Overview

overview

1

Static

static

1

rBot.html

windows7-x64

1

rBot.html

windows10-2004-x64

1

Analysis

  • max time kernel
    100s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    11/05/2023, 15:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    rBot.html

  • Size

    4KB

  • MD5

    f3c8f58e8012131ecceb985509d53da2

  • SHA1

    480468c38081171a85cb63caa95060bc92c4cba7

  • SHA256

    3838b83b9f36292769cf79939ac8a2a2269cee8c54f33ea93d4a2e976ce5292d

  • SHA512

    1d54d080b9093b3b788810c58b99b5f4480a2e1297ad621eb4c5ffdb311d546d0bcc28604d582ee4896c050e1d7b3bdb005edc7f451494e59fb6dc7cc701f6fa

  • SSDEEP

    96:vODb9J8dCczYozMW1PvH/gob9DH+ZmOrTZL6xg0:vaJ7cUSMWv/t1dOB6xn

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\rBot.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1372
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1372 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2004

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    b5fcc55cffd66f38d548e8b63206c5e6

    SHA1

    79db08ababfa33a4f644fa8fe337195b5aba44c7

    SHA256

    7730df1165195dd5bb6b40d6e519b4ce07aceb03601a77bca6535d31698d4ca1

    SHA512

    aaa17175e90dbca04f0fa753084731313e70119fef7d408b41ff4170116ab24eaee0bd05dca2cc43464b1ee920819e5ce6f6e750d97e3c4fc605f01e7ff9c649

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    10e0b5d577266b76908b21e3e61ffa80

    SHA1

    bdd36ba582d3561ba20db9b87ebcf96380b8942b

    SHA256

    cfddbb9f219f321fe3a4fe97fa6eef9755f1db6e91786a1b6b95c1932ddc4073

    SHA512

    738f88801357fa0d712dd5d96edc3bf95d618b7e1c6cb86506e2c6060faad025f98c8291d5b926b54a4ec0badba5921f85cf50a1313b0493a27c27f864a04f65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    446328c204bbe402401d4569b707c7bd

    SHA1

    647347db0aa3f304efe4c7b7e2a9cf9c37734b25

    SHA256

    2a2c78d32a8205e0bee46a9b4eca925e05d98ce771f89c68ebf6be2c3d28a719

    SHA512

    3b2269e34baf6c05f3ae1e3e50db6d2b2c0f6193ccf86261c34af60032aab0be2c97fea19ab9559bcb37ae632f3922b22c330543fb942cc998c0e4b4b6fd58ab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    16f7b1a5e86d33b4aec1ca45882c31df

    SHA1

    6b8b99a151ddc00abdcf02069a9440adb7573cc2

    SHA256

    21d1c0f6750385a9edb6be202a2f1f7909ce2b8978f7d7d89b8fbe88b67a32d0

    SHA512

    9e66a21a8eb2fe7a98199fd085efa4642002bce0d9905ee294cc258eea231fc57c2bc07fbc9624d149274c8c6a3030946816ed58cb421d0f61faa5b01e44026a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    98106ddc80880a8d388112918d1c1b80

    SHA1

    ff76617107fbb6bed9887f101dbe3f040127361f

    SHA256

    6cadfcbe34474450e9768d36c745255b67fdea266193aa089d69d58a01234deb

    SHA512

    2760a6eb392e28f466f4fe9fbb0e53c33e6aab5cd563d6f89cfc30d5f1ab3e151a86ea34308f6d444d845b4fb063e0f0d0d745b7553cedb67f8bf5ef8765b0b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    038b2253cc40f3a32c40e3d912f1193e

    SHA1

    c7506a466636d4623d7bb1016b9ea15fd92da0a6

    SHA256

    010d7e09a8768535495bd944345ef46d0ee69cf1ea19b4377c50a5c90cdefd12

    SHA512

    16f525e0d2e00fed293c110423818393f6151c479592597f30b72bc1f50f7a1b82dbe9d8003d6fa26c0c449162c7db18a7c5a7850d241defb9c249687d9a67d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    38d20d608635810bdaca096f2beb995f

    SHA1

    1128d9ef02b6f037f4652b3bffcd3dc1681f5aa5

    SHA256

    8d93391c23cdcc45372167824e00c49bc214592d20c9bcb086090a429468853a

    SHA512

    e361044594ee32e5d4ccfdb335fc849b7dce1a50d3cfe96976155bf43a827d12dedbfe4b6f39b794a936931ee3c64e11a9f791656d0350ae361c9bfbf27a351f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9224c06f62261806afeef7f5b8bb39f4

    SHA1

    ca9e5507a3981081bde5e5759115bd5db84dbc16

    SHA256

    1b331c453bb681515ccb11ae606a5763b9e7e2fd91e6ddcebe369e5855a34dbf

    SHA512

    3b6e6f5cd8d8587e58ee6b36910e0ee01655d8d86ba142352592f11f0103f2a70df650db3c89b8dc8bc114f121b42916b89f2cf5ee9b664f93a7aa8ad36c376d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8eb0c0ad079b664418bda942d7807ae7

    SHA1

    ab7bdc3feac00c2fd8cd0dc01ab18bfd1a371a55

    SHA256

    787444f9ec4b6cd24e2d0003efbe17e7be98f44064f7073ffdd16333c15f400c

    SHA512

    9ed489d7c5800dee7d6692bf75cb276be153fd1bee0da353689c9d607eceb1b9f8ba7aea1005fe11a9ead4eb898edd1c4ed9336127667cdf90c96fe4d8e20d40

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d3488f7b8243b319701b36dea564faf0

    SHA1

    80bcea25c33bef55e155b0715efee1d26f3cfc3e

    SHA256

    428e238337cfbe43f264ecdc81487bbf298791f521d26a1f6f34ffb876f0ceac

    SHA512

    f8f076edfd27a4cd868d00b7bccaa0ab6b80db80fb275f07806f46eeacbc528061310764219cd9c8efba2073f20afb0710b946254935f8c7fb4affabd20d8b77

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQ77JNZF\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab8D64.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9212.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\3O6B9Q71.txt
    Filesize

    608B

    MD5

    8bdd9b7ca51fb642cff00e402509a7e5

    SHA1

    dd861fb832d5ff9abdd21271072cc7dd0978b3b7

    SHA256

    0b408722220bff500eb7b443a26e28be731507a24cb6c17d09a98c1a19fcd56a

    SHA512

    c961aec1eb29ee0aa49096f63acd6c89da02a7307f2750759af5fa79b203dd1086804a300ffd7ac3fb020d2671f4cb27eb3069d38fae403f0e3e1920a541541c

    Download Submit