Overview

overview

1

Static

static

1

mail.gif

windows7-x64

1

mail.gif

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    05-07-2023 22:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mail.gif

  • Size

    42B

  • MD5

    d89746888da2d9510b64a9f031eaecd5

  • SHA1

    d5fceb6532643d0d84ffe09c40c481ecdf59e15a

  • SHA256

    ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

  • SHA512

    d5da26b5d496edb0221df1a4057a8b0285d15592a8f8dc7016a294df37ed335f3fde6a2252962e0df38b62847f8b771463a0124ef3f84299f262ed9d9d3cee4c

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\mail.gif
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2988
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2988 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2260

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2c221d138b343863bcddcbeea251d06e

    SHA1

    ea088e1127f4186f9949fb8eadc5814213f8b6ac

    SHA256

    0821b7ddac517a5fda006600758e00ac02ae7ff124902bc5521b2fa537d842ec

    SHA512

    3cdf2a845971c48b9c2b851fa5df40ed1c3eeec74c5ee1f5d42a77c81dea2bdfa0182329e5216295a11e91ab99dd1029cd7e95ef29985d2b9e7261eaf1dd9766

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b31cfcae683e68832df6b694144bbca1

    SHA1

    dbf60f63df32a6cbfd64985390816907ac7d85ce

    SHA256

    79497682a61e289d2699b4679dd8d1b4c9d51a636475f8edd7af354fb3a882ae

    SHA512

    d0a9d4cf67ea1bb9de6f287922d032050cf638ee10c9c330e541792efcb6cbe7e4fafb1ea14c85764b1c1670df1e4288be0a598e5324f0fdc468586a5907e5a7

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    37b1cb4e9d7a96dec6a2e0938a3a3b83

    SHA1

    2ab99fef694ffcdf5247c6dd1d53bd77b905e234

    SHA256

    4efd40ba15d12a681c7d1cc1f311d19877c77a4494c04c9eb5eec06f4d33979c

    SHA512

    2677c19eea603d3da3ede67a1500a399bfbfaa86b40df2caa04224d92576da5a039a55fb86f9e395f7b89b05dee6e40a8993783917829d12a8920865f022f479

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7603c90889fcb6549cedb24ef67b3737

    SHA1

    a812d6331758cdfb97e7c30a05476b6581151e6e

    SHA256

    bc35ed4176367f717b8fca68ede4cdac0ed92704872453a2c6dfcba8982c50f0

    SHA512

    e2cc49c943692c36a1a53d4412f0044293f285d1f4e4a9ce80b5538ba7c9fc07c1174bb9e0be75d235718dc0cbe14ad689fcbf8f4c2d58c6c628b8af9ec019c4

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9dfd5cb69a5855a315ac2161391c83ef

    SHA1

    98d43b4295fc89ae9252b34e997e92f2cee68b63

    SHA256

    c78ac4adda5b838e5037a84bf728de0ee2ca2af6a9511fe460b06e8dc4960a70

    SHA512

    b663f12f65f59e9c26c2d95a8d8715e4587036878c66af70eabdade893c06d5a17a07e17f136d7219ca057efc0c792da3a29a5f3d0f38adf36ac742a2c07be59

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    21f85fb7c79127f99b52167a0f156fa1

    SHA1

    7437221f8af734a91141aac0a7591f30b48faf6b

    SHA256

    1a7bf51d6e0337a9a5f541cf560f3c09197393f53a79c562a0109c4580b2aa1a

    SHA512

    4144063c0b73bff743c27cb58156c6c0cbe56cd2de4eae2deebc7ec85a472c7fac3a4d20246afc5135f3053756bdfccdeba45dd32f3a5a90a996c08c4037e011

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ded5066c099ee6de02d3ade445f21f0e

    SHA1

    5d353739ed086b0eaca96321a73fb4026e626ff8

    SHA256

    07de6e69430282561493e79ca8ea330075f9aa7ec8ab178f1f1dc05604252e95

    SHA512

    458283756e1ee12e4d3a9ed71e256a5aafac3e554dd66828dc7f0613a439a7b7a7d48936c10b7c7236c0d331c0373676697f64dac74b9add091072c1d0b33e6a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5e963f5acd453f5670c5e25f6d682158

    SHA1

    69e7355bd9df591d1e5906ed1d7ea9a0233f6d37

    SHA256

    59adac048920f62b9219d3d47de6ed9d3eb5ae186915d4218fe7dcc9c5fe5ba7

    SHA512

    ddf7083b910ab63eda6b35f5bedc0d8eb5df5514739ce534335b4f3cc58db08d74aa68eac7e8346849d87ad4c9101622bec9a639e89de2dabaa1919770ebc06f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1163f3b150f04065b201c3d46fe27c71

    SHA1

    0a6c16e2c81e7cf23026b855a62e93405abf5d1d

    SHA256

    6dd8d4524630bc9c70ec84d113e7cad2f75a5de2a73dc9e57b39963aa437065a

    SHA512

    96e305fa0f26b7619182eaf88de0b5c9445753cd1b252c1a1b8c60d4423265b7aeec17cd12e451f6dbf73c8fc23cdecdcfdbbe8c7313a577d0a3869eb13edce5

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JHFV4GXP\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab77C3.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar77F5.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\LYXWHVTZ.txt
    Filesize

    601B

    MD5

    2a1aafbe716a323bee9dc29fab4f6a08

    SHA1

    015604ce386fe4c9d9b19632cd084bb1c8d715a4

    SHA256

    310f8cd8f7bca1bd6147de740063b06a2b5047d6c44e059f5581f0d07038c0fb

    SHA512

    24bc83393ea4557b5c366ff1c1b54eab991f006e2f6a204645e826440615d921d3e10695ef076febb7785e8b6fc51e312b9d7f31b40557f9ae02e0e99fe0b4e8

    Download Submit