Overview

overview

1

Static

static

1

ACH_1807_3172023.htm

windows7-x64

1

ACH_1807_3172023.htm

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-03-2023 19:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ACH_1807_3172023.htm

  • Size

    40KB

  • MD5

    a643d277ee556cc623614e51a8ece320

  • SHA1

    bc5fc1e4b8665526787a409fdd2ea1b8c32e4273

  • SHA256

    c4e5d3cd0dc8882ea5027477a371f283fa49f1837914d56d34dcf9744bf06057

  • SHA512

    7548abe24d3548f83057a453b294e305862b08af9d5b2e3ed6bea8aeaec833a437fb334d7cfba1bf6d23993c8a138e26786c8a521e18f33f3889537e260553cd

  • SSDEEP

    768:1u+y0SZahMWoWc8y9yB0FprU0428AtplIhO3VdzvlS0Yqb03T37uMwVWgJI+xy4q:WPshbuM4veecyeeRueeeeeeebweeeeeO

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 55 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ACH_1807_3172023.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3488
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3488 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4240

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GPVLIKPI\main.min.1d0102f259cc7fd64f2590e52fa32640[1].js
    Filesize

    6KB

    MD5

    9fe8e0b115f7b2f67ee538e0954fedff

    SHA1

    74971c53d2e18e2992fb5b90e9b81f7c503c99f6

    SHA256

    65fd24bc00a60135f6353f893072f5d344927d4b2795609d530c7f0b65c8e025

    SHA512

    a0f04039aee0d42c24caaa556456af9ebfbfa719e55d5a853974cc1467ae29b078ac47784babb0b1f52fadc96ea6f4af55bc277c1dff26dd8bb9cbbce173c38e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GPVLIKPI\otSDKStub[1].js
    Filesize

    25KB

    MD5

    10e367ac910cc8ad9be05cfbf4036e57

    SHA1

    ff5dec5c85b00e742c02ef515c2a44c2db97f7e7

    SHA256

    e85a649094d881201f7a886c94cd19e72196c761da5017c9269b03b35ca9c5c4

    SHA512

    57e6538c6e4eada6fec386bac381e05602773de855652c54e666ece83d756d1f70ef0a769b2ffc183668fb0cfffdd1cbc79ac62608851b670ba479fc541cc73c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GPVLIKPI\sdk[1].js
    Filesize

    23KB

    MD5

    b70ffba5b40eb0c50c9805876b838d90

    SHA1

    5350fd4bc9b27bf8fb3a938890bb39c2d24b0255

    SHA256

    8a0e139b99b68dd01a56f2e15a59e8a6e759989c0afab0daf489c3903c76b59c

    SHA512

    cfb4d660296ee6498163dddbf3d44111fc2de75b4951cd4dd8a39c214ecf5754fd503478d91f0c4a46cf08ab251e0d8b1a56dad7db6bf38f045865c3831ef492

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RP56V4OA\littlefoot[1].js
    Filesize

    15KB

    MD5

    5d87ca8ebd041a433e5924c2b4acfd97

    SHA1

    38fe6b5ff402d0eac89d18a600d3a4ab59be8c0f

    SHA256

    2ce1c7d69245ebee89a591f12e591e3ba9a70468445d7854d8f3f70c3dba217f

    SHA512

    8c6c283ab88fb846143f756474c8b62b27ce0e9fa31f41e5cf4d2acc1338058637e6aa27b6b823aba5dfaf3db9bb44abac9a4dfd98ff5ad4a6d2043035f7ef3a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RP56V4OA\otBannerSdk[1].js
    Filesize

    375KB

    MD5

    05192d6d030b1b2ba439000618a40262

    SHA1

    43ea9a0cd01192d7f1135f9106d1d8dd422ee221

    SHA256

    5bcbd83d020ff272645c59dff179841df9374a6295f324eee00b9de4e67bc1cd

    SHA512

    b9c72a21a9dc82aca5777430ebed78c293e6866d3e244e4a840a0b021f104e3489a93a684efd6660e11b9bc97e7e7db800ce3f95a2fba74e5b0f719ef9d58d27

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RP56V4OA\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RPW4GWWI\gtm[1].js
    Filesize

    405KB

    MD5

    23f1fc3ecf6c090b8e081920c7bd540d

    SHA1

    aa2264e5646aefc3bf84cf68a60c499a6b89de35

    SHA256

    94669df4ca69a3d71d50b89d7983ee9c811ffca5b1c8a68bb956e51656d6682f

    SHA512

    f1c66e686e7437cac702dde68018f4c37eb2ed07aa261c7b1a033c15cf36377b9289c6445c82da3c10e3eeb48f59403532ba55ed28f47967107d5c94c42e1ba9

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RPW4GWWI\img[1].gif
    Filesize

    43B

    MD5

    f837aa60b6fe83458f790db60d529fc9

    SHA1

    14af87ccec7f81bb28d53c84da2fd5a9d5925cda

    SHA256

    dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

    SHA512

    a85e09c3b5dbb560f4e03ba880047dbc8b4999a64c1f54fbfbca17ee0bcbed3bc6708d699190b56668e464a59358d6b534c3963a1329ba01db21075ef5bedace

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RPW4GWWI\style-e930779d[1].css
    Filesize

    93KB

    MD5

    49ad2cfee121b36267f304216d7cff66

    SHA1

    1096a8c4b165c7f77686b09a198e63aae2d14c0c

    SHA256

    a76dec52746a6340552c790eabb7befd27cca282c8fa7f723a52209d72d76193

    SHA512

    4de02e0c58e113020c1265ab4d03de3481f2f04727f9846c18b1922ac6d08cc0ea3f9c881da34de694c3a9b3c800ed413366433a2024f5172479043a3c0900e3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RPW4GWWI\vaafb692b2aea4879b33c060e79fe94621666317369993[1].js
    Filesize

    16KB

    MD5

    33100f2355611b2375f05486299abf05

    SHA1

    0b2d1b75f6695e67b884bee2eb72165d6e881a26

    SHA256

    0f48c5678ce459a596423b0e55344e7ad8eb3d3b1b27c54cd76a9d4cee7dd6c3

    SHA512

    d1a843625f3ae943212ae61c5b4efc49c31a957aad1498209bb4e6954b69d14943e1e424d08c5f9e6e729172af1893458cb328a2bb5db1e4dfb114fca027e018

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RUOQG7D6\OtAutoBlock[1].js
    Filesize

    5KB

    MD5

    b333e0a76095797ec322cec18e8ca1ba

    SHA1

    c432f09851ad642bb87b944675e47690b0092624

    SHA256

    5989940b023ee1cbdac4df28ce960c5297c1ee191bf4b15f7c5bc29cb3e40dd8

    SHA512

    a1fa1f88dde0ed0b1cb2da018598f953796acbc482e0be226e8e699f47a18d7bf96250ac7a396db6503fc01f082ad744f9e9e3c7e58f06b8b9fdf569d787fce1

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RUOQG7D6\invisible[1].js
    Filesize

    27KB

    MD5

    a02881a100b2e776e707dcceb80be9dd

    SHA1

    2314a95321e95049f0e7bb10faebdb50454c76ae

    SHA256

    a1902cd365e9f59d41951c8d360aa5281bd441ae23dbf62eb5157ed7115c1a91

    SHA512

    1dea7b602222f6d2ebdb8d48c96e9624da4b14e15716506315b593300602a8d72fca7bb1027a09a5ef2488e08785788c58398d7545ec061a0f976d69f7eba9dd

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RUOQG7D6\search.redirect.min.c8925a2c849cce975a7cbcb6ffba3085[1].js
    Filesize

    534B

    MD5

    c8925a2c849cce975a7cbcb6ffba3085

    SHA1

    68d76c72da470017b8e875379f751ccb4a814208

    SHA256

    1ec7316f19a224c4d354fb26d86746a798c36893c44e5c25c80a9b94e6137d84

    SHA512

    29b67c784c9d44e26248f3f82b4c64aa984bd3bba702a47151abfb124a07967a878e4909162aca33ef8f157d832687b02dedbec8b0f85e99c9616388c16fe730

    Download Submit