Overview

overview

1

Static

static

1

3GB-onlyvi...s.html

windows7-x64

1

3GB-onlyvi...s.html

windows10-2004-x64

1

Analysis

  • max time kernel
    66s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    20/04/2023, 19:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3GB-onlyvioletwood-videos-and-images.html

  • Size

    93KB

  • MD5

    2811f69c7ea89070527a5e6640db995a

  • SHA1

    577cdee587a264c1a5928d169161b9868b573dce

  • SHA256

    24008af62f4c0f4f7a399ff5d6e3dadd9d2ba3a8e9f7970fc41d310c7ee5a112

  • SHA512

    575ce8091587e2528466273f50a01d632d6c9dc8f17d7970c18193216bfcabe67236c9b2be06c69a6895cc36bcb4d94623d725b749dca9721eb88727b68a406c

  • SSDEEP

    1536:qBIsv7xv9WlEh3YHqL7YancG8gLGz2RNG2+zxO5pw31bfexh68XYeS7LyNX2I3mU:qWK4IpKgtF2EqO+u8HyVM/ZS8Ud

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3GB-onlyvioletwood-videos-and-images.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1424
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1424 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1168
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:936
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x510
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:872

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      61KB

      MD5

      e71c8443ae0bc2e282c73faead0a6dd3

      SHA1

      0c110c1b01e68edfacaeae64781a37b1995fa94b

      SHA256

      95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

      SHA512

      b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3d832d083624513c0d7732cec354e875

      SHA1

      8d17474609687c37e0ccbbd97c6118ac0343d1eb

      SHA256

      27523b68e7f03b0cb2c7afcd6f2a3192fc01aa7a243e3ab987ca8eb1538233f5

      SHA512

      7743a5af988bd38e0cb7d1828e95b8f42e5d0d8e34a292217cc96d95e3ca4fcf2cd0e9dc9de40a6aa09369d7520fcaea71ec095bc96a41791e7488a138af5854

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ad4ada5da5ae1f5ffd957777a4550482

      SHA1

      2a4091d9f4046dec4d6a3ea3df66f3684b0eca39

      SHA256

      c35adfb86abfcdc90a288ecfc89e334b79987b6bc935bb12746430bb1e5d0383

      SHA512

      b1cd91e54682143235f667bdaf855c9678ba578291958088150f9000d63137f1681783651f133a1db0e82352423feb30d8e1fc78ef1494a3d28e464266591e40

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c510e09a40cd7c0b24ba5d67329ba605

      SHA1

      28feee8e1de45bdc20302b93b83abb3355df8c3f

      SHA256

      01708667d35bbe276586a27f23e805e37d2d95303303315845149dc9243c8dd3

      SHA512

      58fd7daa983ac6f7243c2251884f04dc8aa3f58c9722993ad2b9e852b1e15cdcb82d4f86a09a4145a7e24f27fcf0ee865e0eea8b5f323c710379f1e45e8a3fa0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f0131ad50c1d74c92d02de682dcf2593

      SHA1

      ad371982047cbf130a7bd88a26d7bfff042aad91

      SHA256

      f9cc9c9d12698b1f293c27e1f3f09014818985fe24d33013f3d5dbddc8947995

      SHA512

      5ef02c06381c8177537e8e2cf23f7da5f5a246154ba7f806ae845a02e10cab5014981428dcd4fe5d131aeb5ebe17470d3a4a3faded8227a844407a9760aadef6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      130e7aad342b0a23289c960b3faea81f

      SHA1

      70205b8a759a689f8c2b1db5f215df58fb1ab0ac

      SHA256

      bbc66c52133638e05f77847f036db983cfa3545c6fa2341ca2169dd385a6bbdf

      SHA512

      15ddc596fbf64d7ae11ba9be6afe5f3743e3be1a559dc0ef82322f3dfc611bb33ac6387c4c3dbcda45ee5ac6d4d8f59f268fdb80919927727e05be40b1b09cc8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bb5b266141da524a98343b1babeb4762

      SHA1

      e966d06203ea46d9924217249d1d1d78ff6e197c

      SHA256

      a226163c5171b4145f53e21d96bf35957987a6d0a442728bf4434fa0a5a670e7

      SHA512

      4083ecccef1a9b0b8ce0062d143125010e434de9becde7290a891ecb99127e897beb9b71e293eaec55dc887153e279128967ad59c651e0522b86b2c3928acf7b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      82c425255b2fedaee080ea7256f5fc97

      SHA1

      b0c7a52ec970733ee6bffe6bfbd040a180bb284a

      SHA256

      dc676d01654f7ec99f90d6f07935790e607ee82282cd96194cbd39d5bb421c10

      SHA512

      454c3598604974df7f2fce96ed483b275087d7b57868d725a8c8f689f695650724f42680c6e3512b7e3e7d0988fa96f48b66904ee2f34ebf4d628716ba4c9a46

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7920fed24fcb256cb780f04a085554ed

      SHA1

      8974bc0ad187db724f447bb57f4d33ecdd48689f

      SHA256

      50c82e459a3059c33e1ddb3147eba2c0ac10c9c1c9ece6acb632dd8aae00838d

      SHA512

      1860596550ef676d9e0e85769500de87a0c85280fe5bd603902cce0dbbb093165efb30159ca0ce5475bdaa61f53e3305abc834bbab51a73f5a7e071cd1d8d167

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      edef0219553e4f0abca1e9a7a4234331

      SHA1

      1dca2c06a05d632ff1cdd7a588d3167c2ab5f0d3

      SHA256

      177be79076321fa7dfae1bb074b409be875f0d38741691777d466cae40216d15

      SHA512

      0f73215a9e313a9b90b87d256b43cc413f0f79f05f3539e89865a4f45eaaa815aa415e3f55387aab5af6a433dee1854227a5908bd678c92acc05737d36152986

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1c1b1aa7b455761da4d9ea1ed8f0ed1d

      SHA1

      d672eeb8ac15d7717e73974f705f5f83d8ff1a97

      SHA256

      a182f9b66e38675e36935930890330384acf6b98340baead69d4072c8fae5d9b

      SHA512

      7b5c3c38391e58595b24d12a18fbedfd7b1ab40e6954f4ca4a5b06319fd87703b97dd42cccf774f3f50699e51f8225317a2b3247888bb9672dbb1d4336e13bf2

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIMPJA9E\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab3989.tmp
      Filesize

      61KB

      MD5

      fc4666cbca561e864e7fdf883a9e6661

      SHA1

      2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

      SHA256

      10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

      SHA512

      c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar398B.tmp
      Filesize

      161KB

      MD5

      73b4b714b42fc9a6aaefd0ae59adb009

      SHA1

      efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

      SHA256

      c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

      SHA512

      73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar3D69.tmp
      Filesize

      161KB

      MD5

      be2bec6e8c5653136d3e72fe53c98aa3

      SHA1

      a8182d6db17c14671c3d5766c72e58d87c0810de

      SHA256

      1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

      SHA512

      0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\BEIBAFYC.txt
      Filesize

      600B

      MD5

      c707dfc4153bef35cac4f8d12dd1b201

      SHA1

      643caf8a33fe73d88a0b7120bcca472202467694

      SHA256

      d9c3b7c4d81d1b130f8902bc8f9d07fd454594a34d6ef92c39e8028706b1ee24

      SHA512

      385151bd07ee59bac625f2a6d07452627b553ad3f3bfaca9509672ac4f7d2f7d210795b42f959928e9ece6b9510c7eebd05ca19a1e2ab9279dcb168d85c12a26

      Download Submit