Overview

overview

6

Static

static

1

download.html

windows7-x64

1

download.html

windows10-2004-x64

6

Analysis

  • max time kernel
    135s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2023, 00:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    download.html

  • Size

    43KB

  • MD5

    0eef0dd8444f31222b75cd64cf4dc9d6

  • SHA1

    a1b8d59c870939d3d0376c1d3151941f55afda0a

  • SHA256

    1ef61b92f2a383d0dd34b4ba4d43512cb3ba1f39f571009fce90dfde10817de1

  • SHA512

    81d9c0324ea1a93f198f71b4c3e8547a9433e33a5b54661461ec11193ba2502e1d860bee36a240af26d48b334e5dec462994d7f12444d1d729331a6bf0c0cf47

  • SSDEEP

    768:sbH/MA0x/OAex/OANxCPaSooWUx/OA/BtuwMzOhnSl:sbHEv/Da/DNxhop/D/BtuwMzOVSl

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\download.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3800
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3800 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1956
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3800 CREDAT:17414 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2284
      • C:\Windows\SysWOW64\msdt.exe
        -modal "589876" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDFBDA3.tmp" -ep "NetworkDiagnosticsWeb"
        3⤵
        • Suspicious use of FindShellTrayWindow
        PID:4320
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3800 CREDAT:214018 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3456
  • C:\Windows\SysWOW64\sdiagnhost.exe
    C:\Windows\SysWOW64\sdiagnhost.exe -Embedding
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4072

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0270780F846F08BEFE0DD8112D932FEF
    Filesize

    740B

    MD5

    bd813339ee9eb32865597f4aa0a765e6

    SHA1

    44b1728d4787189d2b3b15e11d9ec50f02eca325

    SHA256

    cdd6a9e6e4b174679e1b56c2e97543273fecb0c6afddb0c65839001bb32a3e75

    SHA512

    d0ddbb7a181cb2b42668620ecc97976840e1b82964d2447c247a9f973b5e57672e2ff117c8ca463ab16eaf087f0817c2991b89d3f194240382be8d7e8a3777b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    fd16fa69013cc787e100d554624af691

    SHA1

    5a7570689cada51c2e1b6b200cd80bc536344f8a

    SHA256

    fe4d3f632518fcdf79953b53def65a1f5092ce3e907e79e73810a1928f1610d6

    SHA512

    d535daa6b46b79bddfd79a51371ef2ab94e99ad4963851478dca99e2f171e760a460c5f44146724d52bb670eb0115df81156136d9feb03a396b46e056e747b06

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_FB3F70E928C0119B8B69E2AA7E012526
    Filesize

    471B

    MD5

    49f4f882639a0f20853416473eac76ea

    SHA1

    21e1753f2213a223a191d786e012cbf669fad779

    SHA256

    22edf0887bca58993eb0708a79f921218f0dafe0e1edc42d9428cc4cad1df7f4

    SHA512

    55806aba05868cbd5c4949c4f69978ddcc0d86545fc9fa1e1a16c5e448b70916c1be615a4bb4371e1f9911f0c0ef2104e9b6cd53dd81686f7331eadccc4173fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    a244894fbc1ca90d08cff32fb6cd308d

    SHA1

    59e3c026c3d1bcd549f697b5dd4a35e298c9d2be

    SHA256

    a6b607b594b789a6ab1671c98fe9447509b82a85cfdcf4693b253616568e32ac

    SHA512

    b62e636d9d0e9e67ff310f3370ab1ca66abf93efef89a9a0d6d79e4526d8904a49b01f39ce64b76d3db03ac7080f62a84caabfbfc7bbf0244e2601457ca7e09e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    aa62f8ce77e072c8160c71b5df3099b0

    SHA1

    06b8c07db93694a3fe73a4276283fabb0e20ac38

    SHA256

    3eb4927c4d9097dc924fcde21b56d01d5d1ef61b7d22bfb6786e3b546b33e176

    SHA512

    71724e837286c5f0eb2ee4ad01ac0304d4c7597bb2d46169c342821b0da04d8597491bd27ef80e817bc77031cd29d2182ccc82ef8ea3860696875f89427c8e0a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_C29B72DF56F330D3DCED3114FFBDF852
    Filesize

    472B

    MD5

    9c320af7047f9368e0536de66d6d2658

    SHA1

    2cdb5bfd4bb4ddf85559ff29d06ed964e04119ab

    SHA256

    64bb80bd8947d7d658ce8f20fc2bebab85d391bf2baa953c67201ebd194cd1b9

    SHA512

    9c561f3666ca1049417463bdb7b05f5ccb82b3f70ec820ae31917b564e42ab11878b96ed3c0a7cfb24fb3a0aa830c2c073366bc544ba4562fcfcc32142c9db98

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0270780F846F08BEFE0DD8112D932FEF
    Filesize

    264B

    MD5

    1166bb1c02ad59892c5e379a4777e99c

    SHA1

    54d1985490ddf3d1eb038310c147c61a1cfef83e

    SHA256

    ef051dce2d6b9d34a23fcbde8bc227f0007267a0fa650eb31fde73fe14858661

    SHA512

    4a6b654894887c73f2bbf4124049ddd2e4af0958049bb04273cee0a4bdf32edf310f5cc3a905b82df92988160b8e9cdeb70c10dc807febf9b0d77776321a8417

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    57ff96d9455d5b609e66de3199c9a2ae

    SHA1

    f11eff243038240e053827de4491d98b2d2bda4c

    SHA256

    8f69666968ef9bbbf6cdb2995a452ae987c44b8ff23f13d3665083da7be526d2

    SHA512

    b30a4fb49a8af22ddcb90b3407ce84e7430e92a5dc379626b6e04a1860cb30c223d1218beb3940d38c324597422fe18393cb592a80cb76751a908d656eae7d5c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_FB3F70E928C0119B8B69E2AA7E012526
    Filesize

    412B

    MD5

    9ab668f5dd66587a6bf05377d06aa42e

    SHA1

    d57367ab05275d93b5c0f47c5f043d4c3377e03a

    SHA256

    19da990e653d5dc57ac2229b1177e86c9d13dc0b93b178f60f928cf7b4eab4a1

    SHA512

    3d6a05947614523c6a1dea88e5ec50e44dd7d94fd4331d7cb5364b18163566434504c47cf2c2f0e357c4dbd8db3dcb705bae5ae0fad9c7083a003b4d97fbf27b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    c5c3ac6c0236d201d822438f8e894953

    SHA1

    5aaf63d79bcbb86da47f968033d744c5a91b918a

    SHA256

    3534a4b46aaa59c99140274eec9c237dce6f7d844a62aee7e7fadc69f7c92d1f

    SHA512

    e6ef366572c1484099b8b4dc688676d77740ef67085b9f0377ca003445539f5669598a1770054a7cd0394ebe7f8a7cc4653f4e28f9007e616423f299763786f6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    3e426320cff4009371e333947e21ba67

    SHA1

    0de215a6940109d8d97c29af26015fcb48073a0b

    SHA256

    99384ece96cd8c358b283107c1ad60ca8d8e87e2741110b77360d268f8d5c306

    SHA512

    2c63cc71cdb70be7814d8fc40cbe3b0c30a1773d0c0b9e67b125020f0105c45da8f0a4178a191624bc55a6e8569be5d2c481ed2ea7c23b6a354c1f72673f0a6b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_C29B72DF56F330D3DCED3114FFBDF852
    Filesize

    402B

    MD5

    f1a7b1888fad3d3525c0d54bfbf5588f

    SHA1

    22a18ef3f3f3af99e605ca3b46a0ff04bf2eec23

    SHA256

    6aa67d43a8186f870fd8fdcd485cdb7f21d9898247b06479ee0525925f171004

    SHA512

    6149f810086a170b2c6b914b5bbb511fba97fbb0ecfaf83386f872c359ab7dd55b9f7348b2a466877e1c7caac0498ccd2a7612f24ce5c3ff934b5d344e1952cd

    Download Submit

  • C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2023060202.000\NetworkDiagnostics.debugreport.xml
    Filesize

    3KB

    MD5

    c55d1b7d394d11d5767e631c0eea7505

    SHA1

    2344eafa2e506715b855001b7c85536f69b24153

    SHA256

    c86e97f3bfcba06ac56e0756dd67d97718eeb28488d61406d3a5507d018482a2

    SHA512

    3524a782fb4e2f43d11117e653e6355fcd097c18652a59029649307d82ba11931029acdaf278ce17f895765871a0559c6119edea76f445d3c937107e6a602812

    Download Submit

  • C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2023060202.000\ResultReport.xml
    Filesize

    36KB

    MD5

    c3ba87fbf0395f889383af79d8314802

    SHA1

    e66e251848afbcbe9a55df6759d7fe5326dce7fa

    SHA256

    1d632a4d5f30e1ed90b01a0a4042287df42fe1c77a12edcc77def7c11e29eb1c

    SHA512

    1c276aa667847b8db5ea325cfd098c0b37d69d519045a242d036a65ebdc5349f0d6676f01cc7d6c803d42ba490ab6ee17dca6403b173a7d7400707700bc84514

    Download Submit

  • C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2023060202.000\results.xsl
    Filesize

    47KB

    MD5

    310e1da2344ba6ca96666fb639840ea9

    SHA1

    e8694edf9ee68782aa1de05470b884cc1a0e1ded

    SHA256

    67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c

    SHA512

    62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BMP3ERH\fbevents[1].js
    Filesize

    105KB

    MD5

    fc0456aa5fe58c108c3b714152de3d15

    SHA1

    dff83ae2b5825306f8557d0e8423dd326a7ba587

    SHA256

    f8fbf7e16e3604db25ab37c4a496865033167bb550e3b2e92f1070424f48723a

    SHA512

    cb6833cea9c2a9d2dc8c88c01b4a706428786c3d12247364f560fafb25b0125901d1d07f351570072eb759692f7c5cddd1c3db43d21f8e515d36db168e84a314

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BMP3ERH\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K941J8ND\fbevents[1].js
    Filesize

    105KB

    MD5

    fc0456aa5fe58c108c3b714152de3d15

    SHA1

    dff83ae2b5825306f8557d0e8423dd326a7ba587

    SHA256

    f8fbf7e16e3604db25ab37c4a496865033167bb550e3b2e92f1070424f48723a

    SHA512

    cb6833cea9c2a9d2dc8c88c01b4a706428786c3d12247364f560fafb25b0125901d1d07f351570072eb759692f7c5cddd1c3db43d21f8e515d36db168e84a314

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\NDFBDA3.tmp
    Filesize

    3KB

    MD5

    47909ac1f22c78afba9ab76dfd2674ac

    SHA1

    dc47ecfc6a1d74a44677d424c896bb0299f1d4a8

    SHA256

    046f8e2a79b008dbc3409b0b32ef9cbaff3ac3d15f09a6f074418fb923ce778f

    SHA512

    c2facd65748447c93e058d96631db50b1510b390260fd643d72e6d3b42ddd287e76fdebd0aa3e383de3b5368501f6187de1e80df52ef4f2697cf5b13bca42c18

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2ktrgrdu.mkk.ps1
    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

    Download Submit

  • C:\Windows\Temp\SDIAG_f7bf98db-2d9a-439a-bce2-46506191b32d\DiagPackage.dll
    Filesize

    478KB

    MD5

    580dc3658fa3fe42c41c99c52a9ce6b0

    SHA1

    3c4be12c6e3679a6c2267f88363bbd0e6e00cac5

    SHA256

    5b7aa413e4a64679c550c77e6599a1c940ee947cbdf77d310e142a07a237aad2

    SHA512

    68c52cd7b762b8f5d2f546092ed9c4316924fa04bd3ab748ab99541a8b4e7d9aec70acf5c9594d1457ad3a2f207d0c189ec58421d4352ddbc7eae453324d13f2

    Download Submit

  • C:\Windows\Temp\SDIAG_f7bf98db-2d9a-439a-bce2-46506191b32d\en-US\DiagPackage.dll.mui
    Filesize

    17KB

    MD5

    44c4385447d4fa46b407fc47c8a467d0

    SHA1

    41e4e0e83b74943f5c41648f263b832419c05256

    SHA256

    8be175e8fbdae0dade54830fece6c6980d1345dbeb4a06c07f7efdb1152743f4

    SHA512

    191cd534e85323a4cd9649a1fc372312ed4a600f6252dffc4435793650f9dd40d0c0e615ba5eb9aa437a58af334146aac7c0ba08e0a1bf24ec4837a40f966005

    Download Submit

  • memory/4072-563-0x0000000005680000-0x000000000569E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/4072-559-0x00000000055B0000-0x0000000005646000-memory.dmp

    Filesize

    600KB

    Download

  • memory/4072-560-0x0000000005540000-0x0000000005562000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4072-561-0x00000000056C0000-0x0000000005726000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4072-562-0x0000000006B40000-0x00000000070E4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4072-557-0x00000000054D0000-0x0000000005506000-memory.dmp

    Filesize

    216KB

    Download

  • memory/4072-564-0x0000000005780000-0x00000000057CA000-memory.dmp

    Filesize

    296KB

    Download

  • memory/4072-565-0x0000000007180000-0x00000000071E6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4072-566-0x0000000007420000-0x0000000007442000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4072-556-0x0000000005470000-0x000000000548A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/4072-546-0x00000000051D0000-0x00000000051E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4072-545-0x0000000005810000-0x0000000005E38000-memory.dmp

    Filesize

    6.2MB

    Download

  • memory/4072-558-0x00000000064C0000-0x0000000006B3A000-memory.dmp

    Filesize

    6.5MB

    Download