Resubmissions

23-07-2024 15:35

240723-s1cr7szfjb 10

04-07-2023 18:56

230704-xll5jshh4v 7

Analysis

  • max time kernel
    142s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    04-07-2023 18:56

General

  • Target

    mask1.html

  • Size

    2KB

  • MD5

    b26fdd40e5201514b67f7448cee93442

  • SHA1

    b06d9f2ada1dfca3e68d84598ca10397a9380c04

  • SHA256

    5db01fa7ba34251a004efee442e5ebaeb7b5ec4770ae67dc6be6105e23840d2e

  • SHA512

    6507307c834fa95c0e8b71a419dc9eeae84eadf2483ac2527ae1d19bd7dfccc6d0ec7543580a2b3d8597ce622d38612e5ff513189fb9516d8f399b1c076f942a

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\mask1.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2956
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2956 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2088

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e2a225537f04ad8598114f652ccc1132

    SHA1

    18d8f25c7a3996695feeb5b9d1e65bc2a91aedbb

    SHA256

    b01bae9369d65f01831cb9ba7df7667e33a4e2e8a223f2ea082c10279e1fabe7

    SHA512

    f424746ec19cd468a6213b789b95ce7dd5d66f875fb0a391a8ef071ec7350a15c58f98dffa97209ad1b5624d597c1a44343668bab2d292dcd003e7c47753637f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e7dc61fa4d1ad8433ab9779e387da15c

    SHA1

    7457cb399195dce2e6f7b14178b498aa87a0e1ea

    SHA256

    87a5c9c8dcd90ecf8486f7e2b9b3956ade989ae115a34b51c6efb093055fa634

    SHA512

    5cf325a1ce5a2b606ddc4553ba49575d304e2eaa0e5587749b6443ff4754d44ea7329f464eaec22baeb48e583ff53a6e57d187ebcc9eba76727f8ce3a274a59b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6d1b2094e7209001f7b801bd9280e97a

    SHA1

    150b832a041fca43e212c71a2c54c55d40ab9fb4

    SHA256

    d1f9e69f7ab937c55b94dfe7931b43fc102b70f6cfeddab4ec796a3607e34c3e

    SHA512

    a87b693366aca8acff13fc1db4e32cd8835e7b6505a5c7fdf37999323219f4c7fca22f47af11ef3370b45df75fc2909c65660a9b191c30d3e539f1a5620f0069

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    522974e2ac92b89314b04363e409ab0a

    SHA1

    e0d5b543569f8da02d050194869c18cc896c80ba

    SHA256

    fa717af3517262b56005851cf83d6b8567744a5d567e69f5828d8da3272bdf3b

    SHA512

    c482129fa43ed18b007f3aacc3ee3ee26dc976696558ac38ada53d41c1dca69bc7005e0413916f4081200cdcff5defbd225280dd5c73374ca0a6b06d25f5d9cf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    28e6e5d0ccf39d4c3a5ec105862177c8

    SHA1

    90e8a71553bb260e98e8ea122ee3dfcd1a27fc4f

    SHA256

    44464822f7eddae3f5829da688bf1eb071e4372b75fa4be8e94bb3e3bffab595

    SHA512

    892477d728b2af0caae7bfff1c677b7df0d7207412892191d02d3836ce489c1209054988cd51344649449c36104cfec0956563e42dd88504c703d7105092f49c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1e5a4b808586ec92604f0eb5b3065aab

    SHA1

    84390e49c0d98d2a70397c0333129d345e197618

    SHA256

    e2ea8469b0b5c982455775a98d25758839c86d3b814accfa3739689f774c0b97

    SHA512

    c272f715cbb960aa21feeeb0a3ca9c673fbd83b1eb9eec0c2b67f6874e3651abfe430d314f856cf7f58cd5a69c9e94c190b17241946f5d32bf8df25fb87b91b0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6dccd3fa379aff64540d1f79607c052b

    SHA1

    ded676376770df4e97e993cd7ba5d5a894b02d9e

    SHA256

    66fcf69d737b1b4db4c21d4489b1e01a5f1c51ccae41a7a07ee6f57194273fc1

    SHA512

    e2a05c08bf3ef622ff31b7c7ded5140a2b4610be5a006cf537f2bb513a99fec9932e4a04f56da868ac8cd7eab8cfe435d592b58c03c20883305adcc89c13ee2d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0e5591d1d3d918d0cefdd193f02f65f2

    SHA1

    423e744b5d6ab34fcc7429dc328f1f48748603cb

    SHA256

    93d95c327629bc7af7aa215709f87d6ef6a388861142c092957ced3a944fc619

    SHA512

    49144d1e4c31e8bda0e13e5d6bde64284ad2971f898f5637a78f69290b12a9152aa80e054f309b14afe661e32e59147c6c3313e82e25c1a26e0e9837f2614532

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    20c1e1d12689ed2d714c7390af25c2cc

    SHA1

    7731c0743d9deaa6d53da73cc1dcb40ee6bc0ff4

    SHA256

    e9bfa3dd64fd9644ea648fe7cfd82ba78233c9b6b39fb6e6ada52c761a93c360

    SHA512

    56e04f3198712d1f4fb68e8d2d3db9ca1108a734354e360f8344a7f55fb4f9b1616d780c37b0aa40ff0a8ee72e070a9f20c56b9c9fedd391feec66c2982e7a06

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8beeac11daf2ef306b59235aa137a358

    SHA1

    99da191fde935670653634887fc81833556d46e3

    SHA256

    d8f9970b4f9248f424768aa77a452092a1df78c3d556f85bd547da284a4aa294

    SHA512

    cbbb3862aac5ded67da80454df1d001acbdb120562692ebf138cb8bd49db6af77f6bb246f50546504907da06f63f44af98353bc2a8372dd7b9f0d2100c7f550d

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M70DY8PN\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

  • C:\Users\Admin\AppData\Local\Temp\Cab4D3A.tmp

    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

  • C:\Users\Admin\AppData\Local\Temp\Tar4ED3.tmp

    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\07C5SJ6B.txt

    Filesize

    600B

    MD5

    c3f7a621bd8e747d217c097a1ec92057

    SHA1

    30225be0296bd807f5f90a790bd1047865aae3bb

    SHA256

    2780f8e1a7ecc9a88281a4765292fd73a35989da620ce17e9fdf7e96919bbb6c

    SHA512

    51fb6cdc09c86fbd801acbd521af2a4c098fed88da90b706ca2cecccaf12a7d339e463300e23b9fae722edfd0a210094fa7be99a9335adc9c476fc422f7ea4c9