Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31-12-2023 01:02

General

  • Target

    227cd5635b0cde26d20faddc5535e54a.html

  • Size

    2KB

  • MD5

    227cd5635b0cde26d20faddc5535e54a

  • SHA1

    4927ce812e91b2c4001f08fa5ef957e77c56f257

  • SHA256

    e9bc0d7cfcfd7ccd578821f6807099041c7f3c12657dcb4dd179d0127d20024a

  • SHA512

    a5574928054f93907c5b4aaa6f14e1cca6d3f171128faa22a2e8b14899410465081f0b39c1e643725cc965f18ca839519b05dfb757b0d44e7f9578e63accf177

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\227cd5635b0cde26d20faddc5535e54a.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4e41147391101940679d8ae70286242d

    SHA1

    d2eb701ba66c6a9efc980c93b4131b8cda876cad

    SHA256

    6ae5b69a0c94032b71e5d89fa6a686fe3db7135f293c0924029b11c32a4442dd

    SHA512

    973beb31c7fe6f459677c09f6a7a5f8140a76288b0e5edf3ff2989d08f2256438c831ca87436fed987337245918a40c65feebe3a40fe87dfc46bf89a934eabac

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4dad60110d8331062e7d30cd7b4872bb

    SHA1

    a51cd9f8766be9f9514e3105369cf71e68c69955

    SHA256

    70477817c380e2546e3397daef68bdeb1e170eb9876c4bfd893f68fc18728ac8

    SHA512

    604297e898bf407635c7a8200258cc4d735e4ccb18a155bf4ac1cd08b477f02592487e5995b3847262a756f3e598c6410375c5dddae700c057b7b412b6aebb05

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    22b2748d65cfdfc5f17ced68e4536f55

    SHA1

    c3dd2d93d062859466338e4cde15b45de5ddde9b

    SHA256

    9133a8aa6a4a6868d8e27a823cf34e9444d0a6ea69acfd376c2084c8f5cb0a99

    SHA512

    4ed8c091ba2664aa563fb22d8f2353c77cc7c033d4f832de73ad138fa07898756fc41643f7628276aa1f4c8701ed4f19e164997ff8bbd9955c522c61dc18af3f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    11ab764b066991e116a4036902cc8b45

    SHA1

    42951e74ade3fc9c47b29f2dfde2c8cc42da7e15

    SHA256

    5d00b1bc5bd4b55f56053cb83d32328bbe4843a1adbcc51e08243b7f45463ad8

    SHA512

    843f75789405d1ebd8cb4a72547b92bf423675ab9f61d6f3d9592d0ab61556b6a1927aa02292d4ef288667da5bf2e63a641ec7219204dfbde0f03e0439cc6f89

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    503b75b70d0a9ae18f10337bcc507c71

    SHA1

    f5b2df47d3df4711f80239fcf024de2715d636a9

    SHA256

    046db61c9e6d1f157e838e0e35f44ec0b95144c9ad98b17c1222aa9d524479b7

    SHA512

    87255b9c548c83cc0edc757d8b1439bd194cc651ad4f5eb94f8fdc0d8e5996b24ad95f9c52934da944a99c7d2b215d91e5a6acea812954bad182c58f1911dde0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    943def96786230d8d2638f59cbb95049

    SHA1

    ce70a9683375de7f20297b1907a3c7e1d9064d9f

    SHA256

    ecd1aa81b27c6cf41bcf87b5e01676d63a26274738067fd36d75d18b4bb7a0e1

    SHA512

    7de3410175c16d68766959142772ca2aa800ad169c4e8af20806c5f02135758646210341532efd63e512c385d427ccaf9b2b32e4be1b394e12c2de8de8c0c189

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8724a92368dbd262bedc0cbb110e4ec2

    SHA1

    694b26e0cf3484cc937ed7840c85d63bfd11b43d

    SHA256

    a88fd38837482ceb39f4e9fbf553de4755c3cc86cdc5631f31421cd4fd99a580

    SHA512

    828748cafadc8b715d0cf3574fa795cec092cded9c4114f09e640ba75b10a4d1a1910c2d0873fbbe068ee9265384a4ec242fa151545ca0d0368a02d4297bcfc4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5cff927174a5a959568d8c17a406e086

    SHA1

    81442d54f2e9cec485b3cb300fe93ac5827ec451

    SHA256

    e1e82479d979dc7a3a6fecc55a095082a45ca22f6216018ef10466173b353906

    SHA512

    471ccfbb3d88fca0166f0fabc8627c5156a2bf6a889b12396731a47743e49b4229097f89f6f5245ee637f9e0c257db4bd3acfc5cdac62167cfc0a01eb2dcd31c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    144f6823d15b7da161f26d2b96adb80a

    SHA1

    4933d44a555bc742a6651de6050654f1d5dc7841

    SHA256

    02a2bbf43cf9897f9860fd4577893cf3f5b56ff5f100f598c25c49e18d1fb87a

    SHA512

    a74261800a909e248cf4997c1eb322b9c1dbc49e138d76948ea6621b36388b64026ba009bc5fe60541327ebc3554afcb8046b060d753559a994e15030ee7060b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9488e439571115b1f06023a5107b386b

    SHA1

    a6f28150d5f07a14c997b178955930b883d3f983

    SHA256

    dad0ac76a8df57ab4008bfde3b23af5285fd46f73881972adfd2ee53ca12590f

    SHA512

    9486ce13ff48607bf0029a1ef5af2588a9363acfe4551ff0b00976a0276e08b5b8ff8ac3e8553e23eb2b4a4c41ae2798a872695187fb866a44af044fd972a907

  • C:\Users\Admin\AppData\Local\Temp\Cab7714.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar8B26.tmp

    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06