Analysis

  • max time kernel
    134s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • submitted
    19-09-2023 22:00

General

  • Target

    license.html

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\license.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2176
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2176 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1504

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c7207b96aa4242e0a86cb1b107582b42

    SHA1

    a8315338c43a1f4f8afcff1ffc74e7cba3dc2710

    SHA256

    a61753a81caf56dd0852924f85e6a7c504eef58ce959a5994f17d601871f21ee

    SHA512

    41274179a44e8954c9ec2ffc4bf022320ef29e366c6d6f2843205e48cce7baf48b042526eb72e9cc8b0f5e33ed9f590f603406ae82cdf1ebaf5121dc4b261804

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    71413f7e6cb05b03556b11b31ac9cb8c

    SHA1

    b289361b8dbcd6b9827ef4bcc424d2d70cafbb6d

    SHA256

    2b38ab381ed358bade537215130e5cf8e3bf0670cd05427f3661e98015633e2f

    SHA512

    54a6f4413c28b40387ae564a7892c2c6e73581790db3d93c27e48cc808fe5da8d41b4ad3e4049e1eaa4ab5d5ed93edf5bfeed2999f989be2a84fd06ad24db3f8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    bc8ba350dfaf54b3196a4bf8387fe075

    SHA1

    3b568adc7f7d4a71dbbebd9b9d9fb3427d637462

    SHA256

    ae3bfb80f7f9f7832a29500b4ef42503998b27af8bbccb501098cb14c94dffd1

    SHA512

    52ffc7d41d5de0320dc24c59271e7919ee98c057868cf33e62b40d2d2a4b5492d2ac7ef47bd0ed32b534653f03e3c204bd3a456c367f2a40c5fa6b913c5dd1b2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3678d0dec932b6c1aa048ddfdb04c0a6

    SHA1

    3179912b6f8d73d355c73595e04a9105bd8a3c26

    SHA256

    812aed34f6a85cae9f9a23049c629d81b2607579228b912726a986175eff5927

    SHA512

    c5bc7dc3ab9a5a59793404002384bf94ec59bf6d9d0fcaf679f1c76662cd8295291a3c43712be8f4ada5f36cd0208bc17c1f825a8ef130c51976fa75569aadcf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    69a1ff1b784fec8262b3c0bcac327166

    SHA1

    f0fdb50f47d908cc642246ce4d576747756e8447

    SHA256

    a05e728abf6462fa749144046e7aee72584373d1c2a85236f76c8922c0ea1f11

    SHA512

    dd56e7aceba6cd77b0c87d2ec3ab5037904767f5ea210f371816b3cb085965e156e09235b35fbf96bdbfe64c9b0ee298d76f8d7122ed0324ac55d60705d7df74

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f91dd00a984b0e01da9143e3868690a6

    SHA1

    032479f52621b63ecc31c8157ba1a13600f86cbb

    SHA256

    d1d96b410f95809f5131391c085e4ce8b369fe2f3d887c44b94eb19fac1a352c

    SHA512

    c463bb4fcf9abfd83d90adaae8e687a57e6bb41ae93389c76bfbd9f489611ebcc989902e453411e2153a1fb3a39333fe757170cb33e988442835f4927398ac06

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6e01a3aa8ca95b59afd582ce86e7d4dd

    SHA1

    0173e6b96bdb36940f4b73aa03dc7151027ec4f5

    SHA256

    1efee7ef65479cab112ba228118cd361ac2e6b55871a0a6d5a5b5273cc266ec7

    SHA512

    f158e18ce8b49aeed59db449192fd46ce91482096291c1feea065272f875e7fa29731e3c7638f46be157c31a5bf73bc981b8757ad4cf2e98d465412400c08014

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d88e4316319151be7ee3ecc15bc75e06

    SHA1

    4c9d096da4507ecaeaa6f95b2a656aa6619acfbb

    SHA256

    14004eec0a7c1bb63b8b575ac050e8370188a0d086d942a6a61e2c5d37c259ff

    SHA512

    83c1b666ef2324b89a3110868ca19350be3c0b97482f4a9f665deb3fb248a4c87d70b4bd20a85c253add0a04e728b9ef1a3018b52e9fdbc93a4c1f65c5637aee

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    da3cd93dafde6a3c0c6654e793fe4051

    SHA1

    97426fdd416e3cae2ae63b5b672549a92320522a

    SHA256

    2a23f33101f0f23a3179c5e57487f825dc14f3db0079d6c7d422fcda551b7b4d

    SHA512

    3a00557d0a4c5b0995f2744b588f77f9fcc526034d7a90490996e4fe514f2a714df28b3a78700c6d020c7080f82d33c542893b2a99cdbaf1058b65a019f06cda

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    686d86e4f366018c055c3cc4a3bdae97

    SHA1

    98d6312e31810e09e38f6f4ea5c68163a33079df

    SHA256

    6e56524e40384e35aaae1414c2063412713f15e632ba0dcf3f337da731b425a5

    SHA512

    62ac37ea5dd61aea75b629b18e98efdd94fd0b3d6f3eb3a5a2983a6dafd08baf53f4c5cb1dd849f24c6e3ab7342e8baa505c7833661ac0ecb2c15edfddccbc53

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e6031ea0d659528630519f861eaccb5a

    SHA1

    bff80ad8df07a0521d20df7e1bde86461a0dbaad

    SHA256

    3fec3804bce28f43037786f978d9b9c7778dbc22459a7a9ad3e29350483620c8

    SHA512

    0482afa1fee9ad9efdb4c116e0142e783cb856492f9d74d770deec9dde0629339bc9bd6a8ee3b497202c43c88c2c4f2becc3869fdefdbb7ecfa3f92850ee273a

  • C:\Users\Admin\AppData\Local\Temp\Cab602D.tmp

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\Local\Temp\Tar60BC.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf