Analysis

  • max time kernel
    73s
  • max time network
    77s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-04-2023 01:37

General

  • Target

    https://nhentai.to/

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://nhentai.to/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2304

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    471B

    MD5

    d92d78557e1e883971d3f17d8b611b38

    SHA1

    10918305fca58d5e023f8a73c73c1a5a66c0a07f

    SHA256

    3696799c9e793c52481d7084e47f992f8ab85e64160950b82c203b38f8d0685e

    SHA512

    1719236165e99075f596a00809a83ab758c82894b33bdf8c39d84229aa7f74b8337e455553555ae80900ebf523106ca1aa1816a005f286feaa5dfb58a1955c8e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    404B

    MD5

    f18ed285bab780b840e08537bb60f5ea

    SHA1

    976c11735059605b8b47f9d9a053b31f66e7ca07

    SHA256

    79a2e7a3e7b3e41246c1d2981cec9fa0add119e1420490cc8d069f8f9ea76ec4

    SHA512

    b26e01362feded0d50476eb23ca8bb2f035f576b57167f211daf4fc29feae738abdfdf9d798aa3eb0d569522539c21f24713aeb0255abf9026c8fb21fe049e42

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\0Q3FIHIT\nhentai[1].xml

    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\0Q3FIHIT\nhentai[1].xml

    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\cz9baam\imagestore.dat

    Filesize

    4KB

    MD5

    d349e807a0725c14a71df8f3d3237804

    SHA1

    b9325915c230d411a219ebff41ac813d0a4b8fb2

    SHA256

    149eb9f874387fa5980988edc6259057b80cfc351282263878d9556d057c1291

    SHA512

    c10505f8ed15d0d5fa6d7b7072e4f8d3196db3065e7b27a08492c8b1247caae5f3e2b304a515bea655dfe2df5ffc41185deec3dcde81008e47d2ae0a9d38b7c5

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GPVLIKPI\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RUOQG7D6\1891388[1].js

    Filesize

    7B

    MD5

    a97eb6fbe6f13b601d5d48c0eba8baae

    SHA1

    736efb938caf3d0edec406932ada889f1a4f2268

    SHA256

    a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821

    SHA512

    df4014be228e56baafdc0adaa57f261ac7879be4ca3a883b790f325569f75d30fe1c1f5c85989f87c0cadf48cbdc845265c805fcd3bfba518d168b6a9f31814d

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RUOQG7D6\favicon[1].ico

    Filesize

    4KB

    MD5

    893c66f1af0c79cbbaaa4bde9ac99d8a

    SHA1

    e55e16f0e6e2d8ed1b8d4f0dc618424858029df1

    SHA256

    1adf72d595b3e8bb1570b03a7f7ec3010214ace4673c8b431e911133a1d1cd18

    SHA512

    cba26c4275698e2d238e0ea9a073977c3487691f2bed273421125b57b5aa787df73000b80afac147d395ea2f4abd2a9a71258be1d88d754cbc090ef59ecaa2c4