Analysis

  • max time kernel
    72s
  • max time network
    67s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    18-12-2023 01:17

General

  • Target

    https://www.paypal.com/nz/smarthelp/home?v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000238&utm_unptid=83c3a100-9906-11ee-b3b5-40a6b72932c5&ppid=RT000238&cnac=NZ&rsta=en_US%28en-NZ%29&cust=&unptid=83c3a100-9906-11ee-b3b5-40a6b72932c5&calc=d9d426c3d52fd&unp_tpcid=invoice-buyer-notification&page=main%3Aemail%3ART000238&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.219.0&xt=104038%2C127632

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 46 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://www.paypal.com/nz/smarthelp/home?v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000238&utm_unptid=83c3a100-9906-11ee-b3b5-40a6b72932c5&ppid=RT000238&cnac=NZ&rsta=en_US%28en-NZ%29&cust=&unptid=83c3a100-9906-11ee-b3b5-40a6b72932c5&calc=d9d426c3d52fd&unp_tpcid=invoice-buyer-notification&page=main%3Aemail%3ART000238&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.219.0&xt=104038%2C127632
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2320
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2320 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2352

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    55d8484c2f8a2481e965138a5111a30a

    SHA1

    acdfd850f02c641aa2016128843df65f07374940

    SHA256

    de4ad81187a084a574af6b84c961dfc9aecdc49d305162874e8ada4ab61c8347

    SHA512

    64d2e2cb6a51d851cf553edfbe75a23116d7d884a518f55d3aed86a372f4dbb557a14e74413e68e56349121ab5181225d06edba76b40273cda0f2005c736c3b3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    39eaa8bafd51517007994481978cb9ff

    SHA1

    8add40f945e073465020275efadb80ef8b71d94f

    SHA256

    d4a74bbac4c1c568cb7530c349769ef7786a62e52c0fb4a57d9667a27a098bf7

    SHA512

    9b57d0dd3a580a1a4977b47b3eb5e0b3841800fcb05442ebd11fae97f7dfbfed6ea8084843df793094983e07a5568776db6ef13bbc45cbc79149796c0c87e745

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1e270baa1fcbf1781dac36ecadbaf2c2

    SHA1

    01bca9d06adb8aa856a15251ae7b3d8988072603

    SHA256

    484fc3a6d77a4601a51a1d19eb1d7b43aca56f3e80380a20573a448821858fbe

    SHA512

    bb6c153361e1498c7ef7dda66cfff14a9aaeb99509a2f2e7b4c57e9af9b32f0ec5db6b13b729f8d97b6b65a75c12209b55c2f4b8994859d1391501819913ddab

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4a820d93f3b5be2899d0941bef8f77de

    SHA1

    a4fc28e2883a5cbd71fcafa462705368e5365509

    SHA256

    a53c3c24a4359f3b434709f86c80164aa0354e2593acb7d3eec24f67dec79cdf

    SHA512

    309145650c343ac3c6cd5b4ebfe7f41321ed0d80804ee27fd16abb4a5d169d659987d0c12d768aca3fbb9a220ac7bbe55cfa560066bdd081fe48be2b331e516b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0dc5c64f8efecfb100ae6700a7481a2f

    SHA1

    36493ef1454b9eeaeee5a32f94f0266fc31a61bf

    SHA256

    f7783f9cf411d7dc3303a20b38065335c4cbc68a8215096154ae8f62e99d810e

    SHA512

    ae6bc5f295c3b13b7bcdb218bb177711973bbdf00906e7a98eb5ae759b2b1a6d1a9d180889c9fc0d11e0c7904b098ed4f80fd7983c5cd2face0a51bb1c8749f4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3c03399f2715a66578b81f496a65c438

    SHA1

    b62ca89fea6555617c37a0fa9a4c575d8e16fdcb

    SHA256

    67ec39750fa675e71c04eef95e85654b8f0ef7f099cc483fdb8b97f02de05ab1

    SHA512

    47241322bb62a5a205ebb601a270a01af96a2f65abc4941ab659d3e2389380eb32ad0e24e1723f343d3aacafd49fc902e595d69248d04f9cd1c4bb5b4654a68b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ae4c78e5dc947ce3cddd9e1ee12316ee

    SHA1

    be359f3c92f20ac0852e8c3f14dfdb173928b843

    SHA256

    cabfcd52ab866f81ab68a29fff2399c37e0f9c955390ae9eacf1ad2763727673

    SHA512

    d2f50facc35b1543278d50f86fef2b994a13280e7bd1fc87163c79c05d5b6269b5a0a33c16af00d111c3aec531907c0d57bd3016300764392d917c9608a0da2d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f9a7aa538c15177ff41bb187caa3ade5

    SHA1

    5ac6fa1f6e5a8033149fa272969b006a05cdf86a

    SHA256

    fa53704a36d290ccb3975c062adcb63352d570db8969412d35fc6eb68c0cd00e

    SHA512

    2b2bcae114114d4fb27941b8c8a848a49f0576fe63575d74c9f28c3ea0d1e0540dedc1bcc2b4b281486cf8b1107f8595492771b327420625bfc950ea062cc24a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    bc07cb7ac65449a321cfe367a0020c68

    SHA1

    cbd65e9ff085eb372d5cf726abfdfbf5bbcdfb7a

    SHA256

    3f589b0263003f810885025dd3cf2e0a4bd16ac50f8b5af8e6138bc20016489d

    SHA512

    9d47791584c94d6a372c0578025e3ee7cc0b4979b9de6caf807c73a22f30ab1b709a4e2c119857ecb0537b24277a34b2c2db38b91004923d9fab31a97634d199

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    59305514553fa5fdf6ca63e367bdab24

    SHA1

    fc13fdf4ab8cf2c5dbae770aca21d99e934ce1bb

    SHA256

    e20f337cff231266d86db44567a388e058b174a16926ca21b13cd78283324f2c

    SHA512

    8dd3765fca727a256c85ea84e2a48a6c1c7e2d2e1a41c1bedea7e1389a601f0edc5ad176c4a19cd92126d1feac917c8e7713b4a90b0573e1fb9486fdd1388393

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    106f9de2136c65bdd52f0a28e7b2372a

    SHA1

    99f020d2c4ffd91b232ed3f1c12eb75b780d1f4e

    SHA256

    25393eb767639c1c09dacad9e52cbe68f972039f30fbedc6be76b38f532671d1

    SHA512

    7a1ae9d2dedbe2f95558ce459e28ae6cb305c2916f546a1329aa4798739a1eeda2c942d1b9d8f32572f991bcc4381335f9347689e2008ff576579f7042edcaeb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    672fff683da7fac7ec2ac3adf9d87754

    SHA1

    d5e125f5a76228bb8f08fb843165abaee370ed93

    SHA256

    4ab469a598e59dbec6524b64232406ac04c4bdde65725291a9bde7923fd2ab17

    SHA512

    1493e7c2585617e4591f3cf40bb7374c05499ff9c5da7e2c54cb3595de4508bdb39f3efee258c97ca53e55dd15c7871761bbc4009e704c2ddd8775e073898743

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    bde1e178c9e6119e15313e1350d466fc

    SHA1

    528893c8b01a5efdd6fd7832a5ef0eeeda24cf7b

    SHA256

    d2e58b43406afbdebf793d340ed16d44acb86a525b6ba18bd2173fef8fd6bac4

    SHA512

    77363ac10198c7a70bccfe0890e1d052bbc92758b7766395e82ab473b1fb7d1e0e4a4a7f0047f8497534a03701084b3037d400d12899ce7413a428d9e6195c85

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8ecc0f34c0d4d7ce3bdd0cc37ddd940f

    SHA1

    d1c65de03f28d27077f6abd750259aa650bcb546

    SHA256

    4c16e20054e539fb575f0a1f5f33f7621a1a76b4b89cae559ab81c868b7d5bdf

    SHA512

    cc9c005fa07a1be0337e2d992329f4115d8ca26d91ffbd4463772b2faf64fc149b2c44c043c3475f092889b182aece1dd2a2f376fd0583b808cd8fa91a6a6f93

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    99744dfc9e21cf2226380a42c23041a0

    SHA1

    3f7cb333e6919fb55d19696a92be36492cebfb36

    SHA256

    ea678d69be278f12fbabd3c4ff53aa1389f88938e8a3778934818396c323f37d

    SHA512

    813baf5abc68a646a30805ee39baf63f743e8401877ae2b0e557924cd7c59410b536d76c6358f6265378df18627688a3e28d97433bc3af30d2f16aa8a4e4fa72

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d0219677a28ab69f8c892833a2d621b6

    SHA1

    1a740de4b45c332c56035603f793857c88f83246

    SHA256

    945e11df88f911b1e25232c4c2a5a2f4e9bab1ea7ed9cc9617d6a4fa3383f216

    SHA512

    a78f3dc6cab4e797c84e088d7f30fecab3ed2f2b1eb05bae270374ba8f1123150d14334566ea14a69d71ab42edad90cefe26d0de621730a9d41c64bf09b0708c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5c3cbaeb2e45911a84e75ba0e3c3410c

    SHA1

    ed2ce1bb51df791c06a69da3f38a1169665e34a8

    SHA256

    a00fb71e87a7a00852717725b0e89411e81dc33f4c765f9d20ffd41087efdc79

    SHA512

    013571c7fd5a0198bff39d50ba54883007e50070272f1ec61e8106cf434fa94f2828b1a0bcc633e803c9a0717968f1b1f18252fcf31a238e73d43f5325bc0539

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1c25069819860d33f01c9facc570b4d6

    SHA1

    46967f4fcce85ae027f098d19a12bfea8b5efa8d

    SHA256

    407263ed2bf6c0665f32df17919a79fd0f2995ae2b47fb7aee0b8115ae789316

    SHA512

    228feb1b68fa94f603e7dcfa8bbc74f89962e31a204be47c932e085f38dd3e8ad07ba644d24d651b3647bc3dd5c8ba96e6ab816aa3d62b54809ca81e0a84c944

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    09023b475a636cfcf282e37510997da8

    SHA1

    6b1246cf3fdfdeef844b54e69eb2537f05262ac4

    SHA256

    3f7132cbedaf8d378131712ac52e247f3c1460b8489433326814772c09b6a4a2

    SHA512

    0c931cdbdc21e762721acd3fe77595bdff199598ebdbeebf448e3feb7d8bb427f7ccf4fd7bf06896fa1d1139cfbf65dc10300e6eab96baa729f2a71769b80bc2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    423a0a1500684a281122a495e9f66c6c

    SHA1

    5a7710dcae712099f50f1b7873ad2d795c71bb80

    SHA256

    b902ed10e5383d1f3b7da68549bb0abae41ec51169f7ffb318ee53e70d3d2b75

    SHA512

    56b896d584530345d107d9a8e21f90802e4b726247a9c0f8f27af92b2d7f40957d3faa819cdfafa30d41900d94ce425483472163ac399316b38c86266c15afb9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    82040c641423a7233eb9fd1f364423d8

    SHA1

    4c8c34e64bbeff65d61c00c649d5d36b4550bf29

    SHA256

    6bbdaa086c21d714db44c5853a059ffc655d7c2241bb97b33ecaffad5f319499

    SHA512

    f1511d4c4dfbc6c51c934a0935ab865accb045260c0538f2dbe440b0be66164318c6b15182d73b41a7b40460839b111975e65ed8a256abcf52fb0be21a12f86d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    5e1de473c71c31a5fb3660f087b0d4c4

    SHA1

    0e34f7f62eb34666fd197579f42747246052dd27

    SHA256

    c3a260854a66280abce3864e9cc83f5c0b9bc47725436b52de61ca6b24797818

    SHA512

    4a4c5e64d72d3ab07006b94151b690c14cc6d09255dbf4afc80060ee11dc0bfb7fb0e42ae2e2cde359483eb02e310ded697da1c1ecd1b56fb6eed1ec85c7c4e8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat

    Filesize

    4KB

    MD5

    e8316f18f8a893c2afb30623b132e440

    SHA1

    8538e87bc75ee49c4ae1f5433d6da77c885b31ad

    SHA256

    474eb0b6d3569020b80f62972adfcec9b73a1a0667acef97c85d1321f01e63c0

    SHA512

    4e540111557bc414c4daa14035cbdd121fe6ae1c64e13876cb76e0cf1aec1b67e45c1f45c4b3514c236dbafc2fa34bc9746bdafb2d42ffa694fbd53b4a5e34e7

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SMQ2NDJU\pp32[1].png

    Filesize

    3KB

    MD5

    8f4dd9ccb66a6485107e80b6e86063f9

    SHA1

    fc5220270099d7079a068e5fd3ac5ad248f2e15d

    SHA256

    9e208d404c81e5fc7170c13b8564b1368100d668b2071b16ee14600d08519ac4

    SHA512

    d7c9dcc96a817ff7816a8a16f3958206eb9f8c6538c522c35715357dd2526f16c643607fd79ebca31fec904ba364477d19c117bb113cf7f61ab0604a1781c4b6

  • C:\Users\Admin\AppData\Local\Temp\Cab79F.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar8EB.tmp

    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06