Analysis

  • max time kernel
    145s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    07-11-2023 13:57

General

  • Target

    Bv9ARM.ch01.html

  • Size

    25KB

  • MD5

    76cc99f7d5d3f406c827acc7207095af

  • SHA1

    5e847de6a2d3ede2f7a0bff62258ba0a62eccffa

  • SHA256

    a5bfec7fa16b538a5f7bcb668a30bdf82e200a694cfec9b983b31fd3be8e4428

  • SHA512

    363192bee1a477681cf2cfa651423610d46d78c16b53b79abf7825b71c8a56a700fdf0477775b2ff093136a04c170287d30c4ebc1411e4e330e3d35d3485c071

  • SSDEEP

    384:nyvO8QY53GdYrfYLzYGzfZTal+O86gUGpp8lJ:n0OoQYYNZTdOWtDuJ

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Bv9ARM.ch01.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1768
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1768 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1860

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7a593cbded907ba0cd1b6aaf237e5f11

    SHA1

    c12e422c025b6558fc04c09e4fe331497c830bef

    SHA256

    86404e3385438ae91fff3520f0b47c782f38ade76cab97944e0ca16e5e0c38d1

    SHA512

    925ddf4482591abab1ebe2d6ec04cf561e28b9f8032d7e626c3d025d462708e0113d0eee2ded9245584039109412935b6da83b19804a2ff1cd7c228c45911bb8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    dd25e6c02a5f73cef290964826b4759f

    SHA1

    f395437470822869912dedd1e704ddf63ce297ae

    SHA256

    3f39b1c7969ee06db341800bcbf3ae513eca4f1f9c9d7aae9b395c894302a882

    SHA512

    b001147d8f15fd2aa3d2e896af4ae82d6daaf5f2218f02d5ceb7cf8e27a682815fbef4041aa31b367dd1d7b13bda77e6ada787084748e2b47d38b4c2c4356f16

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    21969f0f8792f77705586793d06925f7

    SHA1

    355757a6f1ecbf7ac6750ad97aee2baa5a797bd0

    SHA256

    b80401dfa336f2924a53b3e008162cbd0865ba781ef1e5dec22e32380833a482

    SHA512

    444154974b8faf0e7b262c668fb3f3e49065d1d1655a7b55a0811f52a13e0557c5261911ae1057bbec961c0600bc3f208250d75acbfedc3a1c471aec0cb8e05e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    afa4ee9bead763abcb5e7e34897b7c38

    SHA1

    80cd54001d2269072b7aa7fa85653acf41d24cd6

    SHA256

    d34af098fb79be1d8216300c7bfdb12d78508043f026e356b5fe8aebb58eccd3

    SHA512

    20e5d6d0d923a4ca0adb793205fb02cf7357e99c7bd8169ff477753219b8f78740c48621e9efe7be2b008513087669da080c7bbbd4c0bfe4a5aa69596a1c6ed7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    165415c34484ea2404c74ca450d93ddd

    SHA1

    93aceb04baaca58579e3c29587535abf15117aaa

    SHA256

    ce3b6604f8cdfa87239517390d6e89cea85c9e15bc56840c698bfd4302c52254

    SHA512

    ab2ea01dc47b7dca6fe5e7ea8b50c9b61a3ccb8f78548c001779e4c4180b11877289bd082b001627131a35af7986ca8a710a411d16d2e16877402e59274680b9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    46dfe6acb7a04f0e6291a0cada48d6a4

    SHA1

    4409f92706b158afe69541a9d326915d4357833c

    SHA256

    0469ae80e6e540777dea3191899fd911241f6fc42f3ce0fcb43567691f3050e5

    SHA512

    e7f8385322af5d68266b2fd803330ff77c79043654c7688febbaa5b1aef3df0548607c60fe794d29aa928316b2d5ddd329da950a946321a9c577362cc330fb19

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    30ddeb44efe3e27ea6178b35ca74fe3f

    SHA1

    482bef3ed4da838b6041d4bd774d58474e5cc110

    SHA256

    24d7ba8b8d1e7f7ef52ebde9b1348d34e2b6399d5ea9cdc413208ef0d219cdd2

    SHA512

    9d7dcc320d5e6cc8983afbe536facbe94debbdffcb49766446d72dbe21a0790ba0c8f34d9dd27fe326267c89a3b5b662eeece022b911840d1206803ff233c83c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    14d18b52af6ae003a1ec37ed549fb138

    SHA1

    cac0876853c4f15bb04e6ac7de3d00a335f3d383

    SHA256

    f48cdd993b122321dd3100a950381ece3e28efc3b934f3dcecaa6db2e8fb051a

    SHA512

    156ab1e199622e3a67bd314675b4d54805796e304cbdcf307f975819052166fdf4d7c9a623052fba887115f6734853cdfbed5a0ba60883d6bf989c99e3317489

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d804e2d294ddb921da36363edfa1ec17

    SHA1

    52fabe5ca74c89e32893c49ef3571bcfeea9291b

    SHA256

    5cb99851cae369baf9c4a83bad6b9721133a62e9b0fc53e3ca50e37d1ef58a75

    SHA512

    d81e5d4598eccc33ac93b98a6e2bd2f639bc266a0b8d1e50d62202a59cf7000984a902ba2c0697d26beab2995270889e19162ec62ad6248e776371341efefe4e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6e7184c55805955fdbd99c7e16a444e6

    SHA1

    0c087d2afde17a1fa3db3ac62d2bc1cb99cf3011

    SHA256

    a7cb171d43029e42e812ae18a530b57af168afc5f2d644018c66fd9c7100d5fa

    SHA512

    2037d6979713479f35330858202d98929db0aa2de85a109f161871b32c57bdb842d68ee21978665bfd0d220e2fd8d19c9bcacfcc6127f12b9a2663df4b8e87e5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3a88ab030478847a68b704db1f775fda

    SHA1

    bd9eaedef9260d585e2f39ee001e42a4d98368be

    SHA256

    3f86bae97a0b3dc72cf188dc2b239ee8f5d23f67a73d7df83961491c94fdc629

    SHA512

    fcce80b636e5ba2de2770028f70eaf9660ef43e4d1cf291852b0525612492b61eeb77256a26dfc3a6a421a449d20d0891d89356834679ec27d24c7b6ba78554d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    305242a57eae49c56b8b91b9d5d4d2b6

    SHA1

    30927e1c3536323c59910b3533f0fc84bec24e55

    SHA256

    4c09f2fb4cf9ad27ce5021d8b3af20d214a715db44d6cbe1ca6435efb001e58a

    SHA512

    bda8fe78b80dd3a9b50f8adcaa9bcf12873ba51768772532adbbdf10682dfffe6ec0f20fdcb185c7bce15b7bd7230acbd3ab9563d2f7f8856fe1dc9e272fb14e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    47ee280568e540f1e4628ab415528124

    SHA1

    11dd26f35292775847c0a717953cfc57d282096c

    SHA256

    8db2a2b15a03300ed3f2f18222572ecb42e64fac161bd31f2310768aee0c3fc2

    SHA512

    3b88fe2ddafb36dd1d58e3350b01ec7afe86e8d97c2af712ae2def2c23813db357966e82d25d9ff7089857d6894047ca39cb202c8710355fdd6208f2500c416e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    43b096b8f1ab06bcbe7a79ba393b9162

    SHA1

    726a4ed288776cec1cf904055d98174c416d32f1

    SHA256

    59f7f7a77aab3db2b732c3ad6df4146199fb35c45aa5ee4b2fc541f083b405f9

    SHA512

    f9543b5df2f5e34c293db82a79312eca06322659b2da815179b4180fe24aa709c8f2219c14e814c0978cad0b0eae0ce5f875f29cacca889d54a5032e8691a714

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2065c2c8a6069116eaa0cbd2c7457faf

    SHA1

    a99ae675a67b197a7b5ce1a1d9247d6c3c483e65

    SHA256

    ab469d70b0aa16938ec26b403a56607ff80ea5d2849fad39450e37e0e12e3688

    SHA512

    a46c7efab23ea639104777b073acd7832720f3086612f5ecffe2f650197e8887cae953f54c1e3666fce24b58d588af032c1f0f11d7e791cf4140b03da9882013

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    da93d26f9fd1b35ecf652c5c243a5f11

    SHA1

    eecf2205eae4463cedcdd36545324a780629ae58

    SHA256

    47bc0fd37a41bd8eff5927c508f5754ecbf92165f15259a258347254590ee8c2

    SHA512

    cfe58bada2a465a0faae20e21c9b5db476e79fce65464ad3bff97f96283fd2557514890add2e46703791f750d45b6bcdf75e53f5f585fc892ee0f8c678ddc8a2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    eb565446c7e7b00de33418aa371ee9bf

    SHA1

    c8c286c33449971e49eafe21891e1824efbd71d3

    SHA256

    cf0f8531419ea7fd90e6712faab3919dca149bd3661b50078b3ac377e6878419

    SHA512

    64517d79127a77b3e303ca68acff5014149682106fd8ff8e75ca92d6eaeddfe0c6fbc2daa52e1d9f03d0e91dd979ee4f85eb4c5add58676d8c1059e23210778e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3aeb60094a8cbecffea9136d025e23a9

    SHA1

    d25ef34b2253d1672987e6c5bd1f7e4710608364

    SHA256

    e2fd5c793991ac7994f242195ff422d32b959d8cc2f7f0c47c7e56706804d8ee

    SHA512

    00948dca063e8a8be902f20d1a3e95b1c11e43daaa823a3d384d04147e126fc0a74cbd9fbd7f78f9d10aea3e00568d57bb9863b091da264f0580f87385eb8859

  • C:\Users\Admin\AppData\Local\Temp\CabF596.tmp

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\Local\Temp\TarF666.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf