Analysis

  • max time kernel
    136s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    22-09-2023 01:34

General

  • Target

    vpaid_html_template.html

  • Size

    16KB

  • MD5

    e276e92e96646fdac5a1988074f33954

  • SHA1

    1a7aa338deba5f148ea18666ec1ec4fbf5ea148e

  • SHA256

    4b8fd03cf268f9cd2f7432e13e8a7862760f7a6ed10bbf96dcc8232d2d382b42

  • SHA512

    8425f53afde718047c310fc74a8d3924ce47f61f33fbb99d52147364244b9252b87ce1ebaac80db9d27151d0969537737c042e0f615e354bf2edaac6b13ce065

  • SSDEEP

    192:mrLYJFkVvGFQshArPtP842+Lw1wOEeR6kad8bWXSrJEBOn8TsjNC4ck8aanlDTt2:8U42Fn9qW4+EQNuSXIlodoG

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\vpaid_html_template.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2964
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2964 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2080

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    725745e39d947a7e1a083869c8daf462

    SHA1

    65a6df255a7b1c0a4c59fdf10c527a2a8d2e3b56

    SHA256

    10e23f4951a4fb5ae32c82603c25ff2e25ef5377e0df0ccf86a24aa511108873

    SHA512

    19427fe97b2e86bfd88d2d7ca92dfef91b66cf2d0153c62b70d49b94180384d5e58106a726013ab3ae96aab5933add199c76270ee473f3f32273ca05902ffda9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0e7c1f76ca09d8a388de0147bbf755a1

    SHA1

    0a87233346afaf2bd8d6daaa4fe090adbff41269

    SHA256

    b2e96aee7dd4711cb3b9769acae4fe91cf5936326204b985b88de8119800d53f

    SHA512

    a28dd53ec15c83443be67cee2455248f21b10441ba8bc90423315bbb7bcad96f29497068449c586146af7ee19304b783c98867e779c8448907394e05fd3547ac

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b1a14b60285e824e272874128b887e90

    SHA1

    e2be839ca3aa4223e4be0aef7efd0516b8bef640

    SHA256

    55e8c85404a00228d51c8f963803658a338c3774b1ae5141b9e9b62e3a4b36f6

    SHA512

    927fe3fed90a6daa6b25c66b54ece48effb92027bae08b39027e8ba26825bc907f41655c46748ce71f92b71f2e34f4be95ef745c4f63cacb129e052b1463ade5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c05357993d3d105b6829c1d1f006c441

    SHA1

    4fc52ce6b8d86963a24128c921eef2422c9573dd

    SHA256

    4eae8b5a664637708f98cdc58fe3f197e243746ec50d5e6bf77f4fad15eff914

    SHA512

    0cf471b0f7618e127eba541070f2a4d804f63c3489901c0ab514667ad2d6a820512b665adb4a30da00c337e4817294b81759e805c451e89f3b93719d75674ea4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    89e2e0885bb7effa54eb3b47e49390bc

    SHA1

    e870b175d691780da948654e22ca8e4425556f7c

    SHA256

    4b744d0bde989eba5ab2e2debdd6c9a9706e92b90deccb301656b073ea37d08c

    SHA512

    0e9d81666455be74aa5dc52c1a572ede2825f6244e5a1ea50a82c2c41fe6c536bac2b6cdbaf2e11345f3012c590a7a5dfab8dc16029002b41a35208394915b0a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7b1c178195a43ff00c1445d1aaa4e0cb

    SHA1

    c67e2d5d1cdc711a93e170ef755c43d3b52a85e3

    SHA256

    071f73320ddc3520e3681076dad654ed8a7d91fd8025d9198f1e97904c7692d9

    SHA512

    5c5ff96560157a4b224f3f52f3dd079715b83c747e876eaf01e7828b5fe5f434dca726b20e42b6df2f03800d3d0e9edf4d6c0f1f6f5faf90a1c42209ff9907c4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    23dde9bcebe5ec1867db3ce2344ce8dc

    SHA1

    282adcb5dc9c4928a7a1702f670cd3fdb28dc610

    SHA256

    903af8b6da99d13f5d3fa0e1da8dd8ebf85058826b270dc1513ec7b600829a51

    SHA512

    b4a6bf158e3b52d9ff742e6b59fa1d656a5146a6d5428ca0a8b0cc8e8bf18010e21b2eef79428760d27e0d94e6968558ba74a2e1eedbef8773a9564c9e8b0f9d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f73393d2374a4b417d6a536a5ff3f97d

    SHA1

    77af4552a05bb74e95b67a0dc2458c70d875b711

    SHA256

    56d496a8fc155d5d2058ed4981519b80a77a41837d03d61319fce2bb24abbf3a

    SHA512

    f8628f0b7fb8274ad1961b0bbdb3625723835765c9fb5e77def43ba25c4721dc51994bd4ca631d87efd08a9674cd1b68bd4601b5701a41305c1f6cedb8aa60a7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    601f470af08e2f5426a12e16b717edff

    SHA1

    0708b8b57fa9ed43e40131236d67083eb2d91744

    SHA256

    b6166ab43875561a3f495d7c2359eefd782df946b54bc1807658ccf4d9bc75f8

    SHA512

    a602e26cda63d2c5906abdb3b10b31ea43abf76198425043babd1d6985f11407f2ff891461db05f21d17fb388a2f641687b7351b289fc88d50625a3b4cf45b75

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    601f470af08e2f5426a12e16b717edff

    SHA1

    0708b8b57fa9ed43e40131236d67083eb2d91744

    SHA256

    b6166ab43875561a3f495d7c2359eefd782df946b54bc1807658ccf4d9bc75f8

    SHA512

    a602e26cda63d2c5906abdb3b10b31ea43abf76198425043babd1d6985f11407f2ff891461db05f21d17fb388a2f641687b7351b289fc88d50625a3b4cf45b75

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f9ee97afc6e12bffa9e4723b4689533d

    SHA1

    6959cb5bc3265691d13fbe4eea41fefda70e0ef3

    SHA256

    e843437db87e6cb0d9e1355335a4723894562d6578f752d55d1d1dc9fbfcd6e1

    SHA512

    4e741123410cab4dc50475a325be9338040d87835f36a66b949dcd573a07270858195c5bab2cb1f327a9f44b909874b13e653288da2444b10328128127e9dbf3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9dc690d0cc0a02b549c8eb7d830fba60

    SHA1

    aff4c90ea4a03eebb6164c5a47cac667f98eb783

    SHA256

    60e61d1d2417a823513c37b02d8fd2ebec3595c7e552824cf091b5dfffbf6d5b

    SHA512

    fb00dbdd433c4eec4ae6bc8ca1f83171cba7d80fea10a716aed89728ac18e8c7c2da4128c1c809a2f5057018a74c77923e6af46662bccea2990560b68a236602

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1089bb5eefe9776637777d63f9cfcf8e

    SHA1

    252631dc8706f145413829c17d626cc5fe9aba8b

    SHA256

    4b84220c0e8488b4716bfc8d56a631d6acf5f96cd97c3f94d75f6288d912fd87

    SHA512

    3d1e4d6e8f85bda22929c959827c8064c23103055b2aeaeaa350e0d196ad785a63cf02311e90c517fd6c15329d7f6b3fdde8426ad0b210cf6b5bd7ab25f212f6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    bf5684674a5cc3105f852e7e9de8e4cb

    SHA1

    bd4dfba5640e7aeef266932aa54f8767b28c3d77

    SHA256

    a8c82c20bf9b2822313a813be52195afc1bef74e577a2c736a105693f6698b3a

    SHA512

    0e590714bf6cf74a5f006a2836886fb14b43d10a3ffb6215956a0fb275fd9a5e82e8c49b8d7fca5371983b7619bacc16974bc9473b1dea68f48030d49c3c4fb9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    dc5b824de36e932af618b7c6438f6e3e

    SHA1

    d14a9f8b92c4d4f9e08d1e3c4669c07ef659bd8a

    SHA256

    e5af6b0948e9256bfd8dd6f44dfee1778d0bb295ac7dfd9eb778567b09c95e24

    SHA512

    a9ceb5f448a750eccd211f60d6bb5d637e12775bcbe361c6b2528fb7f40ba71351b109ac50b7f60873a63b4e0dfe05e62c004fcf4962de50c5d6d38b4b5d1591

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b52d6c01249c1a5bd5b8275b91a9719a

    SHA1

    58ed713b3238b4b6705eebfa2f0e6809e0b0758f

    SHA256

    f664d0e78c6c10fba8b66688c09e0bf748dc989eb0a1ff33be085bbd575a618e

    SHA512

    92aba151a44ae6b6134da18bf8515a90e64e25e12a64e084e0dc9e7dfb3e43134ca3bab50a9e8efec766b1a2702d4bb1d886642e4a5c32b818cff414034d700d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7a17c3e7ebfef95dadca4476bbd4e911

    SHA1

    e6540944bae5b91c8c0c49371ae8c4c4a198da04

    SHA256

    109c2839b4189a51d013edf64313509944f74229f37d17dc3309054b3a5ec7d6

    SHA512

    ae34598b1c67f1c51e6550113e9788b6a755d95ff12a66be5bed1056560c30eda6fb27917d7eb9ccf8e4c299fb4b60eae0614b880f903265c4103fe9477a2958

  • C:\Users\Admin\AppData\Local\Temp\CabE3EB.tmp

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\Local\Temp\TarE44D.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf