Analysis

  • max time kernel
    26s
  • max time network
    29s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    24/09/2023, 01:43

Errors

Reason
Machine shutdown

General

  • Target

    __40__PRIVATE_IMGUI_V7___41_ZAI_VNG_1.__.40.xapk.html

  • Size

    5KB

  • MD5

    2dc7809a7f76728f5bca80368a9294b5

  • SHA1

    f96e6ab6cc83de3310c456c948dbcc7b3ea98bc1

  • SHA256

    24e5e44bfb36f214131262fe662a677c5be09a8cba9fe6f52e68697f73d17950

  • SHA512

    a4a258aaf0e2b49fe31caf7f04f5ffe0bfcfd72aff24aa878890103ac7bf91fdca8d2b95af89e94675adef4de48dfd1afbf62aea4b1808d2272f6159befbf257

  • SSDEEP

    96:PNysDsT2f89IAwrEKBmbzZYUK1I0shgbnWLihX08cl3WAEVCzwlKj32EvhXiQT2/:PN1YT2o0rENbzZXKa6LhX09IC0lQdiQM

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\__40__PRIVATE_IMGUI_V7___41_ZAI_VNG_1.__.40.xapk.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2124
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2124 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2180
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:572
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:2112

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              344B

              MD5

              cfeb57433d436e095b2c56bc9e36ac55

              SHA1

              9a4b65f671fa6c70180cf3c7eccfef434449f5fe

              SHA256

              0a207211ebd88ff3068fa2593eae4d4b506293e6e30b612de34ef00d6bc0e468

              SHA512

              8905fa173783def409032dc671ce72cd29f6001d21db6715f11504f636a9eb750f90aade823cb55f3507f14de5b0aa772e41591133d647bcf6e9c7c3c2025d49

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              344B

              MD5

              75484a2850f6fe6f9b909665ddbe888c

              SHA1

              b15cdaa7a9f051a51dc2b39e8c6fc9f290c4e6af

              SHA256

              c4e634e7c0e18369192b91861cecfabbe4200872fa8cd72c03b59cbf4e476e77

              SHA512

              a1a3d6760571af1d05fdbeb98e5263d34480f978bff96b69ebc1ffc18d492bffcdba679980769a30ecd4481374860486dcbde9d07681be82c60a40f892ebb9cc

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              344B

              MD5

              fc16a3f7abcbfd698169e1f69431f866

              SHA1

              ebf4744808cd96b8952faa96f55de2b4af613be2

              SHA256

              1a9435f9dcca7de58f8b1e7c1324d8d6cb48675ee7f0f2f5418b3761f878d021

              SHA512

              2c62083d76895bc4b0a1643d1ad8a78de7d205ae24ecc9db93ee188fb3300635f6954ff2f7ed745d1675cb7c642b07befed3c07c14f1843b60f77f791045fbf8

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              344B

              MD5

              92f75cb847a48aa8e9f4aa461f85a774

              SHA1

              7eaa76605ef708f292511dd62fdc3e3b9b48f56d

              SHA256

              263440c0ad19409373141d8f440d8340f79fcfcb09a0533a7c791bd4b516041f

              SHA512

              372e82271dcd5ef300735ca9127ed9f292411f02e41859522d8bef6eec52440cd4b7b83f6698cc8efe7e6f8a552a3158c8496286f7bb93a83513938862211576

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              344B

              MD5

              b5065961968ded96a20957cc979269f8

              SHA1

              a1185685103fc1ed9a3f8a86a98eda9491bc175b

              SHA256

              c43a2d639cdc53ff56066756b18cb501fcc8f6ccc07881bd9b5e2114adcf31c5

              SHA512

              9dc3d0fd5d47aebbd075df99dd402b5565f665a4ab79d846fd4498761d700638b7b023d505118726cbd7a683b2e56cc1e232230e5e99d636fd5a654bdbff23c0

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              344B

              MD5

              19f8ca3658f237c9c5a7fafdbec337f9

              SHA1

              23bebb398c863da2acd48037bce1c9bff1b308d8

              SHA256

              97e607c094c3dd9993d910e4f2c9c2173a0075060621ad0c5c72f93cbcaa4fce

              SHA512

              fbb93e90dd88a59ae940d49ade69b16d151f116f002e56590db31590cfbfbc54f073d72a2be8e2a1c8c5d36aa82e218ef91c00876534c4057f641757f74dd8f7

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              344B

              MD5

              c102cb0f87e767897db284f242031314

              SHA1

              1a1d5c2db583d2411edafc545559a23ce59a2f78

              SHA256

              db5c3c03d9058c9c66b0585e167d4bd68fa8bcdd674f30aad64dde5a5d154738

              SHA512

              f303447e4a6fc09e84475bf75e93bd811d4877548f0df8a4e927ca6dcd984e8f48671a0381c79dc28a1771f2ffcb9c974c5608e05ea19aa7c8f2cb660aae6030

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              344B

              MD5

              36b25d52c8c40c60610177f7ea9ddf5d

              SHA1

              3b9da2928d3842e761a3a0ee535c6afe886eb34f

              SHA256

              b8c6383bfdf075c7daf079955bd09b574d7a28454cbcfe707d03357be999d474

              SHA512

              2ad006a8dedafb619ddf172532217de0474d700d3ae6df3bc1bbdb5558df062e07051d65fc53a78d71c6595f08de11e1d655d927f3bf96b482b4dfc39a433e41

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              344B

              MD5

              0c2ff77040303545bdff6eabc51e431e

              SHA1

              9909c05bd0d439df20fde11a779c01a95e232549

              SHA256

              c46d71fb617f10fda7bab55521a3cfc4fa5e0341555fc2b0947488b544e4694e

              SHA512

              5950ca5e934fad37afdbcc96ef5b268d997dc348eebf8aa790b276b33bf41016334b3b2cb9cea0a1eb36b4442a00ed465b4163e9d19fe292a6a766f0bf7a8620

            • C:\Users\Admin\AppData\Local\Temp\Cab5229.tmp

              Filesize

              61KB

              MD5

              f3441b8572aae8801c04f3060b550443

              SHA1

              4ef0a35436125d6821831ef36c28ffaf196cda15

              SHA256

              6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

              SHA512

              5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

            • C:\Users\Admin\AppData\Local\Temp\Tar5354.tmp

              Filesize

              163KB

              MD5

              9441737383d21192400eca82fda910ec

              SHA1

              725e0d606a4fc9ba44aa8ffde65bed15e65367e4

              SHA256

              bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

              SHA512

              7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

            • memory/572-436-0x00000000029C0000-0x00000000029C1000-memory.dmp

              Filesize

              4KB

            • memory/2112-437-0x0000000002760000-0x0000000002761000-memory.dmp

              Filesize

              4KB