Overview

overview

5

Static

static

4

var www ht...api.js

windows7-x64

1

var www ht...api.js

windows10-2004-x64

1

var www ht...a.html

windows7-x64

1

var www ht...a.html

windows10-2004-x64

1

var www ht...x.html

windows7-x64

1

var www ht...x.html

windows10-2004-x64

1

var www ht...g.html

windows7-x64

1

var www ht...g.html

windows10-2004-x64

1

var www ht...3.html

windows7-x64

1

var www ht...3.html

windows10-2004-x64

1

var www ht...e3.xml

windows7-x64

1

var www ht...e3.xml

windows10-2004-x64

3

var www ht...ase.js

windows7-x64

1

var www ht...ase.js

windows10-2004-x64

1

var www ht...b5a.js

windows7-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows7-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows7-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows7-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows7-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows7-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows7-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows7-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows7-x64

1

var www ht...b5a.js

windows10-2004-x64

5

Resubmissions

19-07-2023 21:16

230719-z4frlabb95 4

19-07-2023 21:13

230719-z2sndabb89 5

11-11-2022 04:56

221111-fkt1bsbcbk 5

Analysis

  • max time kernel
    135s
  • max time network
    161s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    19-07-2023 21:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    var www html kemhan/wp-content/themes/menhan/fonts/fontawesome-webfont93e3.html

  • Size

    62KB

  • MD5

    4b5a84aaf1c9485e060c503a0ff8cadb

  • SHA1

    574ea2698c03ae9477db2ea3baf460ee32f1a7ea

  • SHA256

    3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019

  • SHA512

    05196036c41398616c077925fc4bf252e81f11b6ebef8745047d75cb2c8b80441b8c3593f4d5b2617089e9f3d8d957f9edcdf8e43993661a277be8f4b6a32111

  • SSDEEP

    1536:wOhGmmMET1VwoQNDerkOtxhncPvaAAGzw9jD8RlhANsK1q:JhkhVINDerkO+aAAGA/aANX1q

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\var www html kemhan\wp-content\themes\menhan\fonts\fontawesome-webfont93e3.html"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2584
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2584 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2812

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4025ecf10ae0f7f8104f9678215f3158

    SHA1

    0db7fad952ba7836f07aea23ab6ae36fbaad3d1e

    SHA256

    1a9350cca86f81764f49139e66d2c4bc0eebd2068725c95e7ccbd78ffeffebfa

    SHA512

    5824f3a70b7092be9ff498cf7482e28db8d6fd657b807a0759d48d634e353e70654856bff24f0ae9ba98b6cebf69c1a462687bd35dcc5dfbad351b990975d274

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aae5a84b8ef2904aa8634a976454ede4

    SHA1

    d48580182109e2dd17d6d202bb9f397b1084cab4

    SHA256

    31481c7fbf5eb0d8cc2db9b6046c0f7b7e427b6eb081eb6c294486a67d3c55f5

    SHA512

    e05b31c785aaf5c1742f00ef472a8628509ddd4d9c6178058a2f24f3554c60997cd7a3edb8a7db36db4997cfc382f889c111c4f2efae8036a546d0ff6e221211

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    34eb313a0b8626519441584ee183d66c

    SHA1

    da5ec37a39cea44cfec6393b15951680638c0fbf

    SHA256

    94d1c5612a7f5aa2ec5b1689e8ba0834ec55d33d54284a2434a0addd7acdd74c

    SHA512

    6e9497894d1051ea89e4f764069ab2e031f19ed4dbae31e890dc9f32f87dc27b9511bae0d7b58b79a1555bf28c6bb87666c278e92d84c4c6f03dfbce2185e321

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b9d19288dbc415775ba39743b1adb05c

    SHA1

    218875baa7f24dba6b23807ce82debc83e6e484c

    SHA256

    eb5bc29afd20314e40c8dc70c1b3e2e37d5a9112404df56a4d8915a94e3f1852

    SHA512

    9324ec9d9376a25712ce8a05d59fc9ef5d67b6e5db3fe537749906368e1ff67a788cfffa3ed7824d89cddbe6fae44879f56931752b9ccf58cf70e236521e3557

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5db4724b76696764adf1b2d34dbf42b4

    SHA1

    d12fa2c7991cde28919a5a49962d4b3189768a2f

    SHA256

    770c7b75b8d59e1643d6cda6fbc9ccfe11ffaaffef51a06e0c3f665f420d7c60

    SHA512

    880651505101430006572caad145cc5ee397ccb9e280f246937758b540f4bde9d0fe5b0c1f3e539734ea8b0939b3f254fef166ad8b9c601edcfec92c79df3ca2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7396a8cbfccbb212ffe613c2872086db

    SHA1

    9a2d96ca8db6880efaba591b3af702e435f66f62

    SHA256

    cce9589adbc8d6227b5e30582ebb87216fcd308a035691baface64411e0e48a1

    SHA512

    156510a620ab4473092f91a1e17c60e4fd2618868af56b866c93cb18543f15e169da2aa02e3d0a2bd17bd1dae4c3780b9a60df17a67bf5edb4ea6dc6b43e2c9f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e5aea06f2ca6b5f821b0b9f06fe56167

    SHA1

    136af2d9edb7c74919336461c17ab3e67801d33f

    SHA256

    badf0b93531a4d36845e6ce2c3b2ec12cfdff181adfaf621c214191d1c785523

    SHA512

    78ad2033d5051724b34b2c111a15e160d4e5fa8413ac305174dc4a14d9d8bc820475fa60f496d8ceb10873376b741a9380afe29faa09188e6fcabc4008c85fc2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    78f813afdfe0db396abf59e61b2e11da

    SHA1

    a81b32886175a99b2240e52dd4be6d947d017aea

    SHA256

    977a21069d34818a27a280e0d13837ce443bc7de0c3e8badc530db0a8805ddb5

    SHA512

    2d3ce5c2b46e9c18d9bde4ca085358befb4ef6df529bbbe0544c60b59c79644037ad5c3bb03cf32677f47ba0c0a480a1508a4c938a55920abfa2952c3a11d0d4

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    00eb98dcd8812b49c66cf4237aee4215

    SHA1

    c77790ddea8a2dbd8262ece01f956bc3fc6afed6

    SHA256

    9cc7dddde57e1d599b3872c5465404d843b5e182940534c5ef771837d6ae5846

    SHA512

    4fa811c85ca3a051c994fbd6d026f41570d9127a127914f1b8a1021a1be3ef2fc6a9187ae03b84c6e9b41b55e5a430a59442a3e5cff696b6cda21528c84a8081

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3VKWFGCX\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\CabBC01.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\TarBD5C.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\N91KFK0U.txt
    Filesize

    606B

    MD5

    a5465e24bb83a347353848f297b16783

    SHA1

    92879de25232dd098ce320c7a0a577ac498592db

    SHA256

    02dd52ea4de8ade81b9a1a408ca6788578d4b71752c99825ad0daafc88752072

    SHA512

    56560eacf961eef8c76041c5dee58a4ff7d891b6e613a8e692b13895502a7eaa905eaeb3dee453b266e14cb25ee04f410459955964d35f3ae8b38fed7c6e91be

    Download Submit