Analysis

  • max time kernel
    132s
  • max time network
    189s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    07-10-2023 23:49

General

  • Target

    platformProtocol.html

  • Size

    31KB

  • MD5

    1b1a935c85d9183f8564da7af3bd2202

  • SHA1

    12e4111e3e62dc20b2e2b2e95e85c5893e4f6722

  • SHA256

    7dca3946ce0e4873b65ffd30bf3d1de6d8c884c80a42f00cf12f0b3eaddc4222

  • SHA512

    2fc055a7271b9e21faf1e8ea7983fe1aec5f5b0d400a2a222ab26ec84848c2007afa2dc918284d7823ce9cecb27315655c82c60456b9c114740da95ce517fcea

  • SSDEEP

    768:ejrYogxl9Ya3nkdEUEm2uSMaWYdCdBjUBcAEjcZgdcPsaG0e19/:pNk25saWeCRusay

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\platformProtocol.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2664
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2664 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2668

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fd5f81f5d6b0cbbfe5c97c86e82b8115

    SHA1

    b5433effa805f524c92117d0da7eae20577b77e1

    SHA256

    024ac2ed33c74c91a18dfef603fd3072d55c858dea8e5796c20d32ea91c9bcac

    SHA512

    2bca9286753c2267c52b449f1cf0d3749b7abb22df972ae5ff2fe06e48610938cbecdb71c4254b7f4b23dc843123cabe027fa9e5305593add9ec2a9cbbd53d84

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e481a590cc3e1b02c3b7f3cb84cfa767

    SHA1

    0b3f663ea0c84802b85fe380aec9759dce86268c

    SHA256

    ba0d52467147bcd5baa1360a5c394d9a556b333784c16158808e09feb59ef48d

    SHA512

    05278044ba76b08ed35300e2320448fe71e6cffe60140ccf21040698070c44ac8ffe461f08cdccd91280cf5f45733e7971c8fe17d9fc9c7f766d13135d848c7a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    871efaa3e53101f0770ebab4bf120e8b

    SHA1

    a00e3ae50b991837c8ab982a5937f27d45f96221

    SHA256

    8710b38ac15bc1349cd96a48cb04a4e83f7e1ce228c84f8ea280c0c446652eb8

    SHA512

    13674664198a283b92fb71ca14ce95cbeb0666383ffc6941defe8b09d35d6e26c8a900c6228ce3e4eab1099c31a11e5977751ff7f5c49f7b78e8c54236eb3a84

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8b21712ffafe54517eaec1a2bfdd45aa

    SHA1

    ef9d216622e9326b9e2cadf8bb6bff694bfc5014

    SHA256

    e4e7c5076941624493e7da792fdc78f6bde7644eb80b5c2e5f93c666c59333da

    SHA512

    5ef5fc539c9d7c4a48ede88ba0d4b36be9b12f79eb5636351c025702ab629eef3e73ec4d3d809d7af1e0de0b8022c4079bf1c87b42b8f7d10a13e10bbd325848

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d981ffff27eab075e6978f030866017d

    SHA1

    2e745a4cba5e21042627cd7bdb7924acf6c0f125

    SHA256

    f42350dd92c7f92b8d330955d4301705c56ec28c950649151d0604a630a6d82a

    SHA512

    61c546db98dd23ed3891ac91e61663ff4b8f1c588c57d3d52f80fc09558042a1ecbc8860369240ef975c02102619610bf02523765509eb7fb1de688438d9a3bc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    24a2a9dab4157615fa519ee8a8dc6a15

    SHA1

    e8970c88bbe6966d2c00d04e1743f4e9fc435466

    SHA256

    c5970279e3a219aeae27efec102a91e0f2529a395663259c9932a93bacd1e9d1

    SHA512

    7d921c88f0c9b1958e188fa0802fa34950d40a9f018ae22ce4f52c300155d3e9a008285eda8c5fefe6963481a702a1d01bd7f4ab7e90ef8168325728f38adfdf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    892336c5bd582cb26de77be615663101

    SHA1

    9b5f730f0c89e613efb7ded5440f63d7429295f6

    SHA256

    9ebdb7966dd12bca05b10c621e46986114c3b5653e576a65b41d4442c46d600b

    SHA512

    bf1b948d63d026a595cf19cb0c49ec758f114f0d7ccb4361692914afd45f3c2997edefb52a1718d92ebe292ac262c5e2015df058a4a04946c137d52298e0a9cf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4c5322046e865901cf4d15073c28c907

    SHA1

    a8caf2f3bf3ad17c3a800dbefc8c9442c6f59bb4

    SHA256

    d555901e94d7b3970bc85cf32bba8f0c5b7db44d269ee69f232e4491bb9640c4

    SHA512

    5b1a2e15d6ed082d97e0039440e7d141361bdd85833b54816a941f092b2188f3c4400ab69743facb0db636a69508bf2759ebd236fc95880009e05c742d21b013

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    96c7855410169651424e90c55b5e93e5

    SHA1

    de622421cf4424e449c21c4955e7eaf4d614fc7b

    SHA256

    d1d234f9f94f30d94f00ee940be195886ea1068aec0ace2615f8fc53bd395f1a

    SHA512

    22093faca0088c8208676daf2a798c98e601189e6b01e9bac57fb321ea4077b7b7c4bc4eeee1999cd1fd784f61b76cc1a67a9348bba3036e01e3257627b34569

  • C:\Users\Admin\AppData\Local\Temp\Cab3C76.tmp

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\Local\Temp\Tar6C50.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf