Overview

overview

5

Static

static

4

var www ht...api.js

windows7-x64

1

var www ht...api.js

windows10-2004-x64

1

var www ht...a.html

windows7-x64

1

var www ht...a.html

windows10-2004-x64

1

var www ht...x.html

windows7-x64

1

var www ht...x.html

windows10-2004-x64

1

var www ht...g.html

windows7-x64

1

var www ht...g.html

windows10-2004-x64

1

var www ht...3.html

windows7-x64

1

var www ht...3.html

windows10-2004-x64

1

var www ht...e3.xml

windows7-x64

1

var www ht...e3.xml

windows10-2004-x64

3

var www ht...ase.js

windows7-x64

1

var www ht...ase.js

windows10-2004-x64

1

var www ht...b5a.js

windows7-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows7-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows7-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows7-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows7-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows7-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows7-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows7-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows7-x64

1

var www ht...b5a.js

windows10-2004-x64

5

Resubmissions

19-07-2023 21:16

230719-z4frlabb95 4

19-07-2023 21:13

230719-z2sndabb89 5

11-11-2022 04:56

221111-fkt1bsbcbk 5

Analysis

  • max time kernel
    134s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    19-07-2023 21:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    var www html kemhan/wp-content/themes/menhan/css/grabbing.html

  • Size

    239B

  • MD5

    69da8f039aa356f2bbf27334b2eecffb

  • SHA1

    6f276e5cd8a8bd0655b9383e7c59e9227e695e7d

  • SHA256

    059c7420f830e405098b8109c5b6f523d84ada042d802dae4b9e746d8e3a8d56

  • SHA512

    cde054749a91a09ec54f341c47650934627a5b6cc2bee1b6e71dbc9c844edafc981ec24ca29a8d894a9bc2593a38aad828c1193131d1da5c97bf4f0dde1b9ebe

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\var www html kemhan\wp-content\themes\menhan\css\grabbing.html"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2640
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2640 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1356

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f5426a68987a5ecb02a775a103cc78f7

    SHA1

    b41fd14e280fc00da4c07ce37f4403a1b4ea89cd

    SHA256

    7dc70920d14f973da16d2d28893fbedffa1d5d022da111f02d3689ad70c6b0d8

    SHA512

    5790b546733844eb65d741317a1cb46a74da5135b46fd0d2989c477194aa1789d5e7368b8beb671fd564c2679e32443adbfde21a3ca8d0b88dcec5daaac4d818

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    990624cc983458f27613cb05572bb61e

    SHA1

    8e5a754058ba7d96548087d32f2a283984d2006c

    SHA256

    2b9f26611cfb358ffac3e8f7e7665417b7972cf10471c735d8f9126d2ae376b2

    SHA512

    c32dfd0270edb910db16e3716cdc0fa2e5e73f031f0e9c43a9bbb845ec0d2910c69e283508a8d4ec7d5086d3eac73e22771e2cef745e67476d28bf9c445813df

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    afda3c5a25033fa5cc28e5d8bec654c5

    SHA1

    dbb15e80fb4ea67146b795d8b2a443e6346ee40f

    SHA256

    18117c967bfc1520ca38b9e02e4441366fef3bff9c5fcef77ec61e2fb375fc21

    SHA512

    54e8db8a4647329d36ecb34ddcaba973d75bdce818895ca8a2c6bc40935bca7487ca0d9d0ece37cb2805cb8d389b758b1bead52ef094cd8f2feb7e977ba702d6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9770920be98896021cf5db22382f2081

    SHA1

    c892081d67d2f3da714a9bc1742c0888277cdcf7

    SHA256

    d8b6f4f2921a9ceadf91e3b14db281e96ed441a5363e30ab618da2fc6ff66e5c

    SHA512

    213e87287ff7ab0ac6da1b49fabfcb70325df8c6a103684b6d11a961d647572850e43df3de56fb749750f69b19701a744465ff2e83f57ae2c6b510c8dd06d1cf

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    48b0100dd888650885a04f091cd09902

    SHA1

    0df478773d9e9c5df31e9353270ee2d828c5e622

    SHA256

    1bdc067b845f813ea1cc02e89163032e9ad7229954e2db6cd3a08b6cb42a9798

    SHA512

    12954cf123b252f8ab88324117497249926e4922660206305d49f1b4e352ecb79ae2ac9e5257ee30337ede71b0c5086c37a1cd7632abd391ffb1fcce97f12c45

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    06bbbbb63473c11aebaadaec0026b1c4

    SHA1

    3a7de9fbd4527f8e7ea4f91eeaacdefbeb10cc53

    SHA256

    e84f56d6f5ed8abb100523f1872299777235117f741e2524581f906f5545a5d0

    SHA512

    676026f25ccf95ce34a679dfc346cd399a20ff5b897cd9302dc1eb2d8b81e57e6a8c065dfba2ab75851135ac2db8f3498808c1e26e17dc29e5f5525f6f6aa45d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    912d781d9fb46b2313f076c9cf3905dc

    SHA1

    901f160ab17266f40718cf5d6079701d4a703054

    SHA256

    f925eb0a3929e6faf08c9e6e972f8728c7f09c6acb44171f0b4d2f756c0277e4

    SHA512

    8a77080b207305466eed2992a38b608e1c07eff74ccff03e9af8d2c88408240b1ebdbf90f08401178c7dbdd3c31337951ddaf80987831ce55f384af7bc298393

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    674b40a788d48bfe3a75fd55615d8864

    SHA1

    398841d2658cef715c0fb2a07b4c09d761c1a223

    SHA256

    2154d37f6343c0f4cfade4e4a38c0ca382a7278cccc10cc6f61f386df8ee79ab

    SHA512

    28e029fc01b67d0a5a4de76bd5f2024b974dfa052b77dcaf78792ffab17beeb6f1bc74ae4e98ff0901aee5ebab539becaf16474dc9c25ef15b2875678879259b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cdc456ef76e66955e5cc0fa5dccd494f

    SHA1

    b8065654632e942da1c3daa8717116e67ba776ec

    SHA256

    569a3aecc9759d5cc1e66a570c75c47461b8fcf1bb095744905e72212d7aa94e

    SHA512

    04e50c26c380eabf40e75eb4a2a92b695a4538f608bd4dd5b076b91e5bec5b2ce0e2e3a721f4b00b951e7cf9afbd3640e2568be99a51b5a6a3f8b3f62c80c054

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    789a3f29b6db7c40bd8c442a751fb2d1

    SHA1

    51706be33d4fa5217c699279943f4d9c90af40b5

    SHA256

    32416ad72fb9df98aa8b7c09d4137222fefb68ca0c1bb1a911399222f1ca9f94

    SHA512

    8ac447558bdd747dee45c0328b0d89469befddf52dc554d7fd74b242783f200c1129582b5ea35afd2fbf797581bb34b097b1b5d04261a527d1e676ca01075cae

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.1
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\CabAD91.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\TarAFC7.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\3A29FG4J.txt
    Filesize

    603B

    MD5

    cf86cc4bcd96e320a3e58027bf04688c

    SHA1

    d4427fb4f06f70632c94b1fa32a93293e60384ef

    SHA256

    3125a16edcaf9ef011af9afecddc38f6d0dfc694fc8b91450b78a2be930a8b48

    SHA512

    7f9a30cac19be7562874290c2d8367a0f7d519171bf7c896e22237b8543aeff8fef2f41c580a02c15674b15b2d3cf5c21c20fe67aabfe90069f0876ee610e602

    Download Submit