Overview

overview

5

Static

static

1

Tallon SOP...).html

windows7-x64

1

Tallon SOP...).html

windows10-2004-x64

5

Resubmissions

24-03-2023 14:52

230324-r827dshb9z 5

24-03-2023 13:51

230324-q5zfnagg8y 5

Analysis

  • max time kernel
    150s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-03-2023 14:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Tallon SOP Invoice (Single) (002).html

  • Size

    333KB

  • MD5

    66936456e0fd7a786c42bafeecce440b

  • SHA1

    dcc1f454ee181a74dd99a3a3354d342a722c67cf

  • SHA256

    ec9b781718161db93294fde897a7dca738c61a55df04afc47fb4563338212d90

  • SHA512

    40d19022c95b206c614380da8c26ef21de072fc2c19585fefaa953ceb4842b63168b3fc99b5742efb8d4c8762d2052dc3b4af2390f4bdff7b620735437eaa69c

  • SSDEEP

    6144:D+cONCmQ+SgZ91yQUtAKluvkfGkH9Mb+4gZ+pW9B5:D+cONCmQ+SA9xUtDuvkfJmb+L+pc

Score
5/10
microsoftphishing

Malware Config

Signatures

  • Detected potential entity reuse from brand microsoft.
    phishingmicrosoft
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 57 IoCs
    adwarespyware
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Tallon SOP Invoice (Single) (002).html"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4416
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4416 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2412
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4416 CREDAT:82960 /prefetch:2
      2⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Modifies Internet Explorer settings
      PID:4752
  • C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" -Embedding
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:2304
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:628

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177
    Filesize

    471B

    MD5

    337bf40e291d800f8741ec10c44f16b9

    SHA1

    378258250796cf945b59148b68398f5fbb5e1cfa

    SHA256

    56b74e4dacc5d75701f8f1e1273ecfd36ffc350f3206efde0d7bb1b7ecbbff17

    SHA512

    7d65b93d71ae38bca9c13c15717169efb2f065a2c3eb94bd5dde87146b8a113e61df1f5e9aa549e7f385e62e8ff53d9e542a31f050b27391fe1548fb239cf002

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177
    Filesize

    442B

    MD5

    de9624129e6af80585dd0bd6abc2f676

    SHA1

    f19e7724083793f8cb47970dacfd8e9672f0c8be

    SHA256

    efa77e4d9d562100d40ed61fadcd50e542356d4ff2bdc3cc0b27e0d380e457d1

    SHA512

    34392cd72cae6756f7a7a04323f420f409b3a15117f16d6765dd3dba0c850ad4afc80704814c71f123b1de9463acaf6d514ae65f8c1a9adb0d02d8bcd9fc8067

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\F12\network\settings.json
    Filesize

    3B

    MD5

    ecaa88f7fa0bf610a5a26cf545dcd3aa

    SHA1

    57218c316b6921e2cd61027a2387edc31a2d9471

    SHA256

    f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5

    SHA512

    37c783b80b1d458b89e712c2dfe2777050eff0aefc9f6d8beedee77807d9aeb2e27d14815cf4f0229b1d36c186bb5f2b5ef55e632b108cc41e9fb964c39b42a5

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\FYE59B89\www.office[1].xml
    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\feo4h2u\imagestore.dat
    Filesize

    8KB

    MD5

    c80d0ac072738604e3742dcc5f925e78

    SHA1

    ec1e7880e2798c546146eb792a2718e99e33c08a

    SHA256

    5b7f239d0cee9cfc58bcdc874b1bf07d22ec603087128c534bfdadc61f293df4

    SHA512

    68ab132a86afc7308804970c2cb9e1b5a214954e32d6cd801f22b90e885a8bcfe5cc2a3a328b34fff2e386d20a36ad36514a26995f9fa1c5c0e6d06714804d99

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\CommonMerged[3]
    Filesize

    572KB

    MD5

    9ef197a076681c3d4c5e7a1e07cf15f5

    SHA1

    350d4ad02899f3838e4ce3bca3a13deb496c5509

    SHA256

    a24521823149886e4ebb47b4c8bdb7859985683ec302aaf941872b8d2852bebb

    SHA512

    6ca063a22f226421c8c901e659a38180f5198a12af7a8d380d74de1e2fcfb5bfb892cda88770729a2367f2b23e5a1bfc34cede0fade20c4dc13e0391fbd41cc3

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\font-awesome[1].css
    Filesize

    36KB

    MD5

    c495654869785bc3df60216616814ad1

    SHA1

    0140952c64e3f2b74ef64e050f2fe86eab6624c8

    SHA256

    36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c

    SHA512

    e40f27c1d30e5ab4b3db47c3b2373381489d50147c9623d853e5b299364fd65998f46e8e73b1e566fd79e97aa7b20354cd3c8c79f15372c147fed9c913ffb106

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\plugin.f12[1]
    Filesize

    160KB

    MD5

    fdf4a73ffdab93e3a0422b9d2e252ca9

    SHA1

    c969911ecf2414e17fc16c1a15512bab79842d23

    SHA256

    26c3f906421451fb7a86d275288c9ea0bd6810959812edb6564e0c23f76702e0

    SHA512

    569c53094876dd65556a824416bfd0016764205ebf6e61c87529445d4c619860a086895a92f735089da501b96e5fb3361279f9731f5d46c56695133bf8318b6a

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8OI4IV75\jquery-3.1.1.min[1].js
    Filesize

    84KB

    MD5

    e071abda8fe61194711cfc2ab99fe104

    SHA1

    f647a6d37dc4ca055ced3cf64bbc1f490070acba

    SHA256

    85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

    SHA512

    53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8OI4IV75\plugin[1]
    Filesize

    411B

    MD5

    6f65b6608be4e65166d660fdc450fa60

    SHA1

    91862bd34ab08e3511b7b7f1e71baefd57c33016

    SHA256

    7c56cbab79bd396e31a1f2a0891e23aa7d49e7a87c3bfd6d7ca445a095d73b9d

    SHA512

    38fcbb1e3f5ac1fc959d7509b6b1930d6ee5e3284815ca13c2976501ca8f00fa0b5661d9ebb76e5800ca126b3d0564626015e45e7beb401ba42c99f4d6230e2e

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\controls[2]
    Filesize

    22KB

    MD5

    cf6ae18a4a5a48e497570557391d7920

    SHA1

    ad9ce2ad74fd0bcd5fa998cff895168ada13a1cc

    SHA256

    993700d10307ac3485ea71e01c49dd2abae6360a5f1406e03e91c7a6532fc591

    SHA512

    43e9e37f8de63d2131e3159471a8a7765a08a4efbbd1505a1fb1dce4a85ca2e7e1391a241b2e01509f69b5ffb183ab488d20341a5baace00cfd8d753d3955e8f

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\favicon-8f211ea639[1].ico
    Filesize

    7KB

    MD5

    8f211ea639e8777abeb1ab7a8871580c

    SHA1

    d6427ce52782d6b07118817e71a7e5192ca72f8c

    SHA256

    e588bde3eb80b349b069bcbb10520e49f9aa6f38001ce651f396269de3499549

    SHA512

    a8cffcb96c7265edad2333a2b1270382ddf7e3c364118662a4562d0e77c73e4cfc56b1655de0438932bccd36219b1340a9050eb8f6705d24999c9456963bd2af

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UUIKWEAJ\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WPCK8CWE\isDebugBuild[2]
    Filesize

    87B

    MD5

    70f25a5edce5e20d870ff1c98a5ec5f5

    SHA1

    5fe33de0c8cb6d65f794c4dff0bfd5bdb15a7073

    SHA256

    ae2cfc14f884e61f693b00ad0945f372face67b1fc49c6479502cefba3b82e9e

    SHA512

    e4db4b122bc436edaa2dc810dbe1b0d61a5115e01a05b8e4f0874e639781b517b70ba5a80e1df7176aa612917c05ea10c06fc8114a8caeb00b38b7b01f8dc34e

    Download Submit
  • memory/2304-157-0x00007FF7C2840000-0x00007FF7C2850000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2304-154-0x00007FF7C4A90000-0x00007FF7C4AA0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2304-155-0x00007FF7C4A90000-0x00007FF7C4AA0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2304-156-0x00007FF7C2840000-0x00007FF7C2850000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2304-151-0x00007FF7C4A90000-0x00007FF7C4AA0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2304-169-0x00007FF7C4A90000-0x00007FF7C4AA0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2304-152-0x00007FF7C4A90000-0x00007FF7C4AA0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2304-172-0x00007FF7C4A90000-0x00007FF7C4AA0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2304-171-0x00007FF7C4A90000-0x00007FF7C4AA0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2304-170-0x00007FF7C4A90000-0x00007FF7C4AA0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/2304-153-0x00007FF7C4A90000-0x00007FF7C4AA0000-memory.dmp
    Filesize

    64KB

    Download