    SHA512

    c370860d1c594fb6743ae544197c4f30faf2a2c7257e765a5139db01accf701b043a0167e189076695f88b9c1a4400d14f43f1b92f8cd2ebaa7f9b07a17d927f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    620974c5f60fe2a66df5fcdc80170cb1

    SHA1

    97de9b98aeb24365340d798247321abb1bc482d2

    SHA256

    6e8fa669d1eaee6a10627966e19baa6d0e92ad21e9dd3e10c38e61b0d0681f98

    SHA512

    c6c1da71d2ad4c8cbb32f1d66ca213361fea702e3a401f1b9c99481e18ac0a8ab170aec4bd6c613ae1b315436481cfae7dfb6c90c7698a17be1f87727872932b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    185df24ab70a973a8112aa94e291e55c

    SHA1

    90412e236227f1a6ebc74327c789dfed31967bf3

    SHA256

    cfef823fe4ddadc178d3d999ef83b2e2412b38ac818a624df653b27eb13c7d2b

    SHA512

    0f77ef70c174672f01e33d41b32841f31ab521bc00c4cfc3f1c5f59e0d839aea95fba2ce670bf87b07ab63819006ba4ae0e4dad653b7618510dfe8508512df02

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b189735a0078071bbc07d4f9194743a0

    SHA1

    6eb33633e8d880913a48ccd1ddd1a2e34bca8baf

    SHA256

    5ab9bca6116502c276d031be3a08dadb47f1bb047c9a9c9c98ba4c75da0174dd

    SHA512

    f49e50927a9c6c45912ad45698c30785c5e463c3e911ac53078d02d9e3a182bb7c22b17e41e16100f36938580550b0ab0eeb72bf9fce889b1bfd71d70a159a91

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    41da5d2fcc9e40656f81885ca6624606

    SHA1

    21cabe14eada13c0e21b52a708f0c449cc036f22

    SHA256

    e6e3e1d970a5d82fd7677adfabc0cb232d89a34cc3c253cb5c65ce8e21670fae

    SHA512

    9c29a7118941b4480b23f38f82c174bc98fc663f814982b98458ddfd46cf7239b8bf601b20eab1614e4c854742ec6dee2520cffb37075005a072e98924b2370f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cab23185891e1e1255abd2994349325c

    SHA1

    8e4448fa5044b748fe964d5375e3ecf6eafa1d14

    SHA256

    90633f573cfe14bf2c590499730d163103de83afda51071fa31b6f807e516ab1

    SHA512

    cf062519467648704815aef44d2d621c8b4474648bf3067ca371f4ef4d58213f4a1587aa1a9227231ba6e725425b92215220abd5719609815cff4bd0bb7b3240

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d2f3e1c570f7f7f84fffa272b9cc1149

    SHA1

    7e8ab8530fe4b61e4ef042d5711b888bcaa9bf34

    SHA256

    ae85401e657b1af0ee3d727758f1a2bcd81060fa3d3e18ac12447001531ac738

    SHA512

    9f4e55727f62ff42425c2993ff4bff8c8ccdc0f48ec14e4e5097d144bdb48fbfd2c438e36d89982e7c9e20479df65bf344d172c63d859d10e415f016458ea283

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7FIT0B8\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab433C.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar46AC.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\HVCAZ3FX.txt
    Filesize

    601B

    MD5

    0c9fdce57be5c91e9ec9650327cf2807

    SHA1

    e4ed6280f87062a7555dac725b39209eb7147107

    SHA256

    3fa469a2c5a6c25c3e1946342cc2b71ded938d6129c84781d17cef8714ca12fc

    SHA512

    3598975bc1301017447499ae5827d7f37d506dddb32ad924bf0de32e77443f5ae710505030be010a18bb864384ee49e3de7c66342007b2fa56e7baabc031b67f

    Download Submit