Analysis

  • max time kernel
    134s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • submitted
    20-09-2023 22:01

General

  • Target

    license.html

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\license.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2392
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2392 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2200

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6d8178c6e5aba2933151c68ddc9d71c0

    SHA1

    775047367e94d1cf9ea1dff963afaf1de70ca3e9

    SHA256

    d691dd84f46b23eb78fcaae4e341c4337829c736fb49a01d113d5a8892ca300c

    SHA512

    6345671f2e77c370743b5fe1aab916e87ad1f4383bdeac939a7a771b4655e20ee36fba65f4c885f0b7e6074d81a90a1eda4388eab1bcff1deadca34dc39a4da6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4f64a6243a7812af1845425346749a03

    SHA1

    a001e22460d18921b0d132aad6bfb2d2d03f4271

    SHA256

    4d0f674f904e3f00c770a9f7fe5bed7df594dfa3c7cf17d4083e927c083bc0be

    SHA512

    8bf78d73a71f82566a9f61802d03bc70c9c2a7027eaf0150b4d16a58255228db9c825f64d74bf4ed1e6cc6a8f41381051dad15a55586f89d7692bac90b0fd4d4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    15c989d676c36cfb356cf4b9907e8c24

    SHA1

    3528367218ce9127fd2634655ac667ec3635964b

    SHA256

    1a7978b30e09f26660791b846c0dc15dd186b7a9c998dacf1425108d3d88393e

    SHA512

    cbbab6ba0ee2350c7645f472608afad32c6376fa7b66da3791b37931e91f9be3501a45d117b74d72c662ae7073df2d013835d7c043196235ce59e1fbd816be57

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    99a08a9f662b4a8273b087c4e6be601d

    SHA1

    c44dccd3313e028b039969d5f5566029c6763371

    SHA256

    a5f9e8f0461613263a6d3d7232a375bd03f6e94c785b44b049de15c79f12103c

    SHA512

    e23223458224497a55e9b59d1228e340322ee75d27a2fd7cac3d986f9e86c56f12b80825b59275a7d240747abebccb6b8a3172a1e0557a1a89ffb16f6c16c210

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    095aa80d8a423f311add574f9c2ea1e0

    SHA1

    edc550d56b9b847c073f17b210e0f38a3f8c5e0b

    SHA256

    7f60288f92e73e14d26b6d40008a8967ccf2e7edafa511d47540cfc0010d0d08

    SHA512

    c658b14f20b43da36f34eb0682bd5dcff45e17d8f421b48cb8ce0b2181b93d11611df3ad38d5fce8d1a156b8990a94757ac9d19337b15ebcc0bcd1bfec1c162d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    85eca0cca8084e112405745fa7582861

    SHA1

    356d99a32895513fe5a69bd32687e9ee4092dda1

    SHA256

    7ffaf0897fb4261bcf5659b6c64323d07c72c97d2d3615837c64a88d8469b8e8

    SHA512

    75e3b60d1a305dff90142211011d8722571db94b6df3297197f7d7c52858b225bbb0e4d40eebf25577eba86d6e7f1d82131e9affd20fb0444a84ee4683fd9ce5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    34cb6ce23491eac4fa92f24d3e87d63a

    SHA1

    5653f4b2c1f2e4969cd49f6dc28bd6a07beecde0

    SHA256

    df79024fa5b7f68bc684a80e81ba9747006d53dd9a5b829148b32ab56211d588

    SHA512

    a697ade20163f11eae80547febc8f3e34fcde6db698b9ede6a529bdf62f40095bdf4f19490c33af852f06a3527c742727bc78163856b973ed36e49fbb92c6820

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ca7f4d57a1743b22288c65498a3cde25

    SHA1

    e2a84ad6528afa93440e3f77c7cebbf198e25baa

    SHA256

    7bf590b11597494acdfc7e90bb5af9ced64f66b742bd0729131b5a44c09677a2

    SHA512

    5a839a28cd542d366aa9132699b6ccf6c0e0dfb7f43970fb69d46ca7cf4b2300452ce8c7aa9912e65e6b3f50b11d91d0b5c661052a82f345c6b4f124b8a554af

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3f2eb697dbdbed04f08a4de990b33365

    SHA1

    276decf30e645f171bd5609baef8a13650d93f69

    SHA256

    92d1ede096bf888c4af8412350226c2017f959698ff5fc0d35a81a61bd3fadd7

    SHA512

    7f99c7af72f952ab8efac1dc7208844f08487ccc4c152bc90955a464c331ef4101d893ac43f1e9ae1bfb84516cdb7c220b180296e3c159f53c9babb4f0a4df29

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b6d32e21c3664e38fb16f8fd1caae5d9

    SHA1

    e4112a1e2f6925bf94f8d7f9b499a17a2c2c7f0d

    SHA256

    d41e298999cb48f25ff6fdaf3165c6ab1eefc2261a2ffde8020dc00624c25937

    SHA512

    5087e7fb4f9680a8baee9cc5330849165c56c867aa6564cb130f818b279bb862a35a804ec0803afd69fab92eb3a9247e39ba257779519cf8d0f41789aa89fb60

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8496e912e62f8daadbddbd9561535e38

    SHA1

    80bb41dbd07b2e6c7c9649ee420f85e3f9e085a9

    SHA256

    cf46efd87c7fc4afd77c6405ffd0efd90f1e41183d848f805ba8a3c128276bb9

    SHA512

    70643f84020d50aa18d06d23bc40db808ea5a157d8fc608c22be6358a9a60161894c186f77978c70b39d65a98f805f1cc12db73561875f15674cd2744d67086d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1bb4b20c7734617f7f1b64fa5fe18e1c

    SHA1

    3f165c4aaaa0bf3f86081e1252ed4a5ecb64ac6b

    SHA256

    d909aed63937eb20c5abf451694c0ef312f5f0ad384c84d3d5f3600f5738b476

    SHA512

    159a79b69cfc71bb470cc944b4e88983f58d855ba1aad1951a05bc11869461bfc980beb95dad81ab634908d0a7c7f6161b62d808ad21128a6f965dd84f68cb1c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2076d9920a03be545472a3dc9bc719ef

    SHA1

    8c60a662ef005b5d91fcc9836bf8daeb287ac86e

    SHA256

    0e0da56f3ed732698dc01491c93af952c71966cb3e81ab12c8ce195ee0eb1c61

    SHA512

    8670defda33a040566b7b8529f09764500cddb97adb5d1301e435edd04d4b1b72a2c9a4b01010be986cbb2eef6472a20ec86aa6c86544b567e680b6abc23f660

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    cb8cae636f331b34965b8a764ebe8d48

    SHA1

    8e0f9a818bddc00a70c2be8bdf76f1f970923890

    SHA256

    3a91b238cb91ca7ef64a19b08cb2e23a0464b44239649b1325d85fcae9c9b6e7

    SHA512

    e3d71bead18f7c8821bc77afdb63427130d2908af44b88621227853e19fa6da9888da7646f23c783ed5fb8cd497a172119a0d0e3f6485c0ac2b84903f88b75dd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8bad31b00ad596d880d6a9a03ace8954

    SHA1

    412baba3072a8e2f201b3261ba2e8b0aa0bb3d5e

    SHA256

    a2b9410b117a37e15605a7e88a418c3f077d79e2486f06411630d0eb34617d2f

    SHA512

    605daeb1497af99cd745d81e772454f56ddf49a1ee7759211655b50a4798bcebfcc5a9bcc89063bbf185ad2d72a6dbc0161ba1c9cb4d2adf7e4440cda6ceb1c9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9997b510bdd1bc412fb7a60b1041bde9

    SHA1

    f4e06705d27d5f65521e3618ead9b9e324442d3d

    SHA256

    25491586b269f3a8410460596c317caa8edd65199b565bbc7f26d457961846b0

    SHA512

    5fb60b5c767afcb3e983c49caf412d9a197846bd18a321eaf95f8b71132c1b33e03dafb8b4c27467741dc99e2b2bfc70e8da536aea9c9692aeef88b8dab72fa1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5b60937684b65176e313caaeff04e767

    SHA1

    b477db87101254c8cc25bae03a07bbef078bd9a9

    SHA256

    a6f7493406062d4881b0a2b7996da941a5de54b7948bb4b738880fe018e50631

    SHA512

    3e01a980a87a3fa68ec08ffa990c90ca151fbda2d5f612c3d230d2a687433de0004716a98d53bfef82b874365d0b012ef9729097ab21f29f57f97f5067e032a6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4a55d2e59614ffe3f09534fdff62223a

    SHA1

    8ed971b8e1160c7d081bfc328e710e7d0695947b

    SHA256

    b704f3e5740e2b5c1ceda04a12852c6ca1df711fc228146e1c8284ece5d007a8

    SHA512

    fc1b0aa1a7ca9a6b9fc2ad34d1c7a3210bea62efb45fbf31483ed8a0dc6efca7ae1314c155b0ef45b06a4a80f0a33e9bdd1012a9025aaeb5e2782b7da523d350

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    23fe143276bc418d36f7690d7edf91f1

    SHA1

    943367cabac6d449b7e4c2e3792730eedf633f89

    SHA256

    913746a1c3e3cef53657a3c14c8d302f09fbf52a4da11d49bd54882d3c2d4377

    SHA512

    ffb6ebb4b0f8229edc077a91588c628f4194b59d829d6c2366b9dfa98980898ce0b6b193b413f1ebcbbf5a31ead841243babf4713355d5a94ecf0c3054e84af2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    34ddc0b99498e179f11793528a0cb638

    SHA1

    2648f43e7bd7ff9d3637539402996ade484ea8e0

    SHA256

    651798850d32a6bfbf2b9c6b1d3a2a451448ac532ee0d6f9f2689420ef2d834e

    SHA512

    7a1624d424c90ffbf5f20c1e5aeca3e86d153cb395a1ce2871b5cfc258b25503c06b283220260a0e61ec3fa859d6e053b828f74acb7dc0427cc268d228ee08a8

  • C:\Users\Admin\AppData\Local\Temp\Cab5998.tmp

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\Local\Temp\Tar5A56.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf