Resubmissions

13/09/2023, 21:34

230913-1ezzlsfb3v 1

13/09/2023, 21:26

230913-1apm3sfa8t 5

Analysis

  • max time kernel
    295s
  • max time network
    157s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    13/09/2023, 21:34

General

  • Target

    http://1.1.1.1

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://1.1.1.1
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2200
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2200 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2652

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          b8821b4e5b4e16cc32aa8e543f43384e

          SHA1

          bcfbf15ef2b2da861765e16b1c4018a02a65c413

          SHA256

          1ad83f54f20a30f963f3e8ec458389a6f7649c2d096712635135224014ba6f93

          SHA512

          57e30fb4c4ed4cbf03c917e68c9f56ce10a7eb5cb83c056fbe71013cd8c74e58c305b1d7c7b915f1d91a8877e5ce4139f69d434ff76ce6678e860e56147d2f29

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          98b266c3ed636970eeec0f0b2a24acfe

          SHA1

          2e17ec3ecdbb732cbeb31e70634406e1bec80d23

          SHA256

          7452de8de9910f958dccded288263d1685bfa7ccd36b671b1cb6b0402dfa23c9

          SHA512

          570b712cbb786f06855e670e065b12beed2f7cb3f02c5803b2249ac525c3d048117152e8a229fa61f4ebf80486ea8f3da421e272c66bc592bc403a773559f4ce

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          69c3f7ccc6e343e251316fc0a1b31205

          SHA1

          54fa995ebf0d0f566da317a6d898a43e3f066453

          SHA256

          409ab51debcc9580192b85aa14bd6cf876ab2bff8094dc41f32f3ac4ca3b0024

          SHA512

          db4de7c56f5457c5ec362496faf7f569ae8a1e06754965fabb60777827240f3a3643e69db9563ad13a19db11e9588d9022510573585899c7c4c2abf982ce5c8d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          40e41e67c5e3ea7851309374a8ec0f81

          SHA1

          b7978717d2de064b10905eb7b5545933091233cf

          SHA256

          73c4c1eeae49ae7b0911a65d8714a92adbd6afd0a0b15dc667fc7ca873f00bec

          SHA512

          80cbd1ea9c21716c2167d80ba81352bbf3a9c8fcd4fea2c06a7863e9ab444a2a8c8d0af45bd1961f9149eda327e84373a524038ec677cc01b9c4f833c4da466f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          8f254878c5f7c0439c5749a61ea95170

          SHA1

          d27640de7893c4a10ac956711f68a71a8f74dcc8

          SHA256

          5e42d447026056cbe488a7e975d66d9f49b6e75379e64c9ee119fb4ad801b524

          SHA512

          25a829abf8b2763b418d9f3e2a0dd9a0d20788468f05dcbaa027b26ef246a4f7fabe9d70ed3838f73de6a327a4e16f23e747cbb436ff559e2b7f8c352a036eed

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          b22e7ee9816f15bac91993ab75261ac6

          SHA1

          478976e512039d2513bfd9b1bec9aabbea06e5db

          SHA256

          5d190a951eda4fb4512fc408245c812678994adbdef441483662c48d348dadc0

          SHA512

          17f9e6fc6468c9a3f608c8f87745450f469bfc5275c1a3aacce564e9c616c878b5eee83f9b2717e97e330d442a8201ea106b2848b163f266a9bf42dcdddf3f62

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          051684e65c0dc13212c6136bfa70bfb9

          SHA1

          e601e31a842caebc489ae37603094a76f603ae50

          SHA256

          119ae382c0df6dc92e98c727dc7424faed4b2316a2e37d66db11278bf4cbbe9f

          SHA512

          9213d3cd68a0bb5b4fd16422eaee492ab6f0ea3f2dc11a8783ba8b6c1fcfea06f2c404ee7b40f2f8b5c29e42ec3fc9ae5d89ed470f6a22b75890c4a4870ee0f2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          4374392a9f98478f576394992971c9c4

          SHA1

          c64e37981ad817803e080b71a3f0f71d4f8141cb

          SHA256

          6e182892b1d1213e36d57fb923ebc1947ba6c1fb762e017c196f16a12916ef86

          SHA512

          96b6afcd9170479be2c454249af5585c6ea507325bbe093a60ae40cb87af2e468389653a07fc1de88979a9b94b7e14114389cbcbd0b21f6b2cb234ad80a5c3ec

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          a01907a967d6e2d2644fabe8e98e2754

          SHA1

          e31c95b81b674a38ecc00a1e3060b3ccf8c6beee

          SHA256

          261b380e11fdd0c69e46fb3c673005936fb78af8fbf0f6385d96c5cbb61b5373

          SHA512

          d97cbe43ab590279f5e43ead3746448511b24167c19ea21265cd57f52030459784dfeb6bea35054001d1b9cffec5282c6103ee82086bb905b746dfbbdda01d65

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          7b36e1ea8eeb02752231b9720ab4e55d

          SHA1

          7f12fea8a5d3a75149159b4019c9fccfd44ec833

          SHA256

          f027850cbd9912d9746920a7c3ab87ec24b18bd28ba6bdf276d04f0d7e5d1f8e

          SHA512

          5caf0b9f049cc7a27b720125afa63730e81f1d2e3e3445239167edc6768d08cfe952475559a669d3d188c2591b0c77f78deab48063d0e1015a882bb70e6f1c4d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          8c2d845aaf6c22b844c57347c0f2b059

          SHA1

          8410956640d332556a74fa76b406fd7b8a5af1dd

          SHA256

          da3c102e7433018430ed9a94d0e0ca1dd1f4f76edd98586562c4c0699dbc2877

          SHA512

          442cfc5781eedc654fcbf076f470354b030d472f1cad8ba5e1a42fa98dd4a1543dd80c37dc8b1740ea0e1d25e3d4f745a118cf40bf9cce2a1d736dc23dfecd64

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          d92eed4a4a431060886cccfe12c329c9

          SHA1

          287118ab9dde3ed148092a961411a5255dcc7645

          SHA256

          5da3668bf953fb2cc91724190c3503d4278751759d45bfe52f287ea85144b435

          SHA512

          7daea138740d13aca69b5fb435187f766ff738928a94aa30633517872c5d6f6ed43e20ed116b0906267d6241d5728df877c51cbc3ef5e222c72423cb071deb75

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          895ae13a74aae0b343bd9e097f09fdc6

          SHA1

          e706e1139a7510c5ee4478e70fb77eb7c6bd7fd1

          SHA256

          2da6971ba7477eb1b66343f8848813f1460cb9f67aca6a42bd0969d80db8ba89

          SHA512

          395e5274b8bba457d1dac3a0115eace4e853d8f84d03d7ed1f7bc312f72fa885fd56216c677fd4814999a504f2b426e80c3ec251e7a32fca29fb1175fb6121b6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          7738b28029b2bf0dbc43e422e636ac4c

          SHA1

          02b9bb9960500d0852d9910eb21a899a634db674

          SHA256

          337e91c3216d35107d54f029f2a58bf4d56a28b9149152f901f68995cd005854

          SHA512

          041acedea69eb27bb5ab677faa83b8d009effd2224b10cddfda451b63b7461a435dda5e2bfc8d1b58058ee4e17a7ed1fb0959f7b416acae04a500b79dd199847

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          dac79b31341622b44573a76e704d7f51

          SHA1

          a62cb8b0ba1ebc7af1b852c95f300b8e8b4f195f

          SHA256

          96c07b9a90b253bfe10dafee6c01f012fec963d9cf7572e50c51d35a4dc79673

          SHA512

          a78359228f0df308353e19f0969d748865d66d3703336633782d392dfea1c5b371e5a585f6c1546842230d7c6a394a04283c335ecad3b58bb853ba50688826d5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          79d7e906bc1a26ee811ce7d2a68d281f

          SHA1

          c18f7d32fa3c86a4dbbceee27bf656b35cad7563

          SHA256

          b4db7241ed92c16d64d07b23822b8cb0fe0ff2d8c4b46c8a64575ab366861787

          SHA512

          7131f9f7b9eb82a2f6921e2163b7802c72e8555d6ca6ac150e921a91f0cba3b017edc7210cdf9cabfbc89e75382f1fb387955055fc3e6b9b7c1d13d0a9550f25

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          ec63e8eea2a84c977f412697ecee8130

          SHA1

          dcbd51e3fc5544b3b5909d383f0c62929827187f

          SHA256

          e3fda833f05b9a96ea7b152f91dc030c95eefb679c025764d9e212d687097424

          SHA512

          4cac7d51d969f4edaa7c3ce72d74a0df2500de0a5458c63248f304eee70fc7aab1adcafadfc6d99a0ead7ea9f384263ab2b691a31c3fcb9c964695f06e48e97f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          e56365f28eb794cb4f3fabe830614f10

          SHA1

          20b5035d2779213761b76b6fd23b63a67e041e83

          SHA256

          fc31ab31a95eefaf4db946dea928257b77c6959ea2bb664a58701db8f2cc7de0

          SHA512

          fd07ff7e56553592dc2cad174a70d3d6dc72ba42e49e8df7e10aac0c8b96267f0ea1329718cb316f3f58228e1615a1aed9f036945dfce3f9ac2662af23451d4c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          706b96bead2c63b7a1f060bd12f5bc0d

          SHA1

          9123a2ad245e437d9639d12ae9807549003fbd93

          SHA256

          ef32b5c19134d74f525d91e877d530f7c9bdcf1495ab3d238652ddc25bb9c37b

          SHA512

          d8670f98e204e8b5ecfe7c68b39ac5bd3ec0d2a645cb71ba09d7aa987619055595fc34364504a33ffd84db79bf2bfdb7232ce95e183010fd3450c9362b7fd1e0

        • C:\Users\Admin\AppData\Local\Temp\Cab7B98.tmp

          Filesize

          61KB

          MD5

          f3441b8572aae8801c04f3060b550443

          SHA1

          4ef0a35436125d6821831ef36c28ffaf196cda15

          SHA256

          6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

          SHA512

          5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

        • C:\Users\Admin\AppData\Local\Temp\Tar7BA9.tmp

          Filesize

          163KB

          MD5

          9441737383d21192400eca82fda910ec

          SHA1

          725e0d606a4fc9ba44aa8ffde65bed15e65367e4

          SHA256

          bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

          SHA512

          7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf