Overview

overview

6

Static

static

1

0a4af0e8ed...a.html

windows7-x64

6

0a4af0e8ed...a.html

windows10-2004-x64

1

Analysis

  • max time kernel
    130s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 01:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0a4af0e8ed94e2647f3e25a9b23d392a.html

  • Size

    199KB

  • MD5

    0a4af0e8ed94e2647f3e25a9b23d392a

  • SHA1

    1fe7021823614b59d07124a9aeb979f78a1f0873

  • SHA256

    cf9a967403c9158a7ceb50174d4bd5b09e9194fe41211397cc8582f4fdc5a1c4

  • SHA512

    d916ac6bbdef98a30e5249ea9cce0ce7f5d3d076e112430fd5f49b01f7c4fec926f7ffcfc4481075f6608bafa40f1deba94d040efeacb86fce70af575fe59b5f

  • SSDEEP

    6144:s8HcIIIs3G4k5QhL8atV9iVQ5MIsuQyf5bTM+MdBXpKgXpgx4t4hO9mge/bE6zbG:/cD73G4k5QhL8atziwMIsuQyf5bTM+MD

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0a4af0e8ed94e2647f3e25a9b23d392a.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1772
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1772 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:808

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    5684d17c19c43c9f1cc2a8d6f645e060

    SHA1

    42545fb9d911875f3f55f23b03a7cdeea158cff1

    SHA256

    69d08ba46c1be6a15425950f473f64451adbe8c8b395adedcb49ec87a556ecb0

    SHA512

    5b495352902f0137607a92326f51197363af5b53c268cef344ac8d16f4abff3263b7f1ff2cae88a0dbe62fbed9b2c54d6eacfda504d79f11ad930d1adab86f0e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    292d21e585009a16a93dce0611789ba7

    SHA1

    5f33c282579a419f4819252f1f4793c930f9260d

    SHA256

    fe06e32816d52fac2045e3e702e9ec7dd8858199121d79df6a5a546c61032f77

    SHA512

    6bf39b3fea84aa76ccf4b61ed5c34f316eb3d3c5b153b3b87e6b2c729571d54c4ce385c3549f8b8ab504cb978c47133af25db56f8f6e182ffb32459d906b099e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b01a7cda23bf30a645dafeba6230e6d0

    SHA1

    955fc9eb71889c41a0f63f8cc99ce14a0892b4e5

    SHA256

    09d2c3f4a2bef31738913264770af552b397a51d09f0e29a9d17758b2723d10b

    SHA512

    c4da6a0bc425dcb2cd76d723e9bffe3dd866f7b35f7b636e041bf0f2ab40dd06416e0565d584ff154d900976b86b05ec3e8dac035dac30ae1e6b64ef01a668b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e20542f145222a479df8358c589861b4

    SHA1

    5076df03c0d8193a9a0bb2e7554f85268eeee4fa

    SHA256

    bad0990122403fe425fc514274c4fc00eac2b71bf33de55332dc2a1c50eb2ba1

    SHA512

    008902e07891d60d03478cf2d1a16bb524bed5e1678764ccf165524b15549343e23096c191bad5b57ae77406f5b38adda81b6c5f516ce04400e4fbe73df0bfad

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIEDGG3E\0N0RRQC5.js
    Filesize

    157B

    MD5

    67e216a27dda24bdcb086c2385b0cb99

    SHA1

    17141c80f5d32bec3691c5ab24741d8b7dd5f0c6

    SHA256

    9dc433b2142d3ba0803fcffa53f19d34da26996d20c829df6d694bc887325dd7

    SHA512

    802319543dc64cb011bc2684004e878a842b73aa55e4da1141ccb8650cbf42fabbf2b46c730760bbfcc7a140e11700244b9f5da78bafe9fca7ec7825c12b4255

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFLWQ602\rpc_shindig_random[1].js
    Filesize

    17KB

    MD5

    f019fdda31635d2a31b151ad8ad56c7a

    SHA1

    6adcbec55f66ffaef83d9a134423aa98eb2a2189

    SHA256

    c7fc0b1526533002c956ebf8e8c42c3ad3f96c41ace73fb4063cc89051944831

    SHA512

    fc278c12316e098976833882a38c788d812f9d36bd1b9b2b8c87dab4dc906af26a860df95436ea1b7d509236d44d0533d475a153437f8f5d42653fc28a77ad64

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFTKP12M\478691279-postmessagerelay[1].js
    Filesize

    12KB

    MD5

    92169c8a0fbf6e404267d0705cdbdf42

    SHA1

    a5cd88b74ca5ced239cdbfb458fe25540d671f46

    SHA256

    dba668b49a111527aac8f616b9053ea57c944e01a84ebdcd02a13da921223384

    SHA512

    8c5d35ea512fa7be367cd9a9ded2f23822dcce730e5502a355ed0d48949ef763eab13be0d50a66de6b0f8419d6a002c12c4ddbf20d97f5393ba922e48a4f02e2

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFTKP12M\plusone[1].js
    Filesize

    56KB

    MD5

    1944af3661da46249991197817b6cd8b

    SHA1

    f952df40ec79fafc7c798f37aff92878977376ed

    SHA256

    63326a1c4e0eddd3501f0a064b06a2708eb0362f3ae934f53145978d3d0799b5

    SHA512

    0bef19b32be337cfba179ed9ce4533a207cfe645d2e5fe0da9fadc7b01c72704fc89749670d1ac48b8d494675bc62ac089fdc4d8495979226f10828225594376

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab35F1.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar35F2.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit