Analysis

  • max time kernel
    124s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-05-2023 05:11

General

  • Target

    Payroll Increase Letter.html

  • Size

    251B

  • MD5

    fd417de11e349fda024c05c0591876cd

  • SHA1

    cfea39fb1f7ab89af37293f2b29ca0fedad09338

  • SHA256

    07a8aab4eaaf8c65ba929fb7e4a9cd1db6199914261c1676ddb387bbb51fb6a7

  • SHA512

    74b0ea269ddd3ba270758b63497839608d75514de3cd0f4c34f4c4799e262438bf96651a7f4fe66d1e2901f0f4700b46418610e3c5afc692b67cc168615530b3

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 63 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Payroll Increase Letter.html"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4996
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4996 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4364

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

    Filesize

    1KB

    MD5

    237c83489f073c3b49e8b7787cbe0447

    SHA1

    51793922f5d8e28e7f46bb8d708a0104f499e442

    SHA256

    06b9a7cd62855327562b5e090e44cdca16b58de8a6de476746e5e8cb6ca18273

    SHA512

    ec7cf13849b39d130c42aca217acdcbc733c88c8e55e941abceeda4e8002e772fb8a4c25366f6da2bab2b1334fe73d320be5d1f01196332629225974880d99e3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    471B

    MD5

    c2867dca83f9950d9d908685b04ac381

    SHA1

    327b04524be8ec87ae1823e26543e2043e9d91ac

    SHA256

    06cff94afa14099cff01dab357180dd8496319afa462c870405e0609c4260940

    SHA512

    a1e6454fc48a7430c8aee5b7849b76bc719483171df7a213cc98eb5fe3329906bc7e991a41d8dd7520cb10220c20e0ea3a865f6fdaa6412f20b6a99a6f044cf5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

    Filesize

    446B

    MD5

    39afb888327536d1cba8c552a1542b6d

    SHA1

    0ea0f87f7cbd6f6798b75a9b457520147ebf684f

    SHA256

    86cc3fa2713ac78328d65198d9e7683bb8d2379c3608a751f7a6c7cf25a7a27d

    SHA512

    28043618bc4f4566123a6d52f2ca96376dbb1821d8af3a87ea0a74109199afb3a26239567f8452c195f94645a18d861a993384f25b78a0c18098f9e64bee4873

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    434B

    MD5

    1aa32714c87e5d756b43616077b3660d

    SHA1

    3a13d56f8a8346d2923363381aeefe3e020c7442

    SHA256

    a80808f9549b610cb075cb9778ed494d62a8ca5e8fd8cf5f3c1829032b93ac59

    SHA512

    ddfa0e8712db7435dacac618d2813815076b5028cda6ea32daf44e5cc64bd1c43f2dc0aa885de577fdfd6f954f2ae290e098c70ad2b6a95db001727dc233ceaf

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\2HGGQLGP\my.forms[1].xml

    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\2HGGQLGP\my.forms[1].xml

    Filesize

    415B

    MD5

    e022a1602a634fbb6dbc7e6dc3c01236

    SHA1

    5e5981e9ea2b43b7e0b8f758ff2bfd8022054fde

    SHA256

    9380cf546de0e2321a63b2350575412094609a91cc979c8137833e7dcd921c03

    SHA512

    887ffa5e16c96cd31f1451c86bfbcf0d9af5cc9f74f8193142401e63b79bdf32d9c259d0bf797e8a74895bd661a624e909f0fc0eae40cb3fa8671b384ccded04

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKFP9JBL\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee