Analysis

  • max time kernel
    135s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • submitted
    18-09-2023 18:56

General

  • Target

    license.html

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\license.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2808
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2808 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2544

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    c7a62e45c0f9a6e3e9d32a0c836728d5

    SHA1

    ee28b99f896c741187596ffdaabdef32e642a655

    SHA256

    dc7770f5bfc07fe9a46c51af8e0c45799e95cf0221dfdc438dfbb31ae2b55266

    SHA512

    a9bf5d478d387e7e168769f7233e7baeb6a57f2f4e280aef4035a438312d08f0c5925ae2f553d5a5cd57b5173ab3b4f0684f320ed18daeca3e9c3ad0ee36b9ce

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    0ebff35a28684fe93407e8146b811018

    SHA1

    6873343db39cf96206798ceb9a5ebdc3b5674e02

    SHA256

    8cafd0bb397cac78f37cff24ba7fda08ee8fce46ce2171bc48fa98557c5e690c

    SHA512

    2a555bbb75d9077114962722ace1dc9a8edaa87865886701bfdb5cc6cc3746f75eeffd2b562afbaf0800fc557fe4353c01b2d5d3bf102da4440340649498342f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    c5b94af89daecb387766ea8542bc78b7

    SHA1

    d5853d4c6e8f52cd77ae861f6940f5688531a848

    SHA256

    716deef8f614298770a636986983cf05611628b7ee8b2f6a577ed301643572f6

    SHA512

    04d49f33dacedd997134608c238ef588c4d50242e4f1d69e05bbf9e69b0c34b3b6bbf0bdfc99fa2b09cd27e02106645840e6eb8c0da90379c2b3f5c3930d6081

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    03b055b17cfcbeaaeca57b435a67f896

    SHA1

    aeb09499f4f586cdce4e75242963f66076c2869a

    SHA256

    118cb659bc0e334b52d7ba932bf069006d997436c591b2146d72381d6468fd10

    SHA512

    1e9be67a1f701963fa856b22efacbe9d2cc6d877e1e3466a1707720f715ea41a531c5a3ec5ea16ab5ccb6380f5707cdb81b700307c6f2013abf69685df885db2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    feceb622598aca00ecca2324f0dd8e74

    SHA1

    5b4cbdb711b9dcffb9eff42071703787e3df2eca

    SHA256

    cb2f6d2dbf5bb6895330fd5c60e4080071a9c2cec6161ce2890fd5ca3fa8d628

    SHA512

    5547a6e2be26e785534a64269657d7e9b62792bbb521a243a101191dc7bf5951cebe450495cb582242472e94539c033f5bc4251f688df12679fbc164cccdb71a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    8adfdf4564831b4513227645a29534ce

    SHA1

    f2c740c2d163ae2f627191be2d5b0d80a608747a

    SHA256

    5ed153f7e064be8b8c92eb3b1a7309bcb28a400df2b73f928147a00c8086b563

    SHA512

    8d96cfccc5dd382d8be8f5df3ec784cb32e80dd2c15253b83b73b8b65feed8b1a0b7fcd1679bf84605acb34c16f1479a92a92c407cece8c9d079b59577452e9c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    366173937593d286524a928912a680b9

    SHA1

    8dae9c5d337e0e9d48c87322c7d90f2e36445747

    SHA256

    d87ba79b2957cb6b6b3e116a9532476e86ef1ccebd239f1ac7e71a78505aa837

    SHA512

    253f80181c7b9797d184af041524fce764a62f065c2b2909393e48752373e4ce07cb57d91eb3241dc5cfd71cf2ea2a78308aaf4bb4627443be80b6a6aa8e6b6d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    b28c0c527336291839b780084829aac3

    SHA1

    5d935367184c1ab428b6e6ab20472a9d414558d8

    SHA256

    6bfd2cee0758e761dd47c2f15a12f93947b6212a6cd574bba19b048505b2a36d

    SHA512

    e516b1d54c2a02db5244fe1f5d14d027aeec5b509505245199c622911f9a4806649fa6091c7147606762c264fd6911bc9b4cca67e583ac48f31fa3b05d484437

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    cbafc23be0186a375d918fad99589ec0

    SHA1

    739b3cbf83f449256194ae7d2d9a6b707737705b

    SHA256

    02281756a30dc6b6e7f3b8bad397b0ed361e1badd7a17a42e9c2f2160aed7b4f

    SHA512

    bf95ed9c75a95110ac4a3aafee322e175af538130d44e3fcd994859fd26a3c17ef00b72114a84d88ea778fefc8b17ea30df2677c8b2f36a025d60be924dee470

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    7c2745a72d755c72bf2d315b5227bd54

    SHA1

    0c4a1e522560cda50b5cb11fdc1dd33a2d239897

    SHA256

    7572cf794edd3808763c1efc07348e1d42993803e4035b9049c51932b66c9e3a

    SHA512

    20f10ee2bd806c23f7c3b7e5063313eca1a63c4a6decd0d360e58e15b5141c70dfa70ad0ae5271fa703a045ee5cf33aa7a9bcd07660cd6d6b0f8e6625139ff14

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    382d605153fadc84879834b7e90eca7e

    SHA1

    bd5c0f5307c0770ded4b3de772778342b1462d3f

    SHA256

    f6d9948c50542a2ce350129641028017e5357883c1685e3bf3b333eefd19bbcc

    SHA512

    9bfc60aba28878e2043982ccb015ae9c164bc9563cf2f25dc9dd9e8aa6005bfcfc82b3e770d6963c51f20b019fafaf9bbfc83b2240fcda3bfc01fc7baf3e28ba

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    97f7bc7ddf27ce4592faee3a9efa7c76

    SHA1

    d9ff78121b0432a8194ba6ee4f3aa8b69fbd70af

    SHA256

    8a0ca13b89a935f802a853d4307ac836216214764406deb252435ef14eaa6766

    SHA512

    83c65547eed3d9499e107c9c3fb5b6c2030e2560900285b55416bb2517ec9ce972b67a53a004f8f46a998e7690da7ded9c0a203b6c6399cd167247fb7439d19b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    88c3f228f80f9aea1baffbf9886932dd

    SHA1

    13b89696d2beb97912a512f18cb86f40134db7c8

    SHA256

    3f2b1db701d4370b298549f45d562806f70850048abc0d4ed5ed1ea0de13392f

    SHA512

    30f0f592f66374dc6863d22766922bd3f98a133f226147ca31745c2cd04ecb30614447da910a5c12b6b1725d8802f0a0ff8fb5300e27b910876d234cccbd3c96

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    619b7082871468d599e0d9c5e2147170

    SHA1

    d5c31915188e5748687ce7b9c570d9c2b2e2f128

    SHA256

    fd5ad1cb7d1c411807d84dfd9f1c8819604191d895c0a9d49ecbab9289448310

    SHA512

    66dc9693c0880cfefbd0c7b83b00f4a298c9455a1f24e8d32d80e86414406f91f338d82585f57c29a9f4f004f6c7e207a1997256cf06adcb35a89d021664489e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    924d9bdfa175a4100f9ca48fb16174b1

    SHA1

    7c6819c2bda63287437bec8f05601219b5822ca8

    SHA256

    3d1ce0c0322d736fa5231e8a8dc2c3d066347ffc6c9c4ba5ec976531c8543b5c

    SHA512

    9ea289a4c700db4c70c3cf5054670678bc04a773585b3cef56275bb732001e724ad817a4ebd4020d79e50e475f12dbc24cf7213c5960b3c5f795d7ab5f2436f0

  • C:\Users\Admin\AppData\Local\Temp\Cab8BBF.tmp

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\Local\Temp\Tar8BD1.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf