Overview

overview

1

Static

static

1

REMIT® #ATT75649.htm

windows7-x64

1

REMIT® #ATT75649.htm

windows10-2004-x64

1

Analysis

  • max time kernel
    418s
  • max time network
    422s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    16-03-2023 00:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    REMIT® #ATT75649.htm

  • Size

    41KB

  • MD5

    b90fa4054f62064bed6065035acd9701

  • SHA1

    5ce1147ee5b596c17ae03a3916d56fa5846d21c5

  • SHA256

    2669f76716e749ac22014dc9556789ede7f2250534864e8a99d7c3c1a9d22b5d

  • SHA512

    af8738019b7433e06e9885a612c056f724a2f167e3322600764355599e2c5b4b4b38d58a433d7dabb39228fa54b8f143ef7d9c35fb466789ae0572eeaa3b13a0

  • SSDEEP

    768:G3yfsjMn8spDkAPec7MQ6ICa9LYTz8v00X+v7:G3yfsjMnxDAcf6ICa9UTza00X+v7

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\REMIT® #ATT75649.htm"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1064
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1064 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:560
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:364
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x484
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:992

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      61KB

      MD5

      e71c8443ae0bc2e282c73faead0a6dd3

      SHA1

      0c110c1b01e68edfacaeae64781a37b1995fa94b

      SHA256

      95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

      SHA512

      b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      97544cc513e03b8ccf976278a29763d8

      SHA1

      29957ecfc539185ba2821a9fa3618a96e781adc2

      SHA256

      14ab5f03e3a35e5cf1d03c6e28fc4693a1bb111fa144fa3f9c8adcb6f7a14ddf

      SHA512

      577ad9b1985cbd816095fbfd24aa2240d6653fa327be0c97ac7cb9a3bdedbea314e9f7b67af676b20291f3fb86acfecb99ef4f748f23d62e238b35194838ac74

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fbc47d9872da4c3d3dca98b04b77f5f7

      SHA1

      52a38982a2d951ff434d578ba191d7ae6f9b75ad

      SHA256

      fd1afce5f3388ab2cbf38c59a651bd0d77e0a4baf9d28aae320d0a3468928822

      SHA512

      a37c8bda308ce71a9570b9ca8b8c5feaa15f8d45b89b5e1a0868cf44e42c9cf4d70410f8d1ff72d3ed9040c7ddcb0e407abace5c8cbd1e41ac066f6aeb67c1ee

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      844e7b5392a1edc2f57ec55ef4b1f735

      SHA1

      082e653894cd349b99160a76c56b4a616510c462

      SHA256

      b111f4203cc7235e1e4065ae3326c97826a9a4fe0811da76b041f5ed5dbd4d41

      SHA512

      9b651e2060a981bcc3ccfcb98df4d993b8cfe9d44d9da3699c98e7e26050723d777831d43b483f45bc3f671200ef732046a7244ce2be27a0061815001038df54

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9075c27d3140371bc46b18f21a15f122

      SHA1

      cff6669b592ef013b529c135f866d9b358f3a587

      SHA256

      3f3237795a8288923c3b9828239d1d784a023b7e7c9164f338ecf8094e2b69f3

      SHA512

      775344740b9c51ac16271205b92429c3748653d3c0b9030bf964dfd3b59a5ede6265816dae1a24f54684f2220cc922f5200c3227fcb7c997b01a0b41a23b0fb4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      865ac63fe0384203d240bdc798ff28d1

      SHA1

      88366f0e8b397b586ecb7f2688792a7411ce0cc5

      SHA256

      330d21db60eba2749f71879b990c9e7866c178a48dd7d81173fa1d53fd9c59d4

      SHA512

      9d866fd243cf7461941ffa6a8b6403e13062ed9b5c1509059fe33d6436396878462a64ffca40f1aafe37cd1bc432a74f105785d6e1c478b94cd9d4b360206984

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d1638d045bbc734d6d97a3eda68c7d97

      SHA1

      6a20603da31430fd262327b0cfe8b427fbeee43c

      SHA256

      890c499d3bd6c1591659f43c6fbc90279f8487724f888e4a682183433eb741b2

      SHA512

      36eba796625b91956a56c4328771da06a6f5db535cc8ae9aa3bd83f769914de65c24f8f215fdef344b4ba6a8e3487015edcd825f5a58133aae54be2ee6a7cb99

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      228ad1f83e42034e102e1e3f37d5e66f

      SHA1

      4c6dfadcf20b655367c813353cb745e9c6faa06c

      SHA256

      8f5d3a36f62def2c63b93b8df0181552f06670f80b0c2f18c959a48cf917ca8c

      SHA512

      c287ad944b3eb98ddf4b327ebf1f8dc4f30ab69bc6499401a9f9ff3e3d06af5e03a683918be9e7cb1d4bbbd534d48a0333b9d6c793e01a65008cb2b6996415c1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7967106055ebc67ac6e5752727d436a7

      SHA1

      9af6baa25b6b313afa6c0e76e081b8a87c6adebb

      SHA256

      ae7d2878e80d58561b8cac7daefe650975c68724c66b3a8cb1506d650aa7b2d7

      SHA512

      acdeea5db3db676486c7e8a5991ccc868ae6a521b159caab79a486a413b26adfb77fe48f7d54b9742261cd41b55ee3bcf9566001b34762b0a68658b15e8bb468

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      81cbafbdcb8f18eedbcc50d6ab87da8b

      SHA1

      837117f843d83f4566aabbfcc38bb21e938f9675

      SHA256

      5a0023cd9c0bdde28fb5fdefef2ae83b81d9262cf8068e92151346e192a866f4

      SHA512

      2d4a5defd6d37f706054ed50c0f7fa87b86b959c6cffba1bb5db5713676c6c5d6b92e146c226c859117d9c085f93c43dc19aab69c12eedbc430ed58af4be04b0

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQ77JNZF\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab5F04.tmp
      Filesize

      61KB

      MD5

      fc4666cbca561e864e7fdf883a9e6661

      SHA1

      2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

      SHA256

      10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

      SHA512

      c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar62C4.tmp
      Filesize

      161KB

      MD5

      be2bec6e8c5653136d3e72fe53c98aa3

      SHA1

      a8182d6db17c14671c3d5766c72e58d87c0810de

      SHA256

      1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

      SHA512

      0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\0GR0L439.txt
      Filesize

      600B

      MD5

      168aeb89c23284793e9720a8f31999d4

      SHA1

      9874b7b9f574aef2659feec1b86fbaf1a4126c82

      SHA256

      696bbd45e9284b288f09a0449d8a940e548278d661dc741e0913803be5a3768a

      SHA512

      c348bf7c11f91d204663988743c1ec34a2e95d6db1ecc9cc0c0c3408dd12179c84799650a45bb2ac500d4ffc511b857e1ebe9cd752833da9498e801f312533b2

      Download Submit