Overview

overview

10

Static

static

8

bcaa3be9-9...53.eml

windows7-x64

5

bcaa3be9-9...53.eml

windows10-2004-x64

3

Gmail_2023...09.zip

windows7-x64

1

Gmail_2023...09.zip

windows10-2004-x64

1

20230308_6...27.doc

windows7-x64

10

20230308_6...27.doc

windows10-2004-x64

10

email-html-1.html

windows7-x64

1

email-html-1.html

windows10-2004-x64

1

image001.png

windows7-x64

3

image001.png

windows10-2004-x64

3

Analysis

  • max time kernel
    99s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    15-03-2023 05:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    email-html-1.html

  • Size

    7KB

  • MD5

    af52b3b43d6a5e8c9fd2b49a1e6089a0

  • SHA1

    48d6fa01093120c2f8937bf0d32c17ca3a8de201

  • SHA256

    0109ad6284b8c851f80318956877e5aad38db7eed1b346934c13668d41af7f2f

  • SHA512

    5e2363cd33ac088fe6a33b1d906f126e7c390eeef95ea77598a1ebeb05e92fe18ffa090d29b03fe1ea0a7b3dd85a674480c546c873e15729678869522b6b29f2

  • SSDEEP

    192:9prJ32fQeXNyvoPVquvRIQjCTI3+UmScFZ:Yf3XNyvoPVquvSQjCk3+RBFZ

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\email-html-1.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2044 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:316

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fb6c5db19160aea5713a3edec621831f

    SHA1

    2c2534d5054d7e22d66ca1f74b9c376f0ab0a04d

    SHA256

    ba5df29b4a4533f2c0018b32bf4a98be0f4c1fce3373d4a7ddaf810daf029364

    SHA512

    cb17495ebde12be05e545fdbea92e2fd0384561614bb7e2507cfc7792c09fa15397ea7cd11671bb362daa8c54a63203996de7963ad45cab3c5c9807ef9fa3cf9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a185b360e92c4f28017e03df9d82346b

    SHA1

    3ad12b0fc9cbc4a523dd1f1899882fbc7fa1a262

    SHA256

    a99ff496544377d9c9c86ea11b728aadcd012068ccb6fb77c685df7460aa4e21

    SHA512

    5dc934786ffa665451d1c3b7fca434f30e8f4069509b222e2cdacc2bd876df5fdbf06b22a8cf6825459e90af67ddffa5d123aa10aa52a36fb34c8f93ff71f282

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    24d84e3441058c68be21904beddf2875

    SHA1

    a495a60ba954b3cf0cdaa6b341370684ade8447d

    SHA256

    8bb20b0fc58c1e9594b23e727961a0c0ba2e90e8df9fa7077a20d2bfba0884d9

    SHA512

    3a38b58ccb6f479a5b7c928d5be71180426170d940dd74061e26c64c9156eb45bf19ced77ee9e045377829281b17820c4eb7ca5f07638bfe420d523d9b4b8782

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    246b265c731333ceb41166542277ee06

    SHA1

    b15b34502243daa15a89281b01a55e557b0f079a

    SHA256

    e67bb50b0e8e4efbe6c317bf129798c2518e8f4b2f4fe0f9ee3fe68b74938435

    SHA512

    96711b1689d71f73b0b115d29de42cc4f36f50fe7ac103c9406e5aa7dcf2111bd01700c5e7100d5d59a993463676ff69e35dd3db1b773654e7deae82ca8bd8de

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2a2c92ebc0a42f087f36718da371286f

    SHA1

    ddf53e732f51198918e0924247ce57e21577717c

    SHA256

    f3dbe76cc2290fcf846d9ffcacd3b69dcd4ed39e09de7559e8c9ce7c1ac7e4ab

    SHA512

    be420e206b73323b2d74b5b6564d71938aa553327d246d37d44e84f524843e4d8b3114385d9b303cf9ce41b6949784b5aa0c3b6a6479953babfc30fcfef74961

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fdf7e58161d228fab21472568dc04759

    SHA1

    2e941013eeebbcffd95f5e4c79b0234e0b2dc99b

    SHA256

    cd353cd32fd745cd93efcfb593716380a4682896536049452cd0eda465da05df

    SHA512

    edc51ef101cb7b3cc8387660421c6ce4508073a9b79bffd14716cff961dec7aaa0e6e1b5ee99b427957987921688eccb867527bdc2e48d7af116e649a678c43a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6cde8d48de2ddc222c0eef39ee4c6083

    SHA1

    67fa71950e9d81bf5291fcedf9ffcf475fff34c7

    SHA256

    593da59f035470e986fd6900925d0f05d4f3f880437e11af767243d76a237ed1

    SHA512

    344fcb8637b65183665a828a3d761c3d3bfb4896b9d6fd02485d634c5843ca076ea9d7468820beca51438c58016ecc907d07ab5313d64f35fc639d50993720da

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eedf3416c2f1e0a81b1c2ba3f02f1a0b

    SHA1

    74073110c63d9cb8dc1068acc9ba204e795c69b5

    SHA256

    30385edb9c0adb8e40e5a5447cd2159e93bd95fc8b3811b755f5c5ca984ee783

    SHA512

    d54061fa5db85355149a4d488c6986216b1af8e8bec17969ea16e6fc80183bfbef8221774da223bbd2207d166b02e1c258f655ef2333b951893287c8ad60df09

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQ77JNZF\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab7EE3.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab7F63.tmp
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar7FD6.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\UDOJKCLF.txt
    Filesize

    608B

    MD5

    517c2eb256bb4c9c37a164caa7129aa9

    SHA1

    717f10cfbd8357701953165e8b10bba819ff8259

    SHA256

    458ab9a66516272c42a0eb03581bb7dd48b23a545f608273a8d8f615c8f7b82a

    SHA512

    d40f006f2ccc0dbc43290ae5a8269e106543e6145e756bcae9f700cd64848deaa84911c1aa2db62ce270585decceee2ecf8cd7087051c0f042d93bf5acccf222

    Download Submit