Overview

overview

5

Static

static

1

phish_aler....0.eml

windows7-x64

5

phish_aler....0.eml

windows10-2004-x64

3

0.gif

windows7-x64

1

0.gif

windows10-2004-x64

1

1.png

windows7-x64

3

1.png

windows10-2004-x64

3

2.png

windows7-x64

3

2.png

windows10-2004-x64

3

email-html-1.html

windows7-x64

1

email-html-1.html

windows10-2004-x64

1

vitagri.png

windows7-x64

3

vitagri.png

windows10-2004-x64

3

Analysis

  • max time kernel
    146s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    03-05-2023 13:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    email-html-1.html

  • Size

    10KB

  • MD5

    5c3a94f4f4f10261ee12b23c0cefb406

  • SHA1

    a8eebc3d673590e36bf935b5919e4e57a836af56

  • SHA256

    2350ae0d2ef06c4c3d86cd8db4ffbcfa855888d1cfd80b7003596e7ad8b0aa08

  • SHA512

    3d3206cadf108e018773e68d000408945d469a7b16bca334ffb5ad90595b6f2472886ca30100390018eeaeb92d24ed31c960e93f94ee8e67041775f4876851d3

  • SSDEEP

    192:cRxCrIKs36vz2hmSCoeVp7BDY0xgJFY9SVpTW89kZ9qKjy8Vy7:QKr5PMFpY9c7

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\email-html-1.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1976
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1976 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1932

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    fe16917efb81449ee5afa85cf5350c1a

    SHA1

    d38fd7e59ea31403162e38d27ade9fff6afa0a76

    SHA256

    174a3f0eef067b3e95d96871c7318d6a7d260d39bf02ef2eb60b52d39eca8fb3

    SHA512

    9f62ee52eb8a7409c099bd7ca8191b4deeca8c9a9f6fe2ab6479d74f4396694d44a58684dc55522ffa0dea1b80395e4582f68744983a250379d1c939380ea109

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    c11f721f7e460d52892f137e2cb0b200

    SHA1

    d2452dd09045581aaecab28cb2de8985a7afc57f

    SHA256

    5f377c3b9f3a8f129caa9aae2c0e24c3c59a3ff6324345b912924c64e15ab211

    SHA512

    fad21a97b9db4a28488aff61177efbabbaee99ad173bb3462630ae2ebbd4c83d1be2deb0ac5e92901be512fa37f8447aa748c371816b3351b9be8c31515ad666

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    f9b46842cb53a7b4b878d891bf1905f2

    SHA1

    a4e045707e8d34bb9e4c972f3406e965c26e66cd

    SHA256

    6e75bdce3f14c05e5770d6d90b5621db257aad78dd97564b869c7fa777726aa7

    SHA512

    08df0279a7764de5cd771098dca9994daaa55e3331f228b9fd174bdbbcfc3d0cc4beaee69482c38c996a4fed998819683c91cf37e02139f15e756c692746aa6e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    3f1cd280779ad0264fdca935dcd1d0c8

    SHA1

    eb60af82a4c09586268ed694a64f2f740e60286b

    SHA256

    c0cd15e59f71a217cb2d0d9a2564318e20ea96378833ec591efe014f259de65a

    SHA512

    d2e10fa25e4eb7f817b7184cf7e6e003f48786a9f66cfe54fed52cb6f883cd7452c8e37ec741a5736539db08ad2cf414635b0b15d5044a15c5423d659921eb71

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    0186adf9132fbee37ed237006af92412

    SHA1

    77f773f8d1ba05e67fca41758540bd87f91e4867

    SHA256

    eeb1674ea933c2eb104129baed59e386a3471928f80ff27852e84e0218ea464c

    SHA512

    82f5edd9bbddeb95bbfda2594199195626ff7d9e64ef4efb200ead611d1636f37314c083f39b24108e5c6d0f2a74725e224233dfb3a664582f02158444429ecf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    a22ecb004a5cfb280f7745b9de5fecdf

    SHA1

    8cb3a6856c9c27df0570984571dcedf9b770ba02

    SHA256

    81ac81b23a9ed0c6af5304297f65d5a3c98ac27eb8f7b7f95f83df49623562c3

    SHA512

    c14b1ed4add151e078d0c0614509e4dc8477c7d0a3720b91245051f334de321d5eda1d8bae53b3775fe91a64da2133f49c834d6ee16eaca4d12ea3806f5abde1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    99c17a9977ddfbad2e229d0df5f2073b

    SHA1

    7306a6dba8631d5d3497670e1fb980daeb3368cd

    SHA256

    2f8de6954d60cb6df0665006f4863e0a9d7e738753b99e0eef00c2cd85a84ee8

    SHA512

    7e64827e6ec662d701909fb5a5286c0c608f978d5d57fedd12833474902ae0add6067181a6d5366bcb09b135fea438ea90f12b285a52dcbf03d19741e7a249ab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    0c6c842e7ece102f7cd9ecb35437334a

    SHA1

    2ea30439cb89c77623114dfe03288c996c80b70c

    SHA256

    7dfbdf5e6aa72b90bb45b8ed090ce065fc68bc3f36b91638d96a1313cdf653b6

    SHA512

    be03e140d4fd2282ab6e236f69d2744082cd3500dcb8ad86529276dd35e69a66f0db2c17254eb1e963e5e343368745849c6c3311784726db71db9bc789ab6166

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    f606162ca0c40d923b7c4d804ee3f9e2

    SHA1

    7095796e54287261e3fe4722b1d93c4192c1a933

    SHA256

    2f66853004bc43c800f1f434128e629e5c2c3b6e5c32629c13a59d2aac027ba1

    SHA512

    f2c282b4fc9dc633e627191b801f3b44af189184c8a9618dad2100c8218cd1ff920c00a72fbd9f801e64833c2a30094c15d28e7c4bf53d159941fc31841bfaaa

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOYUJSME\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4DD5.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4F64.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\B0VSDLIG.txt
    Filesize

    605B

    MD5

    d195d11fbedc380936c0dbd108f03cea

    SHA1

    c34b2b70c32dfbbf5da86b35522b94c949e2f721

    SHA256

    0d067a01c5de2f4a3b30c14557fcec38e712a66d579491eb72790dcf0fadf245

    SHA512

    1cdf907265a779ae08b90782aa23253e0079d88110e68269b61e1f104c434469f91e6a0efa96bff6a5d158e3bde975f82845c9a5ddf8412ec7bbec9285bef663

    Download Submit