Analysis

  • max time kernel
    43s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    03-04-2023 17:01

General

  • Target

    EDD_CA_Form _02701220.html

  • Size

    43KB

  • MD5

    4313657954a8ea67e7623ee326f4c380

  • SHA1

    e64b29dcce144168037a5dc110d3ecc4f24d7273

  • SHA256

    ae73d68868298a76d8d12339a2befe7d071e4c9d46269172e12a0f54fc4f11c6

  • SHA512

    fc1235a9f3d15d44f9c50295921f84c6c816235ddf5d4da74441f03055c174d22c731876e13b9429f7df57eb4d27889298eed85faeadf5450288f8c895c771be

  • SSDEEP

    768:UVfBXqLio/9omkwkSJ6q1J6s7xfpUalrjBr:UVfRq7/9omkwkSJ6q1J6s7xfpUalrjBr

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\EDD_CA_Form _02701220.html"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1072
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1072 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:564

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    742ad51fe45e95a227f40b34db98eda8

    SHA1

    878b72c2565225ae4709488272fea2c829a65dfb

    SHA256

    6bafb4deec3c0de40c8684e32c29d602746f7db8c8fa049e30f014d81a2cc640

    SHA512

    083c2c8c7ad39a4f03f1e8019354d51d8bc4a17122caddf379118148ba6068c89731605733422398b23f1f006684852e9c5e4791060dc0eb7e20f1fcc5bca279

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1764e63dec1b21d0731b7294fee42fa0

    SHA1

    8fbd70d0edc53fd4d130ea867c43806b1e270992

    SHA256

    3272d47bf1da107643d3f6508ff7f6a0666385f648a8c56e4a108c81ae87150b

    SHA512

    43fc9adac933633a3489d0ca3e1216fad526c17082688a869f4ab16f33edf050c5827a64bafb56e3c579d531892063555a1bc60d5aa80210e6a6b5077a86d72e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7c24ebe767c3eaa1653c262dd0cd1469

    SHA1

    6bb7679fc534250812db04429cae20425ede9843

    SHA256

    ffbe35a0bef3a351a41e1edde5c16dfbe2db1f068b1df9945441791f421e855d

    SHA512

    61f60de248c103339368642358e83e6bc0689628cffe7986faf4b6424b4dc62cd135f47e8ff8de5893b0a0336450fabb41a68419057b822325b971e3f9f57674

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c98ccae108f319169025e6d8563592fe

    SHA1

    6c160264d02a275d4ba6ccc755afe2f29694c547

    SHA256

    526472b3c5a753e05caac2a7b259edda5f61b3c38a95eceba5685eaf13955ceb

    SHA512

    0ab95b2f2b38fbe4701b365690781da8ffc1ec5aa9990c01f1b6b967c27dcc131913112feb5cc0d85dd2c15f791a36b9d0d6993e2c2e0b3ac58b77c3fadd121a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1e288805ed5b33920d3dfba11d9cadc0

    SHA1

    b823ebf2a3bdd07955a754ee3fc1433da1ad83d6

    SHA256

    2efdf5e57d51acfc76d46a999eeda82fb821ad9e366454b6ef08cdd3029e20fa

    SHA512

    ab777dbb9730f29a44c509b9a4210c75a3c305c176341c8c79068409f1b78228c6c8ba4d6ef5e993d49f1593c5df64577ca45e851fb105bf615808f03b265f47

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d9060cf38a4dac53512b928c7080aa45

    SHA1

    635b724ccdfdeceb5d9144230728239250a6621e

    SHA256

    d97c288452e56f49c5155b84d8c522ca3a4561412de835bd796bc3cfbd4578d0

    SHA512

    e5bf75ab8740e12b1cadfe2b76b39005249e0ea09af9eb8a4685becd9843f1db0d1e0901e88b4031ce56f5c756fd1e54a57e4934b9b9d959b1d321bd7b0c64a0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8647da905625bb54f08d1479b6f0d489

    SHA1

    36951ff3f5ebf51d8a341dd9ffaca03c255c850b

    SHA256

    2eebe24f4a0c7e01b8614b9708bcdea853f5910c7ce9437c5c28b29aa2f152db

    SHA512

    90fccaad8f3a14c81b0063ce4b8f36c67bc66c2ad263b5fd36f3e967c04b16cb05be568e5eb176c215c45e0b0b35c9f1728888c9b8de7350b8c35056ca4492dd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    51762bedfb2f597926f761797702ca13

    SHA1

    160e7b6f1999969a2c620fde3faf5df229baceb4

    SHA256

    8a73db92cef3835358bfeb97e1872539ab7dc5a8a94da2b132ead4c4d1c0cd09

    SHA512

    9953f4cc1e64ac7c437e039f6ca8897d03a6c8bfb990b77a812b2dc093854e1e2e598a3511390ea290db74920a47638abf1280d2e8864a26689171801041384e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    093a548e7a507f9b9e209d86c48d0c94

    SHA1

    7ae655ccac432b8a49c6119a57ea3a6a5e3af570

    SHA256

    4890cbf930e3cfea54d52340d1595f4487be364f47e6afd576d7d469da088246

    SHA512

    b6a6b51ae6168e3838f58cea7da02ed9527c4ac7eb28688e72086f9cdd9b0b8805b5296e63594a825ee124d4e9577041b31388bf018f29add1b92b84487b5df2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dc0c29d30e1e3a918007845149aa4fbf

    SHA1

    47563c2a40403f0c8fcd3ba2db2a7d5a87c17bd3

    SHA256

    fdab36e7434022eda05747bc434e07344c1f0e4604458ce31cb80fda66bb0344

    SHA512

    949a1597b832bd2fccc23b2e7b491e3b66850eb32ebd1f5fb291dec8890bb5cd7245b376ad57dbced5f09758b4780eb1e6ea6a1352da485835666609ee4a5253

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9d9d1bca109d6af000cd6f0f30863e7d

    SHA1

    b1ac17c33c4a9d125eb0abfd039b6bee41fe8cdb

    SHA256

    6b51a4f1f0b03fd32a66b82c80ba68ef33689613dc6bc7f5e3662477573778b0

    SHA512

    62dde7d54ce654c09615f14a283ad29a86285d02cbf5d53a2e44c8628a6f6114e862cb8bec0c60ca00e5313c92cb508eec050999d403e1d3a6ef45520f67f53f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9568b161fb925a3f0af080474d45b61a

    SHA1

    b9830681e96955f12e892007b91f1ce81f7d2970

    SHA256

    0534da725df9e5279f5d2d9d4bd9438a301d38b9c31a58a9a9f6eb0d5055df70

    SHA512

    a40e28cffcd6c2c4cc24ee898ff04b9ce03ad678d21e7d5216774ab013a435c1150cb0fa9e07f5dbe14839cbc2ac33a1e24d1e26e5004580b31b8f19bdcc945e

  • C:\Users\Admin\AppData\Local\Temp\Cab73CB.tmp

    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

  • C:\Users\Admin\AppData\Local\Temp\Tar879D.tmp

    Filesize

    161KB

    MD5

    73b4b714b42fc9a6aaefd0ae59adb009

    SHA1

    efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

    SHA256

    c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

    SHA512

    73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

  • C:\Users\Admin\AppData\Local\Temp\Tar9C52.tmp

    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff