Overview

overview

1

Static

static

1

tmp/pma_te...0ec.js

windows7-x64

1

tmp/pma_te...0ec.js

windows10-2004-x64

1

tmp/pma_te...6f9.js

windows7-x64

1

tmp/pma_te...6f9.js

windows10-2004-x64

1

tmp/pma_te...84a.js

windows7-x64

1

tmp/pma_te...84a.js

windows10-2004-x64

1

tmp/pma_te...0af.js

windows7-x64

1

tmp/pma_te...0af.js

windows10-2004-x64

1

tmp/pma_te...64f.js

windows7-x64

1

tmp/pma_te...64f.js

windows10-2004-x64

1

tmp/pma_te...c0d.js

windows7-x64

1

tmp/pma_te...c0d.js

windows10-2004-x64

1

tmp/pma_te...6b7.js

windows7-x64

1

tmp/pma_te...6b7.js

windows10-2004-x64

1

tmp/pma_te...228.js

windows7-x64

1

tmp/pma_te...228.js

windows10-2004-x64

1

tmp/pma_te...9b9.js

windows7-x64

1

tmp/pma_te...9b9.js

windows10-2004-x64

1

tmp/pma_te...df.ps1

windows7-x64

1

tmp/pma_te...df.ps1

windows10-2004-x64

1

tmp/pma_te...09.ps1

windows7-x64

1

tmp/pma_te...09.ps1

windows10-2004-x64

1

tmp/webali...x.html

windows7-x64

1

tmp/webali...x.html

windows10-2004-x64

1

tmp/webali...x.html

windows7-x64

1

tmp/webali...x.html

windows10-2004-x64

1

tmp/webali...2.html

windows7-x64

1

tmp/webali...2.html

windows10-2004-x64

1

tmp/webali...3.html

windows7-x64

1

tmp/webali...3.html

windows10-2004-x64

1

tmp/webali...4.html

windows7-x64

1

tmp/webali...4.html

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    07-11-2023 13:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tmp/webalizer/ssl/locationkw.com/usage_202103.html

  • Size

    111KB

  • MD5

    d38b75dcbe671f9ed9f126b74944e5b1

  • SHA1

    237968a108ef44bec5502b5bba5732c217e8b3fa

  • SHA256

    1bf6511ec44126510c9e3a9210207751f242cc83065aed0e98e0684173ea67bd

  • SHA512

    7819e8be8866fa2de910c5b60855ac7f07098078859ffa83e1d632e5318d8ad3b8274c3aab7a0526562f809b3907411a59a1c42d27d93c2c69c4d20b1c3c0c7e

  • SSDEEP

    1536:EmMsk29SSBWRzc/8JxPwgRazQG6GjfRmn52:EmMsk29SSBWRzc/8JxI8azQGLjfR652

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\tmp\webalizer\ssl\locationkw.com\usage_202103.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2268
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2268 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2576

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a45403cf4bd7513fd49bdffa69f2680d

    SHA1

    88e5329898e75a22a29f931747046e970c47f28a

    SHA256

    61983ea8b505fe08eaa891c06867018d9eac6683ed68de16b27f494e3ea1f8e4

    SHA512

    74b2b8b57097700d8dc056893f9c3a72b28718402b25ea61864005af045c0b81610c8548e86418a1ca2d91324a35fbc831e670fca1dee6caca512b3ce7919303

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ccc622334ceeca49e6101b8fe04896ba

    SHA1

    d3a05f263874b5162813226dcb9c4a73cdaf2e09

    SHA256

    f483eb56c07c19764de7cc120869b4abfb7c7ad9699650f294f82dc4a5fcd0d2

    SHA512

    643dea09ac360b6bbfdca1576004589d46bbfe8f1a88fb4d9a16c04b9adbad3092c9f8eec60fee60b7881b220403f4a5564dd783fe99f37617b0d8201e074933

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fd08d7d1f2d6de7be15b8b572e49854a

    SHA1

    7398d2db95311ebe43eda2d6bbdd768c4546dfac

    SHA256

    31870e86dc94a692f068b9a68f11991f50add50e28ad1cc2253966c67da096e6

    SHA512

    f08035979bbf238ff8d22877efb5cbb31b2d65d87544a54955ad34d9b7fa31c6bc6846602ca9f066e819db1d12e17c450ac968fa9463d4b5e24110e4d10856b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f49c593fed87e2fc977e6ab8a3c5bcf3

    SHA1

    a39fc6fac7d40275fb8f69d68edb9412c7190b96

    SHA256

    fdc6ccf377746ff682c27c7dadc8cb47a496633bf1d7eb3a27512c1967805634

    SHA512

    d8e735b594b74f8a8c792aa80ac48cb8b73ab4ced879239ab8d54bab702a89e7e4b36502f691f44098169c44712404980b454f54eefe59977e05d57f4b8ec484

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    16b253f50d97d89e68178c357fa8aa28

    SHA1

    d2e2f04d9a0db2cacd423411d482066daa7056c9

    SHA256

    a9e80e53726a5805de9d41e7645a7d949a7667aff4bb15556938af80cbfabb05

    SHA512

    0975a389aac4370924e501fa5b586d92e31169401b992c566397fb5e55bc25f174fe19baf661ffc7132533cb3dcb2136a36ca6d91187f4391dc47b0b2d364239

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    56cfb94b3e70b4872cc07b992abb00c2

    SHA1

    a0fea2def695d7b9930ba10cc2ce55ba0428f054

    SHA256

    d92743e3e3a4f3aff256fa1de390919e36078cdfdb4b3c505ea4cb0067ca1daf

    SHA512

    df7ef53bea62f62a494c82182b67ce693c1d96d85bc31315c614a8e1930510d6a94c70707c9b5ed73219b7294f514cc3d0911b4fab76f064c9d66b1f466b6d15

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    df48a85dce800f7d55fc41e9adb9579c

    SHA1

    8027574469a1c29537aee30d783f4013577bd699

    SHA256

    41658e9ef49e369a420f93b75414297ef1c3efbab0338ebaa8d7a8524739dd6a

    SHA512

    486fe9707f6d24a5c8798acf863658269ed4259fd3171bf8113e823ddcc990c85e4dfd2bd02134b0a3a8a86d5d8fb91bcb7162745f900ecdbbf4fddc6aa3a22b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    495e3967b00de401ce3dea396b890c82

    SHA1

    9f566ce63dcaf6d2b924721ea11554f90879ec5c

    SHA256

    3a75ab1495f9f55d0596a2f8e2c9e6297d3e581981fcb044edb9efbc3bd1e39d

    SHA512

    de76c5d5d38aed1cd4860a777f612deba40f7cd854b89237649bbead72c4920fd35a98264f479b36174c48382ee6f26b06804e55def831738e07c9bc9957e5e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    28c1c22d835378899d29de093de16bed

    SHA1

    3efe8b4a68448c7e226e143ddb0406de4584101f

    SHA256

    b71427c0d1d1956b204d5fe269bd4f828e4401e6a3b9d8b69e214fcbf04cd9fb

    SHA512

    3dd2672b697c527d32585908de39b9b727205afb98558759dd7c049324f9f0f0db75c550ca53a87826ff688826df975efea22f6257963523f0375f3e8c88716d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b50554cfdaad3dda59b4c60cf36761fb

    SHA1

    ebf549451ecc57c30c680cdcefc19ba2168a52e1

    SHA256

    de521bb248bd0ed253b39ba456240e966bced2a02ba2a26ab0320eb228a84a72

    SHA512

    f5dc266384d3ff2952010ab94aea4936a77e6e2cdf8ff4fcc1540ef6c3f7e2d15ec42dd305b436bc74dd91a32640e1588829acec9ca6f29c5d145fff8e58a731

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b50554cfdaad3dda59b4c60cf36761fb

    SHA1

    ebf549451ecc57c30c680cdcefc19ba2168a52e1

    SHA256

    de521bb248bd0ed253b39ba456240e966bced2a02ba2a26ab0320eb228a84a72

    SHA512

    f5dc266384d3ff2952010ab94aea4936a77e6e2cdf8ff4fcc1540ef6c3f7e2d15ec42dd305b436bc74dd91a32640e1588829acec9ca6f29c5d145fff8e58a731

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cf49b2069de6e30e92426a13a6aa04a9

    SHA1

    9dabc0626fa3a005d547c1545e06a9b542c211e6

    SHA256

    5ef4152201dc8e2dbed7f07ee70928cedf2bebf6d832cee0a9bf574a35e6e965

    SHA512

    5120cfd35c3554368db31bb77ceb9df5c0ec6b8a94a9667b126323e9184d654a0b9cf62dad88dcd192a497da973410448aef03f2f950c6c1e61e98ceb1091b6d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8f1a77bf90b4eace2a39e1dd4009203b

    SHA1

    78e03933a61c2c21942868171ad3909151f46090

    SHA256

    b67170627beddddf13046905db3d96818ef743a2df71c33753593981e636d073

    SHA512

    e0f00335e48b089ef160c12c4a4d18a62d0d5e5245c139334ea4e0dcde0fe4062e27fa7f011f2e8f0b130695e2422863c64e2a47c3cbbc48a08f2df34ab4c1d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    350f7e8e24e3a1dc5d1efd3e341a2b99

    SHA1

    d5da28f639358c60e9141bc47e7f8a63816a9d17

    SHA256

    324384894f5496d8ed021d62e4fd505d82de693b5d5a880124faa8ebd8b5f4e0

    SHA512

    bf1bc1c3ef65cb89f07c4e1e4cd6702c581909c2ea5ef57d6e8d45c94b22744d9335134d09b80c7ae0cad34e2e30005ab8d6449010910a129682eb4a5a20f2c0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD1E1.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD253.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit