Overview

overview

1

Static

static

1

DIRECT DEB...m.html

windows7-x64

1

DIRECT DEB...m.html

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    14/06/2023, 19:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    DIRECT DEBIT_Payroll Tax Withdrawal_Check 003873653 .am.html

  • Size

    644B

  • MD5

    62d81681afb84b9bddd5c93ffcf04a27

  • SHA1

    7d222a6c2556e09b138e9fcfd74d54adf18edf6a

  • SHA256

    02f279426992bd5e40b484f395973dfdbda49f863c1cbf9e68cfc52df1e6fa2e

  • SHA512

    5f37fdbbc7be87f798eede0974c6eaca6a7023dd8925cade99837a27b11758b3e18f676a58f2d3550c49efc54c284ce37a0439e587c47af2ffb1983f09abe04b

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 54 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\DIRECT DEBIT_Payroll Tax Withdrawal_Check 003873653 .am.html"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1984
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1984 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:520
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1984 CREDAT:275476 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1652
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:468

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
            Filesize

            62KB

            MD5

            3ac860860707baaf32469fa7cc7c0192

            SHA1

            c33c2acdaba0e6fa41fd2f00f186804722477639

            SHA256

            d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

            SHA512

            d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
            Filesize

            62KB

            MD5

            b5fcc55cffd66f38d548e8b63206c5e6

            SHA1

            79db08ababfa33a4f644fa8fe337195b5aba44c7

            SHA256

            7730df1165195dd5bb6b40d6e519b4ce07aceb03601a77bca6535d31698d4ca1

            SHA512

            aaa17175e90dbca04f0fa753084731313e70119fef7d408b41ff4170116ab24eaee0bd05dca2cc43464b1ee920819e5ce6f6e750d97e3c4fc605f01e7ff9c649

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            9742ea99c1bef5d9d1b9e72b9179c355

            SHA1

            a364105694faa938f9d9305fb08a57823fe81654

            SHA256

            fb5efe468c1174d19ed8996ca7bc257d7bcd5e8b9f10ac1ffbc0e3cb1dad9fac

            SHA512

            1e003766f6ab8dd4fc456e4e7424231288d6e2b6fcf183a7da6d360335028b3c947e997ef471e1566e69abd6a51f40d2203703f5efe0ea7545c5c08f709101f1

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            325ffbe74dea42f5c80363e7a75d14e2

            SHA1

            fa30320849c90fa8b174660b72626532ca2cb189

            SHA256

            4ee7e2e46b5f201bcd8369860b6f427f46ed9060714d0291ca471dc5a6a71160

            SHA512

            83d3032e1d62167aebddf2a4589a78b010beb51c5b6834d475f82723115f3d8645234fd080f2481ec3ab8f3db5c80e6ca852ad08828e70503cb61f28efc34da2

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            d88440d9d16a0ccf77316d785f17c75c

            SHA1

            5687b5df57b457584be3edc3bc1c24b2860e1274

            SHA256

            a28bb66189cee458921dc4bf7396b9dfa4150cdabc252f38cfdd5a4194e6c6fe

            SHA512

            f7d70d8ec48ee3d66b096081cb961cc1d835dc369f76536757fbcf95c2eb4303e5230fb84fa0f742ab7b89110a90e4fda935f88935919df1db17d379c1ce97b0

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            849e50898939d9dea8b77994c4b0849c

            SHA1

            70bf9d3582aa6c74a72e06d102adb6ed5ede1456

            SHA256

            df06c5a0e401aa463332d0ed1fa53136f415a6e1ad5ea73a2a53e54110b00cbe

            SHA512

            a4973fa5f8280cc296f2d18ecbd0a66150c563778ff0d11bd854572a2c459e96a7514db93b7c6389a4402bf6562cc4e21f2314fb65de2eccebff63ebe6bc4b65

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            143f19b5e7456cf12da2dae5aef01288

            SHA1

            641228bae4a26d6089ea0f44e8c5457bdb1e4345

            SHA256

            df490488a5e0d77f6cdd9b85b64d8e821a84b519aa7ef4580a760d9cc4d12476

            SHA512

            64733e89ab9aee9cdf53fe0284e4bbce2f984fd46c244c4c8c25482dbe2f53e21defcf3390b37f7ad23f7eb9cb77ca6885ff2bf0e60a37df28fa6a8c65238503

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            b46b8c357d2cc634db9a4ad99393fa4a

            SHA1

            600cdd19dc94b6d8cde352a60ee190dc97f0d5b1

            SHA256

            9cf025b4db3bf11a558ad7e7ea24e0ce71d901050f7f2893aa80cfda1dd9e58b

            SHA512

            ccaa52031b0b149a1610c630a05e98c60be6e49a3cfcabfb20a2a648a95d60a5253ad48669d8dfc7dfdaf5ccdc22ab7f4581758ab40dadf6ad09cc5373243266

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            2c96949e2017ab254e7e5766475d332a

            SHA1

            67f86b6e5325510486842f5820484252cf52e819

            SHA256

            485753008933b317f1bd947ce4df789873c9315dd6af84f7fb2429ad6351bf1b

            SHA512

            cf01e28add039439f0db88e217e709a3ad9aa039fb396f88d856734e7ba905d67f2466a8cebf280fd0f9b2164ffadd11c339a502b33fd0fe8d37aa7fe883ff41

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGZY45B8\suggestions[1].en-US
            Filesize

            17KB

            MD5

            5a34cb996293fde2cb7a4ac89587393a

            SHA1

            3c96c993500690d1a77873cd62bc639b3a10653f

            SHA256

            c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

            SHA512

            e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Cab5BF8.tmp
            Filesize

            61KB

            MD5

            fc4666cbca561e864e7fdf883a9e6661

            SHA1

            2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

            SHA256

            10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

            SHA512

            c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Tar5BFA.tmp
            Filesize

            161KB

            MD5

            73b4b714b42fc9a6aaefd0ae59adb009

            SHA1

            efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

            SHA256

            c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

            SHA512

            73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Tar5E13.tmp
            Filesize

            164KB

            MD5

            4ff65ad929cd9a367680e0e5b1c08166

            SHA1

            c0af0d4396bd1f15c45f39d3b849ba444233b3a2

            SHA256

            c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

            SHA512

            f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Z1KG6B4X.txt
            Filesize

            599B

            MD5

            3934647420573e5041a665e70d060568

            SHA1

            2d9122d9f5237bd6483832fc80afa3f64f9ca995

            SHA256

            69efbd588c470121d3697c425099005c57fd7971c9badcc653bcc3cd608b2b39

            SHA512

            ff43b8b223af2a7522b0716784dc43ed0501d8fd5f02e6536de66bc9f5343673f20768dfeca669c1b1f5d98a96ac68347da5b099ffc3b2fc00fa9734e84c9f28

            Download Submit