Analysis

  • max time kernel
    135s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • submitted
    17-09-2023 06:46

General

  • Target

    license.html

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\license.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2020
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2152

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    12dd34349777701c80eece88d36c77c5

    SHA1

    db09106ec2e8b61124ae9fe5fd3ca1407e51e68f

    SHA256

    01cf6f4ba761f61e9223d652844a74e5d40f3ead1e78401e9f6fcfec1915191a

    SHA512

    ee82e14e79af0edaa6417e1cd7dc52e0640e31fa719f127f2da052cd84c63ee0fee88e5cdda2977d7fff2a381fd73e500e043cdaac76ca23318f66646d33ace7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    4a940c5e765a8e005ca44b30d5fc7fd0

    SHA1

    967bcc7ec78f0059b6c47d74dba012b2089572ed

    SHA256

    3a4c8cf278196ae7bd3f6e7af5e0df4d63d48280f4950b9fb5497ece525700c5

    SHA512

    c76a37997ae6806227b86b255121a0ed2a4b40937df87ee70cec9bab7b766a93ac1419cee9651f4273eb0225d6741fc12cedd3ff46f2b1ad28b9f585807e1dbe

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    8fe08f8fc47a6aa9fae236e081f4fa8d

    SHA1

    12a700f29d768680851fca9ddb0034c719f1f5c5

    SHA256

    5b6e074b2a298de1d8d8069af2efd698588e1f9e4c00898cfbf5c35383fd5b71

    SHA512

    7244ab348cd05b4904a65191347df98d0968ac63f34f99fe420eeb4ea50e50471086acc90765bcb32823dc26f9bdfe3ea74da4018c31a624e1ca4e5c101c17ee

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    ea61e438baa83fd45580f8b36b23fa68

    SHA1

    e3209a4a4930768a2492203f345c5a1660049696

    SHA256

    f84d549865e07571f6c4f07a9f71ab08a35e263c97902e9933e2e1752348243c

    SHA512

    4c54811dee9678805f668dd34426bcae5869a1a65da8f08f99f8081e46653aeadafee413c06ed7540eb702a6f612c07fc893040721120acd4da69d26ae094afc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    8a05e39cdc0463caaad05c9b810f34b6

    SHA1

    f51e876be1f35ec0d29df02e631d27aad5cb5360

    SHA256

    7788a0673f88b8ca2aed69ae45e8e8a69785452b541c066d6df7a26e2bc6cac6

    SHA512

    ac59b0651ca64e55fed7b59fa7182607d87b117403084b6826fbf6f34f4f8afea03bf1bda4dc2ed108410ce6b6aac31c70b1fb5b934c4531b27522c1fc7b15bf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    0c831276f18eea572c5d05de6577b7af

    SHA1

    e9d1b2729dc2143192e71b2b52e717004a7daa6f

    SHA256

    6b27b4ea618b09266715c15c3d5061c606667480f17b0ab88a43dd5a93574c3c

    SHA512

    67088d3342ff75a73a8b4e66b6fcce2d08fb89f0a8e0b9f25a0c4d6e71bb17610c5829317b66122fecc273fc4ac1d2cc2f2ebd092c59ef88f4e8c4c88c473160

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    3e54e6a0c654bb3ced229dd9cd2cae23

    SHA1

    7092f84d4938992064a06a9325936999b7040ef3

    SHA256

    b66592b23e44ad49b67693be47135bfe0769b14ecfc03242ab73da65d8926953

    SHA512

    8ea4231a9537746b438c2aea87159f4fafd9adca963bfa8189766ccd4438080dc973b5cd3d81bbdd7fd502045fac50ee77d8d93fccf8284eeea8ed9e2ae03935

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    24258ffd9feafb577ebef23041063b9c

    SHA1

    da415d558b67cbab91acb56536434020a413f053

    SHA256

    7333c0960ac0372289ff8a7b4dde7e95bbfa7da62412c470cd3f6a9f14b271a4

    SHA512

    b61eaf6c5293d13493c044ab2f03797f286aa6315cb37517492bd18871cd8ddc41ee6718aaea771e13c2438b97d4871c7c89cd1c02b518be4a598c52e00438dc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    11510004ee100d6061f7c3f7f2ae4363

    SHA1

    4bcd6560a26ceff0bb99730728c7652b3d1cce87

    SHA256

    d98968ff33b8bc55dff9fd5a4b8909c4dbcb43776b99b537ff03ffcf5b47d679

    SHA512

    3e138da672613c0b812d63027371cce24c8fb129c70911a898775aa8b33bbbee907df92dd7fca69319ba75569925deaf9d83d5e1b47cdf858ba0c5e77ddb4150

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    35f551ae556fea73a553a9e9db94f0a4

    SHA1

    52293f499fb9dc721813c855d4038de29d976e2c

    SHA256

    419fbf824142c6f65812e6ff4ff3531e7503b26799268264dc6724c48bfc015f

    SHA512

    f4eeb6ef12b11ad711bc5061aaf9021ac67d3f5c32d5e451d6cc821c997188b3f0bea96d6723eadd9a4f4d79cbae411dddf82cc8b0d79231aceafc4df92b6fc2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    786a9e100aa65f3f0395da1e9919cf70

    SHA1

    3aef738994f9db8db378a680ef88e65f869e64dd

    SHA256

    1f662d0d23588809c04493b5ae9d04232b220d62f14ae4f653ea9fd6c437e2bd

    SHA512

    885e7b705d78226775b99a36fcb73e9b6133cab8e6f716a0af4a5171c50e1b36c09748c7fd92eff8f78f76c59b773d6e323d78d96c5266e19890b032da764891

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    f5286edc8f44c20251f18619b54715fd

    SHA1

    d238e5c73bf82cdce6e8809d70cbe2b2ab168d1b

    SHA256

    2d301a2d3d1edc5cd65bdbfb878526589fbbd6a063058e4c31609c8fa3332801

    SHA512

    1b6d85ed3a71224dd94f1f1d2c34a7142bbdc72a84ea634573e6ff440c91f8e02e5c000a75fc234c1724c4ddd17660417eaf4e9376d18f4b34aa2063382a422e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    8e8512fd88c8dae2f257a5a9523cb66f

    SHA1

    3181563efe2eba8e4870f4042e9bfdfe2e119be3

    SHA256

    6f6ba3f2a4b0aecbba44376bb812e765d1b921e20dead2216fcfdc8ba88ec43b

    SHA512

    f41becd8a9effe4c689f88782d97ddaa291f361cc2ec40f3b532a92833b9779d0fceff8118b504a9f8a2a3ea6beb1cfaeeeec27a61e25758f9d0a1f50dbcb323

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    dc0bbcc599d37a02847da9260446f54e

    SHA1

    d94e51845a4c738eb3db6223529712c42dc8b90a

    SHA256

    dc6ca418b47b09cf06588c19e8d55ac55029b3d86663b09fa9ed03c65702c2d7

    SHA512

    6eda72a1eef94ceb4598ea3fc89426a9f4e9542a7b19ab78b39c392d2f7789756e1c390ad7fa18420dd0f0264c8511e7d01ac799af212f341b80d0b9fb62d7b0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    77db18a5428962c63e2ea92a45a9316a

    SHA1

    ec5d2845b971b9658fb30fb5cdca38e8a2200afd

    SHA256

    78dcd705989d91a55522a78f3f5bb9164137b8894030729201b77059565aadcd

    SHA512

    9744bacaf710021d97e878476ebb62d306698add1e9fe935e4173109aabad9e98af0de88804b69b3781e11ad05eeee22bebff90badd9366cb9f780fc4aae518c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    b6d3f3d640d0aaa62b2ca7a864a8f42b

    SHA1

    ef771d4acfadad70e701a003dc4ceee8098e293e

    SHA256

    e2cd612a8fcbab300a3de52d48c481e91a3330a6d7a3a6de35580d340997b017

    SHA512

    9d21178dbd5fc8cfd1cae68a547b041995a4f222bcac762d75a1071edaa97d271a8ff92a454d9f42e146d0c1192cd0450e055f99a6e041a607ca5dd6ed959f33

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    243f787f8b522c613076c2498ccadb15

    SHA1

    91f4cb7f72159c78bdcd206cf80e56ce30d29074

    SHA256

    3e79dd67ca75deb44a85e9dd748ac81b3fc5e7869b95845b094c010d40387a46

    SHA512

    338ece44a6d121088c6141c5867f4e3c60098d55f88cf53171b08af546bc017f12ce2ae8dc6ff1e0f47201d189f307d5932e4b46dc6a92290bbc9895b58b5c3d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    121484ddae57c08be29671b5a9cfdd6d

    SHA1

    24cf172837b8f63599cea9845429d44cfbbdb44f

    SHA256

    f33ea4cd51976793dc2ea3d6c22e9190af47055ef9a232067900be618e1341c7

    SHA512

    ee94e25d08272105b38fda32d8479df64c1e702ee1750de256b3cf62d461cdf9b133b95f216006a722e73c1e90052dae7eb615b215c3bf90b2ed7e4b765520e2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    56eeac8a61591e7077185aa9c8b214a1

    SHA1

    6614af28eb1f598f5cfaec3dadfc9b5306ee9e1c

    SHA256

    453a7d82fa0a55792df766a6f07c76b68120ad4bf725c8ddb547e6563a80c4c6

    SHA512

    32c05f3095699f8b3c156eb61227c72abb9714d8b29e2a9c9e2d0e056ff8bc047587dc5355128364b3217a28ed2a76f83bb0e7693873b702c0115106f1766b0c

  • C:\Users\Admin\AppData\Local\Temp\Cab81FF.tmp

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\Local\Temp\Tar825F.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf