Analysis

  • max time kernel
    135s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    06-11-2023 22:00

General

  • Target

    circle1.html

  • Size

    531B

  • MD5

    27befb9b3a8eb28ab7022e08971e820a

  • SHA1

    c638a0b55ecf1584239eea486786251e297ec951

  • SHA256

    b87c4296246676ce5e62533d1931fa43718a85a5e493c080ed6790957de22ab2

  • SHA512

    15e482c90301580c140f4f1f6e26562f6486881e55b1f34521a79460c9ccf483b16c2e567c4deac026c6d8a8bd29e8dda19e064fbe81a940c577eb32d8c135a6

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\circle1.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2920
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2920 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2620

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e4d0b68cc4552332d28fab4124c4fb62

    SHA1

    567af5eff703adc0f2e19e62e22fc39633105565

    SHA256

    512b177ba14441c949e962afd03e013285b716652dd1db8f209a8f57cf4dc377

    SHA512

    eb55514a9626c694ebde2fb4df6d444441fee1727c2be420db3af096b66227245c3ce9ce60c4aa8f336a95f49ff5fe7f1a97f08c1b86533b0ef1756a0c78b361

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8d2f565e1c9521477130db74cc3f781f

    SHA1

    66d8027286db8b071479bdbd5f5d4dbb5bd08ff7

    SHA256

    d23e94505796bb4b99d6f7672a4272aeb4fa9d32f8b70f2c412b6ae4701effdc

    SHA512

    285349fb76b40b5a9073210812d99ab20fc5de221b2732e3f665ab35fd9a4fc579ae6cef2148d38965f79c90c574401b5949cc590cdbfe6e2814717c419619ea

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0b9741878ef81b2bfea4b142f584c058

    SHA1

    9021bf1597f116f38112165ce85d9d75a7937ee6

    SHA256

    82b0af5e2f3d6ebae654eafffc1304bdae93e48e79c03ea57275bc746a3de3a0

    SHA512

    5a23748355dd31819a25b6af99abd867ad27540f1d82c0e5e0094754f524486ae24f52f50ea54a046e3c05226e05fb769d92d736564339101daa4c34bded624f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    18139f41c6f7a35903e64f976a42a1a5

    SHA1

    8f3ed07f21fc239324699e3f3e0592c527ba1185

    SHA256

    6c7744bcdcb556d19c67be70576af8e7db824e28ed1e501bb27eabfa06999e49

    SHA512

    9d1e151541913e6f115f0771a2708cfc0a9b970ec8ca87aecf48afaf06c46731d24574d522df4d2d87cae6a821260b9d38902dd6371f6b66b6767285ef76e5f3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    73ac80fa8a947de2f90bd04500ba724e

    SHA1

    085102a5daf2dd7f88e5bb9736a12ad57dc41085

    SHA256

    2fca8f61de6de7fc0208db62d3dc08ce876544153681e6d266610aca5122d362

    SHA512

    6dccdad2d3530a99b1f242638eae1ab1969d97cb4d458f78c77feb1fe2a40b9e409fdce00e663e9828ef6391d5937399cf4f55d7965767cce96b1c23ec4167ff

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    98ef4ff677d702e8c067014fd26f93ae

    SHA1

    04fb3cc82b549932b87a0b543362fbdf57c4c856

    SHA256

    e0297b90f2a67ed24d7544158e601f97128fd0fce7d313df22f7447556b95545

    SHA512

    14b1d725023da6a9692aacbc5ab81d904b3eff162afc73fd4863189d9bfcd84340e10efbc1988be11c3ddc24e4482f2ca636701e02c2d79e2f39b5f00c5559e2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7cf610aaded16c6199962f0af1fcab41

    SHA1

    a8101d993222af52551ad79f0a8144a86726ca4b

    SHA256

    5c92a6b204bc75e1e4b2461b37761c88db8b69592615a8c15f2333c5cbbe96bd

    SHA512

    a554cba3d5e9c43258f8400c6791a2cc2438ab5ff81b47f8cf00be0714cb08e0b2911af560a544ee6ac686ad00803043b0c9abf299b4bb5085f0e0c4e51fade1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ee56727ce530a27948e4230123a8897b

    SHA1

    a7110ce08682c0f69c934db00245cfdd954099d7

    SHA256

    801b04dc95decf215a265aff1a4930ba20887f01609ce96538c882f2a5e94b2c

    SHA512

    bfc416d74a3fd3cefc2a7de1678cace2d7935397bb32ac4710c80ffb0b3cd96668a32583b40756106faada343e007d8b1b6acd2cd49fdfa8747fdf70db916420

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    cd1096ca8ae613389153f512c2eba26d

    SHA1

    46ddfffe69eaa90c04406ddf4a4b8476eabe9ec2

    SHA256

    4f74ee86a7ab148033081fd7311b7b764f60d0b641bc419e74591bd55dc0b2da

    SHA512

    e1a5f0a223a7c2041af0200705b6714b6f004e04a89efaf9a780a430966dbdc1a38501ee8929bf43449702aeb05565ac80b1ea4742367c5886cc8ec5867c2d7d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4032c5fc1c7d9cb4a6d90879dbab4d7a

    SHA1

    0dfea1945f2385d37dfd4fc3fe409d70f1b69912

    SHA256

    ce8f3578b461dcf29bc571c8f7d1dc162b2b57226bc88071541ee13543f21b48

    SHA512

    dfd27989edec32d1155ed337592190765e59fd1d160253c3c8139cb832e8534d3ee4bdc5c141bd306de3ba7261e0302a1655117483e02d783e68a0aac626a93d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    995401907f8d91938c8aca4b136947f6

    SHA1

    c1fb9d90f7b7f3ed446bd795ecdd8d8efa93970b

    SHA256

    cc48a71d89bde215556d85ab63b05a7a4b1ef06a9ab7426671ba97dc304fa4d0

    SHA512

    f0aa3b08f968c628d7498312017fdd4ff1ae8d19d9a4add65e04c0faaf1222488164f7585622ce9d5f34679066664a37f5cf71c2d5ea59035712fda5c8817ba8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    98cd094664578686d82e78028222a8ec

    SHA1

    fb5ca75bed5ddd71cda265944315bde36be38df3

    SHA256

    a4ef86d0e876f4e5c87f8b71105a5a77c32f0ec5e47ecf870f8f6cfdf097364a

    SHA512

    2413619d2f2baa2b1af3f981aeb6014957d0f81b2aabdc76dba5dcd4327c2eb75f9be7296188ba396a26d802c927865ef80eb87cdd32de7a3af61bca6e260e84

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ddcc7cab74201bf2c7f0b7f09d36e309

    SHA1

    38219d1039f93709548dfdfa7d1f10d1109e3f3a

    SHA256

    85dae7af21988099c5add2403f74703b775da158cbeb73b186f1768f4968e57d

    SHA512

    f87d87d232cf2f16e98fc9a92fb9b8e475fa3c3ff3139b3ba94c3def4d58e636257ebf6a7f95ea0fa7d6c35242abfe0fdd357cd5933c6f5addfacb25e5fd6138

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ff5cef51f6a11094dc2094f47c406702

    SHA1

    3f80487fe8f8d84347917e90cf4445a55fd19030

    SHA256

    5cf768aee10ea2adcb7a96c182d69f3322f9a24acbdd8b89b2352bee4e84b432

    SHA512

    42e62760248a3573c4e232eb3a48a2c0574d9583dffd00feecdc3064256048d8f64cefbea8b794965c2672db22f2bf8915400b795b2187e5754635978514a6ff

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5b8c4c69d9b674be70ec9315390fc84c

    SHA1

    b5c9060d9ed12cf96f086b3c095fbb4621fdff9a

    SHA256

    eae6e1b039d22eebea1ac7ba3f5037a4be68dd7c3866f704026f876fdfe94c66

    SHA512

    432426bbb728421ed288beddd55397025edbb5422acf865a14fadcfea5537931eac88005f56f05ae380014ad7a546d2250a44c5bd0dbc83dfdf1c5735bc12493

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8d215e02ca73e3119edb3f3bd0d7b1a7

    SHA1

    a6476442bfbace111e363e7f94515a079f64a338

    SHA256

    2d5159134c42d51df0ee7996e052dbff30e21fc126d13ed952b9576434f0bce5

    SHA512

    eb9129786e334cb722d18a5b2fb0462986238db06f1a6e4d08a4a639cb0999a4fa0c80e0255bc2b30181a5777dd8be36bb014586d32abb930adbee10973ed034

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    79e3bbdeb03f7209beb9c0aa561961fa

    SHA1

    3af969b7591a4f5b5215a00f7eaff5f5c5397cc0

    SHA256

    7a745312a1452cf2fee0a905a842e3c0b8507bbb65cce6e2a9d254a93ff2b3ff

    SHA512

    d9b7f99291ef596088e053c413364ac92d1fbda0692b597f989afa16076da5fd3d97890b2d1509f612fb48b68d5342765ae20b13f6bff3a17e1bf23d3d79a39c

  • C:\Users\Admin\AppData\Local\Temp\Cab8088.tmp

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\Local\Temp\Tar80D9.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf