Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://www.mediafir...

windows7-x64

1

Resubmissions

05-12-2023 11:48

231205-nyerkabb78 1

05-12-2023 11:37

231205-nrgmksbb52 1

05-12-2023 11:30

231205-nmktfaag4t 1

01-12-2023 08:49

231201-kreansgc79 10

01-12-2023 07:29

231201-ja8brafh46 10

01-12-2023 07:25

231201-h9ggmsfh38 7

30-11-2023 13:08

231130-qc7xbscd2x 7

30-11-2023 08:58

231130-kw7g1saa3s 1

27-11-2023 07:20

231127-h6jslafb53 10

Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    05-12-2023 11:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.mediafire.com/file/t9usn5skz63s9p9/Sipari%C5%9F+%C3%96zellikleri+pdf.tgz/file

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 27 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://www.mediafire.com/file/t9usn5skz63s9p9/Sipari%C5%9F+%C3%96zellikleri+pdf.tgz/file
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2908
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2908 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2864
  • C:\Windows\system32\winver.exe
    "C:\Windows\system32\winver.exe"
    1⤵
      PID:1964
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
      1⤵
        PID:2804

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
        Filesize

        65KB

        MD5

        ac05d27423a85adc1622c714f2cb6184

        SHA1

        b0fe2b1abddb97837ea0195be70ab2ff14d43198

        SHA256

        c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

        SHA512

        6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        304B

        MD5

        55b330321656990547fe9b82da4b4bf2

        SHA1

        16b94d26457cd9c11cf7dd18516bd1596440593a

        SHA256

        59cdcedc69244447a9e61c71e741c83e0dd7276a493a6b94ba617e6f194109e4

        SHA512

        00875aa941f69b19e5ec4c18225990578cda372e2dd0cdc36858d7b83072f8a798e55db69031ca26261b5df0527e148bf0d9e9a4fafa82912d88a4871fca6d98

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        304B

        MD5

        101d3ef4e159ccfed9935f35020dd47c

        SHA1

        3877e9c97e9c30d1b0e2baa23e57d276f7784108

        SHA256

        c5956b6709b5e4f96dfa7d8c6160fffe3760a4d63955a0d1bd8d3352309302c9

        SHA512

        e266ca6fb8592e8f0322eeaca7f53b592f2f34a4ce06a233d2ce696d3d89ac41f78abd6dfb69cdcd1dc92f209bc17ddbff5419e7bf53840330b6857ad9e42f3b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Cab625C.tmp
        Filesize

        61KB

        MD5

        f3441b8572aae8801c04f3060b550443

        SHA1

        4ef0a35436125d6821831ef36c28ffaf196cda15

        SHA256

        6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

        SHA512

        5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Tar634E.tmp
        Filesize

        171KB

        MD5

        9c0c641c06238516f27941aa1166d427

        SHA1

        64cd549fb8cf014fcd9312aa7a5b023847b6c977

        SHA256

        4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

        SHA512

        936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

        Download Submit