Analysis

  • max time kernel
    134s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    04-10-2023 22:00

General

  • Target

    consentform.html

  • Size

    27KB

  • MD5

    7a2ed1a6df8839dd8936a86d9edccabe

  • SHA1

    7bc1af528444afca678905059cb1ba9fade65352

  • SHA256

    d02fbd55c1b5da3fa1f77c52f5633421395a3bf228457521512b37cdacd65f9c

  • SHA512

    ea0c3e512b37e340f4c0a49196344f1dd5aef38c469ba124605518e913be601a5b6a92a50f00e962bc90041bb80e51480254c7902032d894b7d24be5aec47097

  • SSDEEP

    768:wEh4FOT6bJdK0D7fkvaqF1b6cY4c5rC28c54NTc5Jt:th44GbJdKoncY4c5Wc5wc57

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\consentform.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1064
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1064 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    c18025b3ff34879decc388a5efdf3c4f

    SHA1

    3d2fe4225d92c05801a96a5b74019d7c18f593e0

    SHA256

    1a60df6d8a40833a1f1f77667bc84ee36950d2d20faf937b3cab341a1495da1b

    SHA512

    e4b864caac14a7496087e2176cfb40ba9a95d012886ab0d3c0bb4ab45b1d625b6a67bc531638e29edd5975a594a1f490f66c7d59b6ccf34d986e66dda55e6af0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a9caa10ee70724e4379f8871dd3903f4

    SHA1

    5ea656dbbd2fefccbf2ef2e455c21bcf6a9541ef

    SHA256

    462d62cac13e29c2f59395c4ff87f8f6fa3416e0320f025a1ad9543af739dfee

    SHA512

    0d4810f82fbf789eb181324d1a5344e1f886750555907fe1480e8f1c4335398c191c39b928b8f3a3c9bd1dc0d3a61d606c5a472fbc247250692e7b4801610825

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    029e1639c8cc78ba8316587a5f4fe95d

    SHA1

    6c220d07fd4a525508a4d9e9ede2476666e96251

    SHA256

    b3384dc719f6857df84af403a46f383b9de858910cddf9fd973eb3c5f8856c46

    SHA512

    1517ec2601ec09ceb75b517958ff891b99b2625e564d9d70084106b5ba064e8405e650b740c7dd1c0089a03845356f64c2040e85eb3f1d5c19655f010d3d6a72

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9e7b9a4c1d82d1ec01fe8e0f047012ca

    SHA1

    e07892df55114562204883b44ed6c6cb82d8ce97

    SHA256

    045e5edb260c4089f36a64d2d4464dc812bc57e4686a6c37e33edeef9ee271be

    SHA512

    cf8703f357887cca3af468c7c9ff86db59d9bf1fd56401c8d2874f14c121f61443d1c431bd2983819310f705aab5ad5ddda166d9efcd02fb0bf17bbfb036555b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    83f5e99cc226b743d06d8b87d6547634

    SHA1

    047653177a7129602e945681d7d7f086121e8b76

    SHA256

    12f43d5f4f3a57b07377ef99874b286b0a9611100a3bd8285fb52b86f80b38a2

    SHA512

    0dfb695ecbdd2eddf5b50105566b15c966765b8f3ed6a662b8b736ea15e174ff514722fd85a11c301b4696353b04bd4a3a7be2eac6324ff0d01d630dc7af3adf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    01808ff768b8599f2dd0aea3222bb9e0

    SHA1

    43ebe8085246a3d4c48e8bbc28da22500fc7a830

    SHA256

    9a40fb65b0914aeaa9640725f76540de5f4e3695d69c2e122cd9e7c5344d6ed7

    SHA512

    b236e385928bba9507beafc019e827ce0de1f4d59a76fae3c16e2284bf92aa8a428280be31ce0cd975cfade6ad5136990032700a61af5dae5df0672341f0f5c4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8110587bcf8c077823d9ce0123fff567

    SHA1

    8d3a7d6d94fda0b0ac37a4d57b4ea41ec5eceb8b

    SHA256

    3a2f08e9a9bac4da0ec7401f29f79be5d609cc03140c21921f574c44d49ee5c0

    SHA512

    1bd98ab7da840b171820fbe17e6147954851c46a61e7187c21dd0e893fe5a946d77e3d8d0b2fc4453c58a4aec3bdd5fbcf92855a86e214c023c2893e094573ea

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    dacf5d27c6a7b235afbdcadf3f3db919

    SHA1

    d8d4152762ed43f14912879198005a0d708b9422

    SHA256

    fd5699a82b2f44f99654d0905cbfd0b858ddbb0c8f4713e88af6916196680db7

    SHA512

    a00fd776f88a465c52468d1bf674a510b8760f1b26c9554a6b77fecd2716c38963f54706881dbb83643667055f5d35072968249b4472fe2cf0cf6780e60ec6e9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    db1b1bc49433ebef6e385d74d0ea0187

    SHA1

    99a6af2a30e7f090fb8bf811f6dbb8d63c2c5b79

    SHA256

    35e0efdd732c73d9b789beff2eb24079097cf22888af29e55826da2d38017578

    SHA512

    07c925fefb46ca7efd20689d667efa12315250aa2b3005f9730f877a4d50771e3adff50d3ea627475369f7f9ff231e9a403f3137a81722929ba14a5b523dcb75

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    917d8bb948d349cfbb2edc8148e15a95

    SHA1

    214546fd26a01758f90ab38cca79e8f0739f28e7

    SHA256

    1277828845081decf9a2d3cc21d24b09c06ee1be4aba3d43bc96766ae07bd545

    SHA512

    2b51ee9689a6864c5230c81f414a621fae1086f8416ea3a27adaaed34b1f54d449fafcd7607e6dd2e39a330d44696b18dc8f1d8e11ac4f16e0873e24976ca817

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    86b251f256d040ed722c3398a6c4adf6

    SHA1

    b9488a2c5c8227b12e12945f3c5adb644b36c546

    SHA256

    4c5fe93cce070de78f612c7fb157d30a70d33aef4d785a83b05b89af8dfbb0aa

    SHA512

    a4148f92c180ecd963582b6c26b397c2bf6ba52ad01e0baf07b9d3945b5dd13b71feddf0d841ee41c51336df8e4964bab908c221df2ec439b214f3252bc573b5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ad0e2b0d240d03d1927c9695539aaed6

    SHA1

    8e9d9da00ff11af32307c4ad15304010d405450d

    SHA256

    0704d2d2ed73496b4ccf2d5d78c63466a2a8f0c7661b5f9e69fa9cd2a0a3441a

    SHA512

    16e99f77e82fa8aee559089eea1dd5be8e7f5e06dd7e05180b8ce8a14d431375b8953bf67496a61ee4f01234bdd6fa5694b6fd94ce319be64febff06aac8a282

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1a85d9ef7e47aef7a0fbdf53aba58b02

    SHA1

    939df8c4a560543c9839cbb90bb6b67b3d61780b

    SHA256

    cc788cf9bf1c5a0a3cdf8bb0c7038319556a260ee6d23691ce5175aab892d41a

    SHA512

    956349576c29cd7bb34d90191d92b89755766efcabb99b2c16cb2dfa5a9e5bed2f7567e2a28601bdeee4055a686e26078e7cbf87e5cd2b7ae6d7c14200401a2a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    57a9744d0f22ed65306d9e225cfa2117

    SHA1

    e84c9271ddbceda072f4dee2e5c8e5656b27312a

    SHA256

    1e7d1a6a56df170058585df823b03bea8ac2c0df5767b6e02172005c83de0ab4

    SHA512

    211c974310a692cca3ae2c33c77dcb2b325b16c44231885d98dc42e972437c06f00046aca1fc4e29d933b4fb95cff8726af2465d96de739f2d376b4116019c8d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f85b5c6bf313a83b6b8e67680e16c8c6

    SHA1

    c9d9ea7aaef27a00362eb65983386cad4141b758

    SHA256

    aa053ce67a85fcd5e04fe540bff30c7a0fbc849167234d847525e212d2495fde

    SHA512

    8501cdf0e764f023a598dce938aabc6c2f2cdfb876a5f80e7127f37a4727ea1365ac4d14af73addd5fa133b3c9380f287ff80607b89b2832a16b63597b773638

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    280eb2f9d66d966e73cdd3d6ce8d4031

    SHA1

    f555155c9263e161db65495e856526d1bbe32071

    SHA256

    aefd0f2455a9b5054a2e59294f196a2284753f68c8906025e0f98866bc55ad8a

    SHA512

    c96219c47b670d66ea55c7c57767af6054c1647b124a020a3c5feaff5c6cb9cd20fdd3b77ccc16bc39546f9e527541a43051c21e0daea304f3863a4b7216c99a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    eae224c6bb943f8b8aca626b09dcabf6

    SHA1

    09c8a04bac210284604beaf0a17e5e28137dea1d

    SHA256

    505b3990ec8ef5f105b8cd9c77d4c2474614b5fcc365a9bd79e0fd41df7d2d2f

    SHA512

    5ac6244fd9b993c330d0382064c471cb10f2bce997441454cbca5602f27e308aadb15fef884babd167bf6c41b75e3f2e12ad3a0d598a9ead68e799932abba1c6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8c65e928b48de5e61df279d74c74974e

    SHA1

    dd1b561d8aefd29c893278a4b244c215aa905890

    SHA256

    1089e02cc3cb110a9b4ba45731140135b64dd874a9a92c743a935fafe0f974e6

    SHA512

    05e277af5b1cb6309dfe09e748ec566dddc986ab85787044a87794aa6b045af2fc3d2543f58ddde1b418197ccb54ee2250a8aa499af898adf06e0d9af4b49c13

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7c2e47cbf83b2640623cc5b241e18230

    SHA1

    4b25aa880c399d7878b618bfbb9f8603d195bf29

    SHA256

    06629325ebd90d42771f3ac90aa75281d23b52073fa1526d9e235c98911ba019

    SHA512

    39f0ad144c7a2e236bfdecd5fe94c2dbcfb9d6e4570c54cf65073607afbf3108cc2c94db51f4b166dc501a1bc3e5e707ffb85f47e6ea1699b5b16f0cd448e4f9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2a9b28963e6ded82c79d5eacc403f06d

    SHA1

    7c178d7ca7b1e468b4dbba9fdd50ee243a548fb5

    SHA256

    c32e0a38e1a7b9a48ee0798f2beea75db7d01fac70a5daa12a95faebc10460f6

    SHA512

    033ea488e3d7c906c9164143cf8559feb44a28790830695e324b3e1bdba0d2c46b33423f0e13361733cb235da4ea56357572a5dd743ac31d90cddcf3bad1dd12

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3580d6885d4b750d8bbffa781c9f0ffd

    SHA1

    9de5b3bbfddd0a5b9e7511b0a46588443b2025a6

    SHA256

    063e8138d3014a9bafb112e874b4c5a1098a40bb27bd77d414b961a52b0fd820

    SHA512

    4d7e75c818be78df26edc33df42416ddc0d98f9f717cdf8b7095e5fe3c7b5f76641b975883367174748b6c0780b73f387da7ab5e10621217863fd678e94a9fb0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5127fd0662249b07b0d7c857e0b75163

    SHA1

    2a4b178897a11bb05672b4425cb5563ccab82de1

    SHA256

    2eb63caa24258e52058f6bf0d7315546ad33bcf56ecf605924ef617754951508

    SHA512

    8366cc2cc75d1e94607a920cc3429b0ece83985413aa0457d7e8db495123d496fe5743203f420551145b97da55c3e8ed64f657e6c81595fd237b7d658d3f56ae

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    444c051b4c8642a49cce316527528618

    SHA1

    043f526fa02dadc90c1d730a6d0f6996a6a0c949

    SHA256

    08b6b628330f3293d5bb94bff892b6b6e419f7b779a566013ad8846f32b7a1e0

    SHA512

    dd0cdb315403c4b83ffda39ff87a537176a9f8ab6feded0fc3c74efb412ec82188215a3ad61b2a4938699c36c45de169c84fb11ea1e45d7b076f8c0ac2dc000a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d99ddc6f695c4fc77c5718612af4ec2e

    SHA1

    9b6bba354f59bb5e288915a85d1216be827e4a2f

    SHA256

    957ec79a9cbd7a75851efb0a77d1027ae95c85df1505642e9675b8f8b1bf8e62

    SHA512

    5efb62356d88c27bc6fa0a52cbd68b47d5f11ebb2f7ded2b8cdb1bcba7d55136aedbc11d402255ea16ab81b72f0a577d5a03a1a16b521df550fe0f3d4af12377

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    81e46abbe5d088eec80c8e1aa8c7b094

    SHA1

    3a5c650e4689a89e0db45b43f99f4a0af9aeb095

    SHA256

    6412b0269d4e853a6c35816fd765f985a27ff9126da53d1600b193b85b17c25d

    SHA512

    7caf819c84c712f75e9b695266a6f5395a82192f0a564e0d394bf6dd94a588750a2c4a25f7fdbe81aaade8dc2a16f29e7f98181558645778bb6379b6d10426a7

  • C:\Users\Admin\AppData\Local\Temp\Cab52D4.tmp

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\Local\Temp\Tar52D3.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf