Overview

overview

1

Static

static

1

Offline_Do...n.html

windows10-1703-x64

1

Analysis

  • max time kernel
    143s
  • max time network
    147s
  • platform
    windows10-1703_x64
  • resource
    win10-20230621-en
  • resource tags

    arch:x64arch:x86image:win10-20230621-enlocale:en-usos:windows10-1703-x64system
  • submitted
    02/07/2023, 20:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Offline_Download_Version.html

  • Size

    15.8MB

  • MD5

    2b9b0f83bc1551ea24950b43f70a8986

  • SHA1

    12b6d3e272af2138fa2224266e90188ef854a63a

  • SHA256

    06ba63d894481a0e9b852e01ecc54c1bbd253e2162230f06474cf6159e101a84

  • SHA512

    a5aaa3e0355ebfd1b0f160d494f81339f8188b3b00c358cce54d02327b92abd47ab016dfc63c28bf4e725bbe2f3585564d5a9d4d867c2a8f30f318a9a0803b8a

  • SSDEEP

    49152:LqSew5J+/i3RLkSmd9/0ykRXenOCxHfkEQEN32MqrNCIskTrn9dUH5avCCa4GsAw:JurinDiUxUYhJ

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Offline_Download_Version.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2604
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3100

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    6fe591eda8a5298312a36630f5e00de9

    SHA1

    e33454cdb04272145c12bc17c9f0edf9aa5e6633

    SHA256

    6b792fbfd134e94e30d56b9ca265385b70f4665b710868d1f703061a7925a762

    SHA512

    dee9cb5120a18ae3e9855df3994cdf9d0f93162c659e8d331c766be5e67ea75dd051b7bfa399aca286cfa2a1544feb99e13643c1f4fedf178698111a87f9aed4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    f061f288c3e90ff77cdc1bf6514ba9c9

    SHA1

    01bcb70e13edbaf5f7459120b766eeb9132ec800

    SHA256

    070ba146ae6cf621759f0b28471cb94187c7036a814f39d1fcadf181d01dfc14

    SHA512

    ae2a4b1737e1fc9227dedf5e777dcfb68f69c934d3eaff3bf6a825caaea08f6a7a831556b9a66aacbc986d01ecff4cf72f92bc8d4d7ca9f64fbef27f64826866

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\C12XYPRK\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\CE5OLYQG.cookie
    Filesize

    608B

    MD5

    dbb07e9d454e56a91576c2444468811a

    SHA1

    bd5a904550a5e1295c76e84620fcf7ed4f2083c2

    SHA256

    2ffb32f463a26b57b7d9b5fc141a95b8980db58c9797dafd3982c6161321b47d

    SHA512

    d5a06bfe8acd6d26a97c52b1b906f08881bb33750749d7315cfcb185d8949c28658030892b9b92721ed35d53675c7d494d977ee3f1455e5aa40ed5487f8d2f91

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\RLSRS13Z.cookie
    Filesize

    608B

    MD5

    8a78068ebb882bf78174210dedfe6ed6

    SHA1

    22a6c33f243f1017787482f5f1c6343c1dde6e65

    SHA256

    5025258e34692d705953c5b4482e1d4960e946fc6b7c69aff23b3538412042d0

    SHA512

    6d844f0c90fed32227303e9f58f421ef62b3ba2c0bc34ee7b77af6743fbc7c5781d4574159c8e299eecc0dda634d9246ad364ba978a6a52bb35ed2b6044c7d3e

    Download Submit