Overview

overview

6

Static

static

1

MalwareDat...).html

windows7-x64

6

MalwareDat...).html

windows10-2004-x64

6

Resubmissions

01-04-2023 20:59

230401-zs5ataeb3y 1

01-04-2023 20:58

230401-zr95nscf99 1

01-04-2023 20:51

230401-zm5z6acf76 6

Analysis

  • max time kernel
    144s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    01-04-2023 20:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MalwareDatabase (1).html

  • Size

    208KB

  • MD5

    7a2b52c9da7f2839e44ad94c19f68d02

  • SHA1

    1fccebdf5902b30466205af92c4c7f04913ec6d4

  • SHA256

    ae32fec08c87ed5c92014daa7768bff84c8ca4c681a8a41e595e8e3ed6078ffc

  • SHA512

    8c0093ee535aee332c13063ecae0f1df1148d0ff0e3e6b70cb37f7856a6629f2a705701a2d030a598bfe4ecc8f4151d1ca5abf3738ec87273f719cfbe9a1e15c

  • SSDEEP

    6144:sTRgFloZVDuqJmq8NJaQU2SJxX520WLy63gS8SS89S8nS8m7Snr8cfJNhoy5gq9D:YRgFloj8NJaQU2SJxX520WLy63gS8SSS

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\MalwareDatabase (1).html"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:932
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:932 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:336

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
    Filesize

    471B

    MD5

    d1bacd6c41c109c7b868f76aeb24db93

    SHA1

    fbad0d4fe6ef4b7d27b5d56d7ce167cf190726ea

    SHA256

    a12c36f7c4c4f34421d27e99c410bd281f018137c985dc19012ed99014324a1e

    SHA512

    195a59bfced297364c73c3f1a5f43e955b65ae9d0ba1c1cb4d703bfa95c59be6f13e7509978e0ab03755b82a64a9d804199dc6d92a75e7e2b23ddb3b1d31a634

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fd4139fd5da73c3adf7b6293ec4c373d

    SHA1

    889ba7d1435fd77711a5001f7ae2127a2aa6b128

    SHA256

    11762cec66372e494daf22e4a302e25a2f7a9fc166e9279d34f9171d5826bc94

    SHA512

    ece55a8c755c1302cd09e4af1c509576ef06b1030b8825fdbd9ac57f86c034b567bbe010a051297d78d21547c73406c7107f202dfd86c68442622681e0ba153f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    a4d5bf52e2be828d0959943173ea894d

    SHA1

    b4ceefc629f047535ff282aa4eeddc886944720e

    SHA256

    aa3e19a29a6c198dd37f94172184c2a06fc90ff0b4e8b2c7bcd26b92b3af5688

    SHA512

    011304b1b6bf6e810e025b041cd8f04594f7b96b6a8c3f7ad8b4e03fc3a734b802eeb05b457a613537aa540e6802385603761c180e786b9e789fa443d8f42063

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    5dcc2ab91a12bf59ea228587a365b30b

    SHA1

    f82f14c858773b9568ba71c4d729fb2a600ffdd8

    SHA256

    3930ce58928419faf189d59dbeb3019b2875837c15e0737e052b56184b3188ff

    SHA512

    fe8875ec54783fb1efa74dd58eaf349d8560bc4b5bf7d1c0b327b8563db4317d3c5db6a32d81ead8bba2f9016f9cca3da3b731e5dfbf1ff913ff6418a3401ee0

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    fd43206583ec7840d1ae6906943c4340

    SHA1

    9e81173e4ae98a036ba3ff18b2fd68ad25e3f049

    SHA256

    22f621e8fa5d8d584abf47293ff4bac4e17410730862599dcd1604773ff4cb4b

    SHA512

    53842b3650ec13f354954bb6a86901d533dd5934e28408c3d67f19eaab76798c7561cb1f115afbb3a94fb0613403e86e87f1b9d5434a2ad2290aa886619cf7c6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    ed5f64b8a1cea6a4ac1fbf570d7012c5

    SHA1

    523c1c2358450aeec263233d5db06ae54881f835

    SHA256

    b4b238851935091ea52064fb316d411536aaddd1534028b1b0d10ab0a1517533

    SHA512

    02cd3f5a47888a5718ed5b6a1168ca52af617400336252c5016fc803c0b6bd97fdbfdae923ac276457c1d32da19adbe331b0f736ece300435d4d61c0033235e4

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    3590696b5ef92f0c3045178c9ecb00a1

    SHA1

    4f7d9b37e500e7e2f7b4bcf74ec3a75ad11357b9

    SHA256

    9159deb70a78d05a88f3ee078a3f31fbb601bf9a0b4d6f61bfce21ac541cb7ae

    SHA512

    7ef81076c9b7aa40e4ecff3e7c2ec29d033413071522787fa0e9d8e969950a7b6b78cfe91856fb6a420e814c9acefa4491aa525787e221e1ecb022d15b390b64

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    9f8c55710e28d414b758b08b05f57990

    SHA1

    aaf422dfc40c4c3a99de16d634124b57763412ac

    SHA256

    5a0c91d7e206003442d1604349ce13a8502bf0fb845c9bb464e919e9e7388513

    SHA512

    cd4caa0bd422da3c4fd85fa0726a81553be4830cefc94e5521c26a4546482710a33e02f391ad5333622e396eae2dc023d19abc2fea0bb87b4f86ec9fd7ae0f09

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    812d4a025176debdfed9531d0988d5ac

    SHA1

    924a14654289c598ae144538dc176699e8674869

    SHA256

    dba46cad284213ff440f56828f399056ba1375bb41783368d23dbce2a00afdb5

    SHA512

    6592d5009458d84dfb49f2df00ebf9b5641063abd1d623390ef2667680d93d818174b8bbba318bf209a2829071ba737655e3ded5958a91962474b8aac2b59696

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    524729a7f87d1d093f63e5e7dce1b099

    SHA1

    e1c479315d8d7d889894980dac8bef8f0c468946

    SHA256

    302f82b390b06e43ca6ea0002741c29622699c78f8569be214db63d63b3d23ce

    SHA512

    3eae9b2de6a2c1d8b78e48338fb4ac23b65c3714938260ea6b7d820371f0f1781918743c819fc38e0a05f013e76ee2575bf84c1cb2d7476b8a87d7e5209acc24

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
    Filesize

    400B

    MD5

    636712246c4e0b6f3b10361caa98b14e

    SHA1

    5c1b4d677d5aeecfe9cdcd0f0cf9dda48ec89758

    SHA256

    be292462ce115b63f660e55bd06f25fa1f419a68c4990298664656d1c4a238b9

    SHA512

    05b706ff4019baa2e22403eb96b90fc8e00fa4731b3bfc7bcc505a3ca642466b80f2fd9a3820e302b9fc82f7617aca6a5a2e960fa31b6445b8760e2b226c8174

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
    Filesize

    400B

    MD5

    dbaaba5418d75059778029a96f2c40d2

    SHA1

    e42e819da6e650e32a605bbfeec216a531a6a6c7

    SHA256

    d520783977f2a69c06b6185ffd70d2b6c02afd6cc76e73e529a7eea585216a96

    SHA512

    3c1321ac6516e69a3525320638a82ef45d19465771434c27c915da32b8b2e4fe79e80edea7f016fe9d86e99dc0ea73e27ed2cc8854e5bedd1feb12312edc0608

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
    Filesize

    400B

    MD5

    dbaaba5418d75059778029a96f2c40d2

    SHA1

    e42e819da6e650e32a605bbfeec216a531a6a6c7

    SHA256

    d520783977f2a69c06b6185ffd70d2b6c02afd6cc76e73e529a7eea585216a96

    SHA512

    3c1321ac6516e69a3525320638a82ef45d19465771434c27c915da32b8b2e4fe79e80edea7f016fe9d86e99dc0ea73e27ed2cc8854e5bedd1feb12312edc0608

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TOS3MI7U\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab426F.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar4272.tmp
    Filesize

    161KB

    MD5

    73b4b714b42fc9a6aaefd0ae59adb009

    SHA1

    efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

    SHA256

    c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

    SHA512

    73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar449A.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\YADP4XAV.txt
    Filesize

    600B

    MD5

    654b14975a58a8596fcbec6f272a39ac

    SHA1

    5afda1cc117c59056cd05c59a5c54c00ae39080e

    SHA256

    fdfbdd4fcf316d521fd0e0148233c6d09f31ae629d4f976c5de16985b43252eb

    SHA512

    fe173afe40d3dcf81504859945ab4e6f35ef981f8120a98beb6c84033445f495b3fa914bc973c9eb91c1255a43dcc8ad8186ffee4edd4e2e4804836da24f95b4

    Download Submit