Overview

overview

10

Static

static

10

Bouwvak 20...ttack1

windows7-x64

3

Bouwvak 20...ttack1

windows10-2004-x64

3

How_to_bac...s.html

windows7-x64

1

How_to_bac...s.html

windows10-2004-x64

1

WEEKPLANNI...ttack1

windows7-x64

3

WEEKPLANNI...ttack1

windows10-2004-x64

3

Resubmissions

08-05-2023 13:17

230508-qjgzgsce9x 10

08-05-2023 13:13

230508-qgbdxsce8z 10

Analysis

  • max time kernel
    97s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    08-05-2023 13:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    How_to_back_files.html

  • Size

    4KB

  • MD5

    0f9fca06847beeb3002ba6c5ef581b85

  • SHA1

    f48f51ce214c3c9163338cbe602ad20ec94692c2

  • SHA256

    f3f829da4ed0a712f900b44758c28fc2da0fbf086c4c30de7d5d6400b72c97e1

  • SHA512

    215edd5bebca6539e7446455fc6eab03d14599dc346011f4ab3f24d16db611c4161c1074cbad8a18b778081739d76d1154558a5f35d13d7562e6da177846ac7d

  • SSDEEP

    96:8y+cAl5azrn+DtZogW4mSrooF4kcZEiKFe8LuRj+:8OAl0zaDjvFrhKKYQ5

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\How_to_back_files.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1728
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1728 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:332

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    0085fb484640bffc15641e44bd54d41b

    SHA1

    8518185472fd3f942d2f4662cc3747160834c058

    SHA256

    aff2b3b78cd72c808c163b2b4d57e0e5c0ba2e7ec4a2af96c0cf1ca6fcda7acf

    SHA512

    55938322f1a71f511f1c2c8999efb70d166d490de96a0482109e928b2b4f7d942adc128560a78e9c7e00633e362ccb14f88713da5bd9e0c3bd8f18d1033f2fa9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    aa63eecdfd6815a9375a3d02d95af480

    SHA1

    7a1f672614d7189f54edcb117b9e2bacf085d0a9

    SHA256

    e56e9b3b7d6c1fa6432a5f60928b6eef2bae61166a8fec8d443705e173af6d85

    SHA512

    750620856b308dfef5554fc79c5b09aa2c4a68c0ebc224bd183fddee7c776fa6c43bdcace609da9bc3fdb1c769c54f48dab7713acb074be07a301a692ab79776

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    62f2d7179b7518ed5ae8969009292bcd

    SHA1

    9ce4cd40ed3487c1e364d19e7cd0d8583bf37724

    SHA256

    19ee7ea75ee6695662a48803e1e44d41338ce842244c53ef086e82068778ff99

    SHA512

    0a37133f360f7ccb0d499888918a1fe9426f4bba52da116ea53e5129fc6fdb233f85d1c1310dcc491e554da14b930872aff258eed965d3126d185bc7f50a9e6e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    bad824760ebdff95f523bfbbb8509fb4

    SHA1

    eaf34994ffb5282aa5c9ff5690efdfb3a6535e23

    SHA256

    c44b1df6de7cf15a8760b00f7239b75a413ceb07f830d942486cfd038a2dae5f

    SHA512

    10208dcdd6a9f87431f8db99a2492e6c6de5b7b71ded5f2c0e8a850215c317f1ae7d8e4d8c0e05589ed1250625af117a4f66462435e87195086fa16963d685f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    6d59552ccc324e0b5ff41ab7adea87b0

    SHA1

    73bc76518abafd9d82481d01775260432eec5ed8

    SHA256

    e5448c204fa856422395d3e7aec9eaceb2cbfbb3609841e14916d8958cf0227d

    SHA512

    d0f18cda0419cccc368b87bfa5f71146f4bea115295033f75a766a81925c50e841f1f53295ad4ea7419894065ea7215eec7243078f9e43556afa6daa2dd44f07

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    cbba66a5312c52ed324ec72777581fe0

    SHA1

    4f0083b98c2a63118e65fb6e38398a801b8b7040

    SHA256

    28a065ddb75ac857f97d6b7b0df8c263bbfbea439c9d6d58e17dcbf761643427

    SHA512

    90faa8131e21fda6708f3fe7b16f07b2ad1c65e01af7e6e159108172dae7dada692e6c8823ada238f0a964380f6fe1e41befbbce278a01df083973b55a402467

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    27a04a20558801d5868f8bc92efb78ef

    SHA1

    b7c941edc76aa08373db1691d9d4168a509dbe44

    SHA256

    7d13304d321a0d5bbd09df38d7b21fc7b22aab76501bac273e00cdb82d573c5d

    SHA512

    60d63b0588a747af3fbb61582891b437af1d6630ae2ac01da588a993ccb4a8ee4c7574d7370ebf3995d232b8ab8eed81f01ad2d179330345d2b5adc5ab7d3380

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    d60e307061855b953933b8fcda40eed7

    SHA1

    c31fc6cc5869556fb63bf6dd47d0d4fa2be34604

    SHA256

    9ff0c12f0c822f861fc2ee3b6a60a64ea4e0e79724cbceec358acc2a4db410c2

    SHA512

    ef3c8ee83d28248d8e59b155bdd3923416c78c00cf90adfa346758de9ff008bc0e7bbfd172f86ba7e4162db263fa5e80d5718a98b37eb208cb627e36a414f47f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    5521b88eabbb56aec53884ebf4e69c59

    SHA1

    3a8e3ac78eb8287b415ad6f497c24aa0d606c88c

    SHA256

    dafd4646b1f591349ebc97207e1e8f7705e57c73b9f088095f04c4090cbad409

    SHA512

    974b8fe2153db16dbc96c09920056dd65bcd6752322968c9d32bb7e15d9cceef12e79ce4151dcc74fd266cac383caa6bfb747d4c53728752db0caf655a25e1ec

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOYUJSME\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab46B4.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab47A1.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4851.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\A6EBT4AC.txt
    Filesize

    605B

    MD5

    463a4c9e131d917c723b5e1165324015

    SHA1

    6e4dbf578fd0ccbd132a5db451da693235942faa

    SHA256

    7fe804935758d61965271cad2828fcd8ac5de01e3cab528383042cd6434c7d9c

    SHA512

    3033d343b6b89b9c005c4badafba70dfb53a1c59d5c2b63c1c9e2b8506ba810145682cf1a80c927e6bdd53dc6e2aa9c84ab1359a2de6285bee94d1e675abb16e

    Download Submit