Resubmissions

16-05-2023 20:56

230516-zq4aqsce86 1

16-05-2023 20:55

230516-zqq1eabf7z 1

16-05-2023 20:51

230516-znevcsbf61 1

Analysis

  • max time kernel
    1622s
  • max time network
    1624s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    16-05-2023 20:55

General

  • Target

    https://lol.zip/

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://lol.zip/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1220
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1220 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:668

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42A8D58F9A237D75EF41BD5715DB567C

    Filesize

    525B

    MD5

    43968377194d76b39d6552e41d22a5e8

    SHA1

    77d30367b5e00c15f60c3861df7ce13b92464d47

    SHA256

    349dfa4058c5e263123b398ae795573c4e1313c83fe68f93556cd5e8031b3c7d

    SHA512

    1a46f732f5ec8ad2579a2a8cd0d36c8e3dcf056a8614e076784aa26fc6d82157fa539d43fe3c51b3571b7e77a3282edcf4017ec93e5ac3924ab3c0db5dca43e6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42A8D58F9A237D75EF41BD5715DB567C

    Filesize

    190B

    MD5

    8a9d341303d6a2fc9a926d054f1cdb8d

    SHA1

    437cc98d289efccc4657890216cdea5fa2f3a59d

    SHA256

    1dd73ad342ee431f4174be5af402289ea747dfd4c8e2e2bc99c8846a06fc1b0c

    SHA512

    aead551bf893e425ff13c1228c72d6da623ac5c4354dd6b6b1d23b740898c4049332edc0b5b8f04a1421885efa92e9104e35a80f47d3ee47f668512ead6fd7d3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7e224edb6c0b0154f33bfb291c880c76

    SHA1

    c50f9f211c636d15b222d077652e704277a389b2

    SHA256

    ba10c6fd210c53be5da42e58852c2afd903548134e249018773a131f3fa39a16

    SHA512

    8636a12bb88e51e880912a97b5a6187fb32b728dbce868705ae98d74ee531c5912c1e42fd274697939f2e48c31224308e0ff1a427e6d05371583c6dd35dda349

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    67a079a31f6e97a26f07f2d1e94e0c67

    SHA1

    51a87ae9c44a5b85546c29f9906eaeaf0bbce359

    SHA256

    d1091b2f84c9551d7c71af806be6530685d8a6a2a8d16aee95ca80a09a5b8ace

    SHA512

    c415c0e260c5be28b32f79107674eb5e06cf0d84b052cf99ef29fc9ef082a2a327ad27f47fe2ef11ff374485d6caf3abbeb58793bcc0b6e4d72a1a890c05a88b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9befa1fbf2d76ea8e0957838cd422029

    SHA1

    5c8612055e5dc4c64c60b3250575ff52f6819956

    SHA256

    23584438b3226251e70e2ded3e21d3b3d435685de848778af9dfebf9e6c99f65

    SHA512

    0b039668b84b7d35ac947f2c8e4ffa5a83ae97c7b18149425560500f25abf717d8b0fa4131066d8033f5f56265f9f8640adf091e9a36effb2fda9181c266a379

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f058dc7fff849ddbe97372440df68b59

    SHA1

    5d17c8f922801cc2a8d4a7be132951f755cd1f8c

    SHA256

    b742e0429f74ca49c0722c90a1de53f98ccd77cc742d4e6e371f38203ca1803e

    SHA512

    7c37c2976440054df730356d9bb8e92035a0d7ae1bd5b44c8be0c45b8db5703ab168da474737c1b36237c74e7c974f325c70885fd4b5f4d6a98e5b14d64e1576

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    cbae4c2bf594af84906aa3e819b5b45b

    SHA1

    9ec5a54d994d7c4443e03e3af268a761943ce339

    SHA256

    c3db007f645b102831d3b32fe95b61c2b3f33f87df4d94c11249a213e1b3cb56

    SHA512

    ad757a3fba4f35ab0d9cd812d9e0909e905d350c0891c3bcde95a04f954e3005d3f498533dd142b9d3d2ef9ac6baf3f3f1701166441c05d091b8abf832c2c6dc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fc9463dc18993166132b27a158496eaa

    SHA1

    8a2fd572b0ae1e2d75c8ed24694ddcbce0bce540

    SHA256

    7bdae17add7381527d61fb3ffc16c224a40e90b93dfedc7ae548f028ee438e62

    SHA512

    8f7f007cb2d9e6396fddf6f962d57b88422aeecfd1688d642af018f706d93749253492b8ca56d8dac2e2e872d1babc66018e6450b6cad36afbbde9973b0ea893

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b13a1f02124bc0972fcc0d744f89dac0

    SHA1

    1fb5346d9fe1f5e198f2ce025865ca086491d0e7

    SHA256

    d6c3c12bcbbab5a1f9bc481c1e1bc020ac35c8ca2366b5870244df28c10c220f

    SHA512

    ad5432c057844d36fb6f4e3a4d4bba2ae6258b130187c7a4bc7167fadf85e334e8d42a725b767d165ea4a9356587691f57161eb220afa09484e45f11492e007b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    80b9cac67fe1bedaf5ef6ab507fb7377

    SHA1

    f891c18a51f802aeb880d4b3a6c45c474fa39a46

    SHA256

    8e227db34b31ff1f2ef2a04fede4015038dd8ef272f7eb9b2bc02df22424efa1

    SHA512

    4adffd75b5adc32dde1d68d6d452c993eb69a980944ec3aa7cf75968ebf5695602f05f99c3b0357f60d69e81d61c382c57120716fc478c8551bb29b09b5e7abd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c301c4d70ce57fef2aec3c52b1f644d1

    SHA1

    29e19b186de7c517b45e9fe124b0102869a64dda

    SHA256

    a7110062d07ef52237a88445d0a3f95f34f00615e594d59ea5d12a4ae8016612

    SHA512

    100bcf085dc201235ae9714fc907864eb3ee110001d1aeb81a79d2c420284a6f3a5f751823d43c452006bf9fd924e90862d920ff706f440d0211e0bf88b4bb44

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    190ee5927524aae37044f696ef5b58a8

    SHA1

    80b539f56b60a489c989c3ed581382905aa3901f

    SHA256

    731508a42653c82b38ffc87fb4f4e8c969e47d71796e6db058983fbf01095f18

    SHA512

    55c5d655bf3bc202ac5dddaf298d68d94e1d2e350b379b25a5e4eec5c2b783157c9b83dd38d13936baac71ad78fd22186e71cb007a5c61bb530bfcfd151287c8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    38fb1db82e6e6d9377f368d6e63484de

    SHA1

    5f25ed983f7e4b9a4d9eeee4a96dbb7f0ae84ec9

    SHA256

    83d77800250b17066568a579afe51d5f7750e48d69691d41e807eb1679ea31be

    SHA512

    c419c5c26061f32ad542faae4b216a353d7e14b4de36d4c4d7851756b275af652257a4857d32a7a667bbc468afc1f18c207647a2d5f17c750616f0df76caab25

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9c5cddb966dcda2993913743b5687669

    SHA1

    e35fb8b0224ea77e3ad7c12cfa45b2bce41a854f

    SHA256

    0671b1e8eb905fd6457ab20658f8765feea9dd6e67e8dd20997885f7b38ac318

    SHA512

    4aa9d6977605765715a4b05f94c905fec066a3f7793e49b8689c418426986362576cabf5498e2fe08c0cad033842c033adba59a246ef20c308c413f645b02b15

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    60f30a4993492471115757e523426047

    SHA1

    8350983b64217a8692f7c6c69abb5e3eacab2b3f

    SHA256

    af42fd52417740eac49e2ebc73fcda1356d5ade3041da14cea02ff22637adf2f

    SHA512

    f166ec43fbbff069734eed464e7dadf40de3fa26c9df828b9486cb55e81520651c4e6a1582e2f973fc804deaa3da95f08a7ffb5a9c34f83fe5904c9e72e1b6cd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6847bb4b1166e3772958b9f4e87dcc04

    SHA1

    c88ddca63f4607fffb00a8a868ab924d0fe1cf52

    SHA256

    538e032f793d7978ac4124c8b0cf7aeb4cc2cfff333b749bf591bfba0675edcb

    SHA512

    301968789fa7ec2c069ea5e1aad2d99dc52cfcd2a48dee3f3ddd5b0a021b8ec0b48703d8df3bf91c5a20173f724f00de3aeb88ba20c2f1dafa8da6c9c64d56f2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0753cc9a21fe2c14f15b7caa23ae9940

    SHA1

    3533b5aea2d372113b2cae2cd1d36f35f2a697b2

    SHA256

    de70bb73b640b0571252c01228bb37e95fd5f822fa5347c24dde3988beba0af0

    SHA512

    3500880eec86109efbd8d2f5859368d28c51c49f5babc2baab5afe5892822b7a5461709bfec113bd23ef8463ba96a88d1f3110b9b2e7818063273c51cc730fd4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    940c9a3ceb36c1ad20795ad1f318fcf8

    SHA1

    5f6d6057db4c193b869b8b88dfcaddb3a421a18f

    SHA256

    a19e37f76416a47da82b75dc51b780f7ae916713b5210c52aaedf973e27234a3

    SHA512

    443ffc1c94e98f75c4d4f2de512209061e91cc36ba4e5656d8eaa5b5c9bca2e0d72a801b4f9c04fdfb2cdb3278a1257a7f5578d087b47d171ab49fed35e39448

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f27c8aec04ea20c5ef772e91b53312cb

    SHA1

    fa3e98e1f8d99f0bccb175198bec23793ea2de29

    SHA256

    6c82baeb94ebdb313ce49f56fc871e6ab71c81aff041e5f0be7c49f022391382

    SHA512

    e69b508c54e440cf30274efc9464aa5734f02a194bcd95b60d00318ce28dc64e3a937e3bef92777f941a0d246796cfbb5c43b19fd84d5fcfaa576c42cb46e116

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a963f0c2fde16675ddf41264aeca07e9

    SHA1

    88347d24985a4d6468d8838ae04e35109d875d6f

    SHA256

    672ee734c2a3d2bed55d9ca520d8985cb610da1b3ef91bdbde5946b6fb1e1843

    SHA512

    a07c0900e876e0c5a0da870f17ed5f886c411f836b4678ee8af5792174a1b78984ae56383ee6323114a181d9ed3aac4e8a10747d1a840873be06c43b3b175b4d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7e85ae44985870cc05fb2fdaee35c778

    SHA1

    707850acc385cbafc2f8369a54034adfb7bd724f

    SHA256

    809d14d6d253840de9e7dfff3f6c6a0c1df6d5fed753cf58f215edf1c4b73f43

    SHA512

    4dcae84c9261f30c925efd07bc1785400ea8a8bb24adbf98199d7feb14851aad3edcb99e4208e524d5389f961096d847fb04d9942c60d43f2f8db19cfed5d7ef

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    eb00d3dcdc09f0fe0c77d1512b3024a1

    SHA1

    5d071bfec61635bc96296f8d6f49598af1dbcfe6

    SHA256

    da9a1c0fc77ef223c66167353c3a5d9a8af4d72a7d8e240f32821cb983354410

    SHA512

    e8a83dc796a33595a18dfa342f2f58b1251d432a2dc47906f0891778cb008eabb846349ab07a33789c063cc85dce9712500b735d29bc21b45e72d881854f01af

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TEOMB6VC\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

  • C:\Users\Admin\AppData\Local\Temp\Cab433A.tmp

    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

  • C:\Users\Admin\AppData\Local\Temp\Cab43E8.tmp

    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

  • C:\Users\Admin\AppData\Local\Temp\Tar446B.tmp

    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\3K27BRTP.txt

    Filesize

    604B

    MD5

    65915981bb5ac0f0079440c979244ff4

    SHA1

    23922fdd95745ff129ca49741c2c1f6b41fa8aef

    SHA256

    4e8646ef1e6802c29569c7a10eec04c2e2f3c0320f628ff80fdaf067b368600e

    SHA512

    fc3bda3e57e51decb64e3808c475152f8c35adbc4f6e49e9acd93731cb823d8dc0377b3939794c310bc8ef23e707232cd5509627831d2ae8de16634aa1fb9d73