Overview

overview

1

Static

static

1

GH6PeNA6e6...18.gif

windows7-x64

1

GH6PeNA6e6...18.gif

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    02-08-2023 09:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GH6PeNA6e6_oO6olrdAmJpw1AyM=118.gif

  • Size

    43B

  • MD5

    325472601571f31e1bf00674c368d335

  • SHA1

    2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

  • SHA256

    b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

  • SHA512

    717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\GH6PeNA6e6_oO6olrdAmJpw1AyM=118.gif
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1260
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1260 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2272

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    57f42d3c105746ad2abcba265699da94

    SHA1

    73c316cc10b0d4a06aed857fdba49dd5859604bf

    SHA256

    1bb9a7eaecfe5d1fa915c4327fa005c44d61f62a1e0db576e6c2bbf84e35f3fc

    SHA512

    2ee80bb3b853a51750df96732a5b4ac740afa43341d57218592393c400a3b06ffaac1a8c38b6dca7d16f87fcf908973d50675cfa1883a583d00486aa7293cecd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    433b8341480f204d582a314931069585

    SHA1

    bce7183c09bb5c20c8bfdf39617e090ed8ba5562

    SHA256

    fbb72d7c2f7a1b5fdaa45312af91675662b6af22720a4335d89e3974a4219fb1

    SHA512

    aeb36bb222c1c505bf65dce11d4829c5c960d9ef4f517070eb3bfcc070e0d2f6c8e2adc13bd0e66311c201fcdbb092e6cd260f77e87ea476eef151a8faf836e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    36f637d42a11405abbf7429718430afa

    SHA1

    b90d5c516a977c9827ef7b77ff9ff6019370d8aa

    SHA256

    5de08e942404d1532eee21e87721166d836b60897ed5acca5cdebb0c0b9fb176

    SHA512

    fc794509a5a71a57d6feadfa3b8d62cf27f73079a4b4e66017cc0a1aff2122375f0e0008badaf746b042b020c404269d2ccc482753c6f24a785683ceeb8c6815

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2609fb9686650daf00a58b4fcae9793c

    SHA1

    685d39b9c31dae0e5ce90e46838d672168834289

    SHA256

    4e6a980078ed493701113991ccc89a5901786e4cea3fd5f320364b5527031fbc

    SHA512

    b046689bc9dc81be185a77243b5da22b3128a22e16a63600cbc26fc9f5e974ac440aeeaf9ffc226609f2e638df7dc2196cd77cc9dfbdd177a0fefbc2779d840c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2e0ec3d71f2637b49481a11ad008285f

    SHA1

    c6d8c0c2949e842e52a285597ec9a5727b0ca21e

    SHA256

    21167583f2ab1e0a7deed518048a3609da995cdb8f3dfc7d42e8815409b53845

    SHA512

    bfddc4a0e65895b62e6db1695988a81b9c1933fd9413015862bde9c939771289f73bb0a21fea37e692e9c1031f61851f6736320c9804656bda5f670dbd883865

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f7d98736f163c9ffbe71740e2efa7daf

    SHA1

    c05461be485414ad1760f412d9b9ae6deba03b74

    SHA256

    ad565a5c2b9727f946e87da765f02254b3a18e7251c7b71ca957e87193469fcd

    SHA512

    7d48565e7867f9d62bd52b30b634adcb89e118922d3a2a55a1088e73bd16cbae2add96dc90113e98107ba6df66f80e8eb515d0cbbb9e0ebf9f23882dd013efd2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cadebbee422bf7e6f8175eb4480e2fa3

    SHA1

    92e466057ebb5f3c41b3b9e01a861f4c03b4bb58

    SHA256

    6c1cdd4344085d9a4dd09f430f11cb62f60d513a4dc2b5579adbff6182825e4f

    SHA512

    01bc57f464c162c7e39109d259857193798ef578b2e4c68e57c1164d1bf9a1c62c6353ee0d8e14cf749e2a6364c627252801b714ec0ef5c46a1de8a1faa3ac2b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\64WRFCMO\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab95BC.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar966C.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\4S4ZNV49.txt
    Filesize

    606B

    MD5

    bbac639bf22ab98c343881d97f689281

    SHA1

    9b732b8e28bdb604cc524bff682d0c0e0f21f840

    SHA256

    caa465305c0f5ab2914b3d0f7fcaf81ab7ef6f00dd2889a2112beb6ec91e943b

    SHA512

    eb5397033dce5bb68d0b8f8c271b72f451bb1b6918b292dca7873f7fa48bb1c696327fc079566c9d4a8a113f3eb02d69bbe1852721b41131bd0e4e8685b084ae

    Download Submit