Overview

overview

1

Static

static

1

1b9fb1f770...5.html

windows7-x64

1

1b9fb1f770...5.html

windows10-2004-x64

1

Analysis

  • max time kernel
    4s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 20:14 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1b9fb1f7707d6bd4d9bfddd01fe829f5.html

  • Size

    852B

  • MD5

    1b9fb1f7707d6bd4d9bfddd01fe829f5

  • SHA1

    a4f1ea5014fb48bf778913a7d0b652ebd71ba043

  • SHA256

    039461cbff1063a8ea8ce38ab9fcdcbaeeebf684e4a0bdd8f0ef16bf14828b27

  • SHA512

    533ae194bcd6647b3171d783806dedfd4f7667fcb79971d2afdb2c99824c9603df54db957777dc229506d04ae4580f45a6a9e640f6b18d7667c03968c9f62f63

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1b9fb1f7707d6bd4d9bfddd01fe829f5.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3024
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3024 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2660

Network

  • flag-us
    DNS
    frookshop-winsive.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    frookshop-winsive.com
    IN A
    Response
    frookshop-winsive.com
    IN A
    18.158.88.249
  • flag-us
    DNS
    frookshop-winsive.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    frookshop-winsive.com
    IN A
  • flag-de
    GET
    https://frookshop-winsive.com/redirect?target=BASE64aHR0cHM6Ly9ldmVyeWRheWtvYWxhLmNvbS81MC1saWZlLWhhY2tzLXRoYXQtd2lsbC10YWtlLXhsLz91dG1fc291cmNlPXNuYXBjaGF0LXhsJnV0bV9jYW1wYWlnbj14bC11cy1hLWVkay1saWZlaGVu&ts=1630726999150&hash=--LAMlOvlPCJXitmVUhldv952U--2h1U1tG7IEVmSBw&rm=DJ
    IEXPLORE.EXE
    Remote address:
    18.158.88.249:443
    Request
    GET /redirect?target=BASE64aHR0cHM6Ly9ldmVyeWRheWtvYWxhLmNvbS81MC1saWZlLWhhY2tzLXRoYXQtd2lsbC10YWtlLXhsLz91dG1fc291cmNlPXNuYXBjaGF0LXhsJnV0bV9jYW1wYWlnbj14bC11cy1hLWVkay1saWZlaGVu&ts=1630726999150&hash=--LAMlOvlPCJXitmVUhldv952U--2h1U1tG7IEVmSBw&rm=DJ HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: frookshop-winsive.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 400
    Server: nginx
    Date: Mon, 01 Jan 2024 03:38:55 GMT
    Content-Type: text/html
    Content-Length: 231
    Connection: keep-alive
    Cache-Control: no-store, no-cache, pre-check=0, post-check=0
    Expires: Thu, 01 Jan 1970 00:00:00 GMT
    Pragma: no-cache
  • flag-us
    DNS
    apps.identrust.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    apps.identrust.com
    IN A
    Response
    apps.identrust.com
    IN CNAME
    identrust.edgesuite.net
    identrust.edgesuite.net
    IN CNAME
    a1952.dscq.akamai.net
    a1952.dscq.akamai.net
    IN A
    96.17.179.205
    a1952.dscq.akamai.net
    IN A
    96.17.179.184
  • flag-us
    DNS
    apps.identrust.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    apps.identrust.com
    IN A
    Response
    apps.identrust.com
    IN CNAME
    identrust.edgesuite.net
    identrust.edgesuite.net
    IN CNAME
    a1952.dscq.akamai.net
    a1952.dscq.akamai.net
    IN A
    96.17.179.184
    a1952.dscq.akamai.net
    IN A
    96.17.179.205
  • flag-gb
    GET
    http://apps.identrust.com/roots/dstrootcax3.p7c
    IEXPLORE.EXE
    Remote address:
    96.17.179.205:80
    Request
    GET /roots/dstrootcax3.p7c HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: apps.identrust.com
    Response
    HTTP/1.1 200 OK
    X-XSS-Protection: 1; mode=block
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    X-Robots-Tag: noindex
    Referrer-Policy: same-origin
    Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
    ETag: "37d-6079b8c0929c0"
    Accept-Ranges: bytes
    Content-Length: 893
    X-Content-Type-Options: nosniff
    X-Frame-Options: sameorigin
    Content-Type: application/pkcs7-mime
    Cache-Control: max-age=3600
    Expires: Mon, 01 Jan 2024 04:38:54 GMT
    Date: Mon, 01 Jan 2024 03:38:54 GMT
    Connection: keep-alive
  • flag-gb
    GET
    http://apps.identrust.com/roots/dstrootcax3.p7c
    IEXPLORE.EXE
    Remote address:
    96.17.179.184:80
    Request
    GET /roots/dstrootcax3.p7c HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: apps.identrust.com
    Response
    HTTP/1.1 200 OK
    X-XSS-Protection: 1; mode=block
    X-Frame-Options: SAMEORIGIN
    X-Content-Type-Options: nosniff
    X-Robots-Tag: noindex
    Referrer-Policy: same-origin
    Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
    ETag: "37d-6079b8c0929c0"
    Accept-Ranges: bytes
    Content-Length: 893
    X-Content-Type-Options: nosniff
    X-Frame-Options: sameorigin
    Content-Type: application/pkcs7-mime
    Cache-Control: max-age=3600
    Expires: Mon, 01 Jan 2024 04:38:54 GMT
    Date: Mon, 01 Jan 2024 03:38:54 GMT
    Connection: keep-alive
  • 18.158.88.249:443
    https://frookshop-winsive.com/redirect?target=BASE64aHR0cHM6Ly9ldmVyeWRheWtvYWxhLmNvbS81MC1saWZlLWhhY2tzLXRoYXQtd2lsbC10YWtlLXhsLz91dG1fc291cmNlPXNuYXBjaGF0LXhsJnV0bV9jYW1wYWlnbj14bC11cy1hLWVkay1saWZlaGVu&ts=1630726999150&hash=--LAMlOvlPCJXitmVUhldv952U--2h1U1tG7IEVmSBw&rm=DJ
    tls, http
    IEXPLORE.EXE
    1.7kB
     6.0kB
     14
    14

    HTTP Request

    GET https://frookshop-winsive.com/redirect?target=BASE64aHR0cHM6Ly9ldmVyeWRheWtvYWxhLmNvbS81MC1saWZlLWhhY2tzLXRoYXQtd2lsbC10YWtlLXhsLz91dG1fc291cmNlPXNuYXBjaGF0LXhsJnV0bV9jYW1wYWlnbj14bC11cy1hLWVkay1saWZlaGVu&ts=1630726999150&hash=--LAMlOvlPCJXitmVUhldv952U--2h1U1tG7IEVmSBw&rm=DJ

    HTTP Response

    400
  • 18.158.88.249:443
    frookshop-winsive.com
    tls
    IEXPLORE.EXE
    1.3kB
     5.8kB
     15
    12
  • 96.17.179.205:80
    http://apps.identrust.com/roots/dstrootcax3.p7c
    http
    IEXPLORE.EXE
    473 B
     3.1kB
     7
    6

    HTTP Request

    GET http://apps.identrust.com/roots/dstrootcax3.p7c

    HTTP Response

    200
  • 96.17.179.184:80
    http://apps.identrust.com/roots/dstrootcax3.p7c
    http
    IEXPLORE.EXE
    369 B
     1.6kB
     5
    4

    HTTP Request

    GET http://apps.identrust.com/roots/dstrootcax3.p7c

    HTTP Response

    200
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    747 B
     7.8kB
     9
    11
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    967 B
     8.7kB
     13
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    987 B
     8.9kB
     13
    13
  • 8.8.8.8:53
    frookshop-winsive.com
    dns
    IEXPLORE.EXE
    134 B
     83 B
     2
    1

    DNS Request

    frookshop-winsive.com

    DNS Request

    frookshop-winsive.com

    DNS Response

    18.158.88.249

  • 8.8.8.8:53
    apps.identrust.com
    dns
    IEXPLORE.EXE
    64 B
     165 B
     1
    1

    DNS Request

    apps.identrust.com

    DNS Response

    96.17.179.205
    96.17.179.184

  • 8.8.8.8:53
    apps.identrust.com
    dns
    IEXPLORE.EXE
    64 B
     165 B
     1
    1

    DNS Request

    apps.identrust.com

    DNS Response

    96.17.179.184
    96.17.179.205

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f09b91d00a049a74bdcdebcd00e11fc7

    SHA1

    39a0977d179bb8c2b7597465c5011475707efdcb

    SHA256

    de0f24b20b369d9f6cf13e5275ecb452e779c85e88edd0497fdf9e7b060ab811

    SHA512

    18f3aaebf173f55bd16e8241929cfcdcc8aa369599c72f7986b57ece458894db10821347b24d1f5b218a906dcb96b20e4c2d217403c48ae74318c1afbd5c9548

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    69b7f1b2b93d9e51e6f1d574c4a5fd8b

    SHA1

    8d2b49a54fe51084340428c906b4ebeb7b8e2a8f

    SHA256

    484513f034ddf66fd3f73919207609f0d3061ecef7cdd23b2c39ce368f1371b0

    SHA512

    bfddca630aa9d6a7cf44649d90bfbb37da09f50f62828cd365c2d6634d84183b89dc513e73f5a88197d0974ad5c5c9b7459828d975d040c435b6d9889c31e44d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ad0c62b0d520f85bee6e1e1b074ece5b

    SHA1

    7b40d3447193b74436a7d4a2b72e042165a81678

    SHA256

    36fa953661dba7bbb01d37c0702af3ed897a2133e5554194dfe2cb4b3febd2be

    SHA512

    28b6e46833ef6ba073c7410a53475e8f6d4107076c0cfc40c3f07255d6ba37a1d72f5309e5ca1faf7b8338fb2dc304847b25a977aaf81d03bdfa036b3d997de6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8f047c186271583835af5e2029f298f0

    SHA1

    0fdd1c4d61c11ecebed2e9f23ff339c96dbd707a

    SHA256

    10c09931ac73ff1e7e2b45edd95db25742dfdb585c1018631b40d961efd9fbe3

    SHA512

    39e47c5e55ecc388b5ccc9e9d32e10974ed45d62c293d65469942577e25637c353937d3cde7a2ddc52753104f0de2c9229109f78736e890992b6cd245bf00e09

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1df7151d2d55a26de199883911ab2ca0

    SHA1

    f70087e6eef8162b4da7e7b310288755ae401f52

    SHA256

    60b80d9b149ca660b47bb507bf8e9d33f22258914c91ecb64d6aa20d6407c20e

    SHA512

    de5f1e7b59d033625620b7f9d25055b1dbb24d4cc7988f4e6f302a3ac10d76b01156f4e39f9f30bfe7f42a6a9cabc45d4e12ebd6c89bc951f55b44fcfe14cb11

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cfbedbb7eb0e56209e3c54d6a07b3ba0

    SHA1

    07e9a4bff62e1047bb126b4657aa264772437980

    SHA256

    5114f362a0a0b22c7e179d77114fe87b6fc3c92b6b15f62dc58ce0f0c6256bc9

    SHA512

    1c38f37a096c622140d415326f7fca6875a8947d10def351973fe1f8d333ffbfd4c12b523e06f61bb87ccb6bd3c5b44c4e8d0edd0616ab5b0012c832912ca894

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5d844ec9d88afa12c6ad4c41106f5ea7

    SHA1

    4c3c4ac984621a34432a06fe5f002f062d3a775f

    SHA256

    d453b3b752ee22c8da02587fdcbc414ef3d73c3603d5622fb3d72b919812f23b

    SHA512

    44656d98469a234f1cf44294cab619de0f6a33bdbc2fe4bb46c513fc8d9ad6708621dd52de536559a59e89b21889a0854fb6ff4be50a4bc560a9b77ba1822030

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c7b4a117e152a78af2d4549e559dd6f8

    SHA1

    74f700e1d358a002d943fbad71d244b079a98325

    SHA256

    e7ad1398c55505fe0ea985abda007796ed8f9522314a52b1e92e5f0abe1b90f9

    SHA512

    403116e1c26a35a672178e0aa4ce3920c54aa1c8e263bb5b56847bdc4bf212f5fd29cea48b23096f0017dfe11dabcca0c1cc4c2eb939e7bc81430216b99788e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    58d13d3fad3617c26100502330a4e607

    SHA1

    c3f29d58b0e772f3cb101d215fbd41a788cfc14f

    SHA256

    13042a55649e349b97b79148d6f1bc6376078f5298cd0fbd45e010d8753fefe2

    SHA512

    f47d9351a631b39f01753f47b10fd69705e9375a15de66ce39b28ae4c2c2d01bc0e2c8e0ec016ea3d5b35723c95acdfa45586046a8d206b1af65e4ac2381fb11

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    95764801e5241e400ff8486b1fe4f4c5

    SHA1

    dec5a3fb6391d3f5bd488ed24f68dc1ab77a9637

    SHA256

    cf6a4168a4085916cc794aca19d4c12b0b4c54d16dee384218e08dac07213c10

    SHA512

    dc14036162dfca6841cba47b8468cc0374e189d7c161cc4606eed931a6aa564701e8eab56f092fa141a237449789acbc5f4f3cd8cea7d7b3a9673ef39c212134

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ff00594f53f402dacf564a4d803a9487

    SHA1

    82f45be455036a0b5aa53d5819e23b33d0aed6af

    SHA256

    3dbd909093cf2e75dbe0103e6854d669b6959107fb3f5a4223f56b3f5757268a

    SHA512

    3463e7d5c08a33adccbb79a8a41706ef7fe81aa1624856550d97eec66563d2a6fae2a95de4c41ae89e5c0c9a4f131f15c509a353cbdb33aa2305d1b5bf87cd33

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4FB6.tmp
    Filesize

    45KB

    MD5

    dc38d629e51926a750b443772d7c8c65

    SHA1

    2868765523e76b2e6706f18ecb665f4631a00d00

    SHA256

    21a98ea45d4ca76fc03cd769b01345da379395b41295e1506644149d0a378883

    SHA512

    beb8198332e8771a0475a925a4b31a8a80df9a04dc889442d1a4e024b1b66709acc3e347d50af1868d5d0c351d489cd454fc2523f752ea9dec56b9a9d6048ef4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar50A5.tmp
    Filesize

    33KB

    MD5

    c3c3551ea2b2434a21929dd6d54b81b4

    SHA1

    5c6ac37d31bf9dd6c98ef3f6c87b84fbf25f0479

    SHA256

    2955e267ea57c45e19a8a7ef8fc75563f7e9adaef2f5778b92ef89ddce928e9c

    SHA512

    d561c58bfc9f7f13143ff63efe88e1001c017f44c8cacfcf942a0a3c8abae546a80426945417a58aeadb9153c3e94642c75a9e9c7bcc6b0b39269a0a854bdb22

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.