Analysis

  • max time kernel
    142s
  • max time network
    166s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11-10-2023 17:17

General

  • Target

    f.html

  • Size

    4KB

  • MD5

    1f7613a6e6380ef75e6bd2bd5b889829

  • SHA1

    5a065a164eb64d6d4f0ca45e01894e64601f8f7d

  • SHA256

    6bfd89279cdfcd5141a635f6c1f18addf21136e3ac7bf8c2099653b2806203de

  • SHA512

    ebb0819de102ce32cb999f0bd63d95a010774af2c4b68f7855ef32c20623f810739998d37b67787971570a30c06f768571cba3e3a768e48c7488f4b1bfba8865

  • SSDEEP

    48:eNpMSnGY4mLjnGY4mco0vIF8ppvXKaAUgJTLfmJVS58Hjz0s/xcL6Aq9Z5M9irxq:3b1btKMTw4nPYZ6fSHMs

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2452
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2452 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9d4572d23cf1c51c80141b76c037cf22

    SHA1

    bce9cfadbeacd3d1b18df94aa48a3327dd5f0bbf

    SHA256

    878982d6bc1676b5c4349ffa523eaa6e65e424b82b1493a0d158eed6e651129e

    SHA512

    4938ba1ae1dc765e5fdd4a96ec0975cb330b2a436e0020b97e9a0713106d5f1b1f424afcccead2b3d8ab0acabd823c8d264690f526d756abc9be77e48fa2b248

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d5f47ef5793edaf0e96c038bebcb5a8d

    SHA1

    83e9af33492f6f1fc3ca6da794e0dcc8e0ab0f5f

    SHA256

    a41c3374aaed8262c6c189c43688ecdcec8b4a6879d45a8acf4ebe45aab40269

    SHA512

    6dcedda53925e116397420d46fc54ef5558f2d277d673a9ad8ed948f6d031f15d532ea7c38cf62fac5a9737da9352289db8216049f99e8442d3b48b493dd3fd1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    acf53f13892efdbda1f7a56ff36f6c09

    SHA1

    1c3aea4310be888056edd825712cf1fb1ff09e6c

    SHA256

    59974e8f0528a44013b7dbe36fd33f30994a726b4585767871c4ef4bd94e6fd0

    SHA512

    afd6d4b435fd46e5524c1e01e3a1e4fad1f399446eb1f7237c6e38efcdb4570a723da04fe65eef0c223ad9db84b7ea1ef4857d00748b8f8bc8c3774ffb1912c0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6fe5de7bd8fb64f8179f13aaf22d6254

    SHA1

    f6cda450a94bd352814bbca498a218138d29bac7

    SHA256

    a8c24913f7dd83437dcb31c3635caccdf0ae716754ae6a3d9bd8f6edc47ba9c8

    SHA512

    3655e26e169f42d3f92a60e868f8e42b40228c3269c277d53abc0880b95ded9fa7ee85a55e9c9903e0d9130f3cf8e847e8e37627676d8cc54d65fbd31c03dae4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fab331b17fd17ced246f0b35f1d3fc5d

    SHA1

    2c1b10800d138a04ca69fffd095dcd60d5ff1769

    SHA256

    9cdbb137d85fa114b4aa6cf3aa71fe1b593d950a15b9000f24fc90acc64c94d1

    SHA512

    ca763119c1b54b57b2791b286964b689d08e73c53190e8dd1218e7d4432dd8faadebc35d69e55e78df3c5e9d8ad8a2f55dd08f614f3736350342965d467ef799

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    34d21353ae659148e0a442012094c95b

    SHA1

    87c836045a32f1da71de11d7a5946c36fd98888f

    SHA256

    0c65f71c7d0cfa3036077031031ac8dabee209cbadc82ddc6cf2363fd17f3f8e

    SHA512

    38a3bed88911e3b0251a3138a4ea0c3663ab2d3a5188cda6e85d1356aea1efc1faaa72997742e1de2343900785e05d06a7e7063eefce0aee64fcdf8288591c57

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    dd8bdb9718e3e081305c8967d7902bab

    SHA1

    ad2d2ad247176e3ff5535c2cdb77957030cdeab8

    SHA256

    7ea38053574164ac9ada98ff06299ff468ae0caa8672f460150af2775b4e651f

    SHA512

    b7910c9cc8f0ff3a8b808ba2494b88b5a27efbf3052a6263a9ebf4cc02ad483e3bf4500009394bfe080fa83ca474bcb5e1b1b92531503d26886b6dd835b4a671

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c29c26a578a8c9087da0163ccd69198b

    SHA1

    006314768bcb9b0f046b352ab2f6861713be09ac

    SHA256

    42b2a4c5f447c0afc8a1a10e181ba41d18c33ab957b19bbb0d91d734d762a983

    SHA512

    7cce815103214fdeca19e88439528ec5c7fefa2d23ad8294f44084c590e7346683ce26f551a164a4f3b8a9aa2b0b66e1d64e739515f20c5a2cc9e525e6a2842a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3a9343a9d509757a3c3eb9d61a1e1587

    SHA1

    0effb0244ad7de5b6c5d4269ae71613a632461b4

    SHA256

    835826dc98141ee6e4f5388b8aeedfbf97f083d1b2ce0d6d71e3e97224b2793a

    SHA512

    8538c06a561ec25bccb29297aa6ad5b9ac108241e33ce6dc24bd59a57bcfd69c7310d862139d33d1cf668aaabce14ac58b442f6678097adf2a146b379d8c9a85

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    beef78901236018e5239bad0f64a651f

    SHA1

    6ea124a8821705aa956b589b8466406043d7b3cb

    SHA256

    ae06b508439c8b8a2bb987c0009232a06efb13eaf35aaaa9fe1d1fbbc2083222

    SHA512

    275a3f86264d1cf52a8d0e683184b1d3760949cbe373b2d3aad8e591813c29c5db6f82dd84979663eb62c5d069e653b161f9f157ee1563c1a051309343da12cf

  • C:\Users\Admin\AppData\Local\Temp\CabC9E6.tmp

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\Local\Temp\TarCB12.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf