Analysis

  • max time kernel
    71s
  • max time network
    75s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-07-2023 09:11

General

  • Target

    https://pgr.ao/mateus.issenguel/WEBMAIL_HTML_PAGE/WEBMAIL.html#[email protected]

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://pgr.ao/mateus.issenguel/WEBMAIL_HTML_PAGE/WEBMAIL.html#[email protected]
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3192
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3192 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4916
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x39c 0x2f4
    1⤵
      PID:1708

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3X07DW18\wchat.freshchat[1].xml

      Filesize

      420B

      MD5

      1b6afebe71991a3e0bc4e5d6b09bc7ef

      SHA1

      306e5858304cdc8e00a66bd2379b4a4d5222d1cf

      SHA256

      14f427aa32f3fd8f835f24695e464a6776279ab8cbaf8d8784f4153f92c5bcb2

      SHA512

      09569acb9750a7d09d4e0c1681e85d54beb6aa336fa3e91efaaa3e7b44f343c2912d3cfce50b80692c1c49e24fa7310e49fde3c56627aee93c68550d1029e79b

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\FW6CZDO3\www.domain[1].xml

      Filesize

      13B

      MD5

      c1ddea3ef6bbef3e7060a1a9ad89e4c5

      SHA1

      35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

      SHA256

      b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

      SHA512

      6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\FW6CZDO3\www.domain[1].xml

      Filesize

      263B

      MD5

      35fe04d25af00ea2662a15035ae2937c

      SHA1

      b52fca63d66418a4cee83a97aa8114e34490619f

      SHA256

      c678dc0c173a6f60a2e9533dd55ea9a47b1b4e9e6de4e8badc0b757558cd7d2c

      SHA512

      694e4a15f268f0ec69bb323c804399ddea293cdeb393a7bd10fb0a871be10e17bbbe056f846d1973dfc629714d04fe465a82da68282215cd1b30796830b86072

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dwd4kki\imagestore.dat

      Filesize

      955B

      MD5

      e87c9de5c4b5003c32592d4550d76d64

      SHA1

      997ad65d536a766ab9bc4762ee4cbdcbdaac3537

      SHA256

      f1d97998ef2af3effd40425503927d3ea6cd11407866285455a73e51c3c4a229

      SHA512

      972525543df4b8e77546b4e85fca7169e75fc1d5c7650ec64cb5c0f297a25bf3149757fc4595ec2074f65fd3cad4e84cba185e6ef504180427c82af38452e915

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dwd4kki\imagestore.dat

      Filesize

      5KB

      MD5

      0e7c9eb7734be9d8d889073d42eb5989

      SHA1

      a036d38755e491272641da3d4cb4cf9b0371bb05

      SHA256

      21c994676945997305732777334a489a76b03333fabed0a84b105d9059881b74

      SHA512

      fe490b77d602d84e6bff9277ac35a67be1ac60d591d061b7bb1a1e6b967e03b105cb468434ddc0bb01d32665690418b5665eac5f865b6a0b5413f52fc2b7a9ad

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\HW3GGUK8\fd-messaging.35ddc09b98a15a821b79[1].css

      Filesize

      230KB

      MD5

      ff152094b79c15ae6b8d764b143971ff

      SHA1

      c90f0fabeaf869fd6a8f374f02481a89d9f99856

      SHA256

      68cc1d134b6c206fc45c9fdac5121a1990ac7f82fa188af9bcdb5e214415ebbd

      SHA512

      9393c77c2378e1624396ec3f761e04c359dcdf11cfeb0e574c6440922e6e07f660a73e66d0d26e9463a65c592f892b050cf380a51bafcc7f8f3a89635632cee8

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\HW3GGUK8\index[2].htm

      Filesize

      38KB

      MD5

      63068b3f6db7bb700f3aeda82d2f9f69

      SHA1

      0db299ea73543f44428f5b6e4c661189c4ba0d3c

      SHA256

      111c43ba6c6561f8aaa4f8cbce28f8f44a9a5e6bb499b03d1916afde37e947de

      SHA512

      b5c288a44e86586186f2dd77646ae6b396b2a2a9b328ef6450ea31d3b0df62bc8589e943c0f58dac1d6ad384c863699b59ddfc1c5fac0e1ef132f800b690173d

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IEREYVXM\suggestions[1].en-US

      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NB3GP0NJ\faviconV2[1].png

      Filesize

      783B

      MD5

      2b211699e540f9966c9607c0cf9610dd

      SHA1

      50d05731149e616eb4df5cf93d2a92609af9c019

      SHA256

      8302965543614a1f45aca4bea921c737531578a7508fdfd32a1e20087b090bef

      SHA512

      f157f87dfb87d1159117e000b0b17e8fbd0c20fe98bba81416fb2c531056a1a34e3efa872b2856dcf7fff2aeb02d575aed18de0b8700f4d12b956e49857d4128

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NB3GP0NJ\favicon[1].ico

      Filesize

      4KB

      MD5

      00ca0e6805048e5ea2b54c92278e241c

      SHA1

      3c52bbded14d9964c2a2bc6d9e338048a5036ccd

      SHA256

      9af0d4aa13acfe1a06f9122a56718b7c7f35a4463d4b3a6450201e8a46547980

      SHA512

      524c82638c32b34782a2a15c852e78d3d7d40180bbdc66a946bc32cc8f7b8ddc16d0ef5ad4e3471f74db9833bb468cebfce5e6949473b3bae45f79ced8b61da5

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NB3GP0NJ\jquery.min[1].js

      Filesize

      83KB

      MD5

      2f6b11a7e914718e0290410e85366fe9

      SHA1

      69bb69e25ca7d5ef0935317584e6153f3fd9a88c

      SHA256

      05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

      SHA512

      0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NB3GP0NJ\pink[1].css

      Filesize

      8KB

      MD5

      bb81ccc45e940f9272c2119fb2763c3a

      SHA1

      1f932862b8fa91b64eb49c22f1ed0db4304542cc

      SHA256

      f286c0cb12aaf6efcfc2392df2bdb0d805358c5cd29635a12874af88e79e78de

      SHA512

      9550e08a8bd02a082bcd9fe3dc517ff5662dfa674bc0384f124ba768283a65adfec262fd5f74a38ae99bfd300011a3e582a7ce41f0ace04b15cf297e33691b1b