Overview

overview

1

Static

static

1

36e79de3e2...f.html

windows7-x64

1

36e79de3e2...f.html

windows10-2004-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 12:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    36e79de3e264a8fc4c71baaeb411559f.html

  • Size

    1KB

  • MD5

    36e79de3e264a8fc4c71baaeb411559f

  • SHA1

    57bf0453f65d797c78a75c7aea8cb1f048a8e195

  • SHA256

    b850ac7114e06c2100849534395a7ae9030843a8e4d02d2fbb702ce2da051cca

  • SHA512

    cffa94b8d24eb0c7c1ab0012b02a99db330a9713d19bcda1c35f1204d529ae2c88bf32dbb8e58f8d4339a3f8244d0e10e41e85ee4681a4ff8b42a18715ba2847

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\36e79de3e264a8fc4c71baaeb411559f.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:304
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:304 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2404

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          6b0713b07676fd104c6df88543e850d0

          SHA1

          cf6fc2bc40cad9913a2def7fd5025ad4a085e404

          SHA256

          8dc839f17d507f4ab6f07af4e02d6ff3e541f0d5a4fbee00ff114f9f41e166a5

          SHA512

          f4a42a9eda8875e3b192cdd7b010d25b82f69f2d77f7280674d386743cecb614124059df258cf80d67388cdae18ed33eac0c0b5ad1a389d62432810969e5c416

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab8019.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar968B.tmp
          Filesize

          93KB

          MD5

          ac61eaa48255890d137c13baaf731c5f

          SHA1

          f9ae28f6c21358660ec40239618f6ef9f6b333d7

          SHA256

          a1535f48249efcf97d37e825a27275a4e0d7e4ac51bceb4ff1262956c6e48c2a

          SHA512

          e36257b46ed34c2ee03231464ec70d889d35ea9f7f9255ea8bdb062838df8a4331fb6e8808bcf52323e4c26d6c6e9be8af4babdada794495237fd51f75b79449

          Download Submit