Overview

overview

1

Static

static

1

37e56151a1...2.html

windows7-x64

1

37e56151a1...2.html

windows10-2004-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    158s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 13:24 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    37e56151a1887d3d0bcf3ab52c9bccf2.html

  • Size

    2KB

  • MD5

    37e56151a1887d3d0bcf3ab52c9bccf2

  • SHA1

    e31525a64e85da1eafd7ef5cd548dc6dd8b1a11e

  • SHA256

    a7c109aaddb907e6dcd95db69cf41168c507c9ef6386c5ce9ef1b4d76d765233

  • SHA512

    b3c37cb8382d604a08383d65da6b3bfcd801c187fa989a09a120c212e4ffb94be315664bdd410f5ed48f9dfffc32337069d8c109428ea8a5e0a8694c52c5f009

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\37e56151a1887d3d0bcf3ab52c9bccf2.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2632
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2632 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1308

Network

  • flag-us
    DNS
    bxt2.shaperal.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    bxt2.shaperal.com
    IN A
    Response
    bxt2.shaperal.com
    IN A
    50.28.56.190
  • flag-us
    GET
    https://bxt2.shaperal.com/?utm_term=6969917419531796849&clickverify=1&utm_content=fdc2c69a9caf9dad93919891a6919c95babbcdb9d0bfbc8c808b80b1808582b5ba8bb9ba8e8fbd8d828380b08687b6b19aa9ac99a7a99ca4a493f6f0fae4f195eadae8d8dcd7dcedd5d1d0e1e6e7c1
    IEXPLORE.EXE
    Remote address:
    50.28.56.190:443
    Request
    GET /?utm_term=6969917419531796849&clickverify=1&utm_content=fdc2c69a9caf9dad93919891a6919c95babbcdb9d0bfbc8c808b80b1808582b5ba8bb9ba8e8fbd8d828380b08687b6b19aa9ac99a7a99ca4a493f6f0fae4f195eadae8d8dcd7dcedd5d1d0e1e6e7c1 HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: bxt2.shaperal.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Moved Temporarily
    Date: Wed, 10 Jan 2024 17:25:22 GMT
    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
    X-Powered-By: PHP/5.4.16
    Connection: close
    Cache-Control: no-cache
    Pragma: no-cache
    Location: http://ww7.shaperal.com/?utm_term=6969917419531796849&clickverify=1&utm_content=fdc2c69a9caf9dad93919891a6919c95babbcdb9d0bfbc8c808b80b1808582b5ba8bb9ba8e8fbd8d828380b08687b6b19aa9ac99a7a99ca4a493f6f0fae4f195eadae8d8dcd7dcedd5d1d0e1e6e7c1&usid=19&utid=18436733776
    Content-Length: 0
    Content-Type: text/html; charset=UTF-8
  • flag-us
    DNS
    ww7.shaperal.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    ww7.shaperal.com
    IN A
    Response
    ww7.shaperal.com
    IN CNAME
    62971.bodis.com
    62971.bodis.com
    IN A
    199.59.243.225
  • flag-us
    DNS
    ww7.shaperal.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    ww7.shaperal.com
    IN A
  • flag-us
    GET
    http://ww7.shaperal.com/?utm_term=6969917419531796849&clickverify=1&utm_content=fdc2c69a9caf9dad93919891a6919c95babbcdb9d0bfbc8c808b80b1808582b5ba8bb9ba8e8fbd8d828380b08687b6b19aa9ac99a7a99ca4a493f6f0fae4f195eadae8d8dcd7dcedd5d1d0e1e6e7c1&usid=19&utid=18436733776
    IEXPLORE.EXE
    Remote address:
    199.59.243.225:80
    Request
    GET /?utm_term=6969917419531796849&clickverify=1&utm_content=fdc2c69a9caf9dad93919891a6919c95babbcdb9d0bfbc8c808b80b1808582b5ba8bb9ba8e8fbd8d828380b08687b6b19aa9ac99a7a99ca4a493f6f0fae4f195eadae8d8dcd7dcedd5d1d0e1e6e7c1&usid=19&utid=18436733776 HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: ww7.shaperal.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    date: Wed, 10 Jan 2024 17:25:23 GMT
    content-type: text/html; charset=utf-8
    content-length: 1709
    x-request-id: cd10257b-4eca-45b7-bb63-06b5294582b2
    cache-control: no-store, max-age=0
    accept-ch: sec-ch-prefers-color-scheme
    critical-ch: sec-ch-prefers-color-scheme
    vary: sec-ch-prefers-color-scheme
    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_k+b0wMuioBHn4KQqt9sS2e2b+LBMmTd8eZiYG9lAmkIrMw79d5YBqBK/EX8MBXwHnM+7td4E0vIrudNdtSyTJg==
    set-cookie: parking_session=cd10257b-4eca-45b7-bb63-06b5294582b2; expires=Wed, 10 Jan 2024 17:40:23 GMT; path=/
  • flag-us
    GET
    http://ww7.shaperal.com/brRxQAYXX.js
    IEXPLORE.EXE
    Remote address:
    199.59.243.225:80
    Request
    GET /brRxQAYXX.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: http://ww7.shaperal.com/?utm_term=6969917419531796849&clickverify=1&utm_content=fdc2c69a9caf9dad93919891a6919c95babbcdb9d0bfbc8c808b80b1808582b5ba8bb9ba8e8fbd8d828380b08687b6b19aa9ac99a7a99ca4a493f6f0fae4f195eadae8d8dcd7dcedd5d1d0e1e6e7c1&usid=19&utid=18436733776
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: ww7.shaperal.com
    Connection: Keep-Alive
    Cookie: parking_session=cd10257b-4eca-45b7-bb63-06b5294582b2
    Response
    HTTP/1.1 200 OK
    date: Wed, 10 Jan 2024 17:25:23 GMT
    content-type: application/javascript; charset=utf-8
    content-length: 32103
    x-request-id: f916567c-3559-437e-b2bf-a58e909bef66
    set-cookie: parking_session=cd10257b-4eca-45b7-bb63-06b5294582b2; expires=Wed, 10 Jan 2024 17:40:24 GMT
  • 50.28.56.190:443
    bxt2.shaperal.com
    tls
    IEXPLORE.EXE
    1.2kB
     2.1kB
     12
    8
  • 50.28.56.190:443
    https://bxt2.shaperal.com/?utm_term=6969917419531796849&clickverify=1&utm_content=fdc2c69a9caf9dad93919891a6919c95babbcdb9d0bfbc8c808b80b1808582b5ba8bb9ba8e8fbd8d828380b08687b6b19aa9ac99a7a99ca4a493f6f0fae4f195eadae8d8dcd7dcedd5d1d0e1e6e7c1
    tls, http
    IEXPLORE.EXE
    2.3kB
     2.9kB
     16
    10

    HTTP Request

    GET https://bxt2.shaperal.com/?utm_term=6969917419531796849&clickverify=1&utm_content=fdc2c69a9caf9dad93919891a6919c95babbcdb9d0bfbc8c808b80b1808582b5ba8bb9ba8e8fbd8d828380b08687b6b19aa9ac99a7a99ca4a493f6f0fae4f195eadae8d8dcd7dcedd5d1d0e1e6e7c1

    HTTP Response

    302
  • 199.59.243.225:80
    http://ww7.shaperal.com/brRxQAYXX.js
    http
    IEXPLORE.EXE
    2.8kB
     41.3kB
     36
    39

    HTTP Request

    GET http://ww7.shaperal.com/?utm_term=6969917419531796849&clickverify=1&utm_content=fdc2c69a9caf9dad93919891a6919c95babbcdb9d0bfbc8c808b80b1808582b5ba8bb9ba8e8fbd8d828380b08687b6b19aa9ac99a7a99ca4a493f6f0fae4f195eadae8d8dcd7dcedd5d1d0e1e6e7c1&usid=19&utid=18436733776

    HTTP Response

    200

    HTTP Request

    GET http://ww7.shaperal.com/brRxQAYXX.js

    HTTP Response

    200
  • 199.59.243.225:80
    ww7.shaperal.com
    IEXPLORE.EXE
    420 B
     52 B
     9
    1
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    1.1kB
     8.1kB
     12
    14
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    1.0kB
     7.9kB
     11
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    775 B
     7.7kB
     9
    11
  • 8.8.8.8:53
    bxt2.shaperal.com
    dns
    IEXPLORE.EXE
    63 B
     79 B
     1
    1

    DNS Request

    bxt2.shaperal.com

    DNS Response

    50.28.56.190

  • 8.8.8.8:53
    ww7.shaperal.com
    dns
    IEXPLORE.EXE
    124 B
     104 B
     2
    1

    DNS Request

    ww7.shaperal.com

    DNS Request

    ww7.shaperal.com

    DNS Response

    199.59.243.225

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aa15850af8fb6c6ea2f06f13548897b1

    SHA1

    53be5bc926c0c58802a43cf5d856d4982b4c1d5f

    SHA256

    618c9cfec1e5cc21dd4ec5abac9fb6193848d27e345517c74d458d00cf0f0fb9

    SHA512

    d34d730c8949c7f0f93c1b6ec1c158f919c05556561fc892e7c51e7e9db9213b94c369e64b02183f71ebd98a5fde9ce3df375d7187e882f6017bd55992c78386

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1aa83736e44eddafc59d7c31b4b6c0eb

    SHA1

    d0de4b3be1cad1115e006f797ce845d8bb6550cb

    SHA256

    d83c488ec1edf2cee03fbeea5056b9aa665f1088a334626bce89bb02177e9e91

    SHA512

    e7fe3ef220a8aac6d13a2acacb3e397e660509b1f7110ad6e3920dca5676e507f9773ba5b88953cb7ff3e71a5bb4c715f913e0f2f9e35074bb8469d6e3824d56

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1d0bb95f018c4ca5ba36314e4a25920d

    SHA1

    0fdb8f22f0c7a8f70881b66f9199c9e4c6bad2d4

    SHA256

    567780047693ab300658d392920b91ba892429e8f3abbd0eb5a1e68ba305b469

    SHA512

    1236544ee9145bd3750053e5a3624bdeb5814a5b71abed3db9f4791548b01cd1d73be12ddda222befa15c15dbc62e7bf9cd573f8fb84831cf198c6d3132fa572

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1c5dfc90238077e0c1abf7f7253ba2b1

    SHA1

    0955b9832e0bf1c7b6a01a57cdcbe5666e2c293d

    SHA256

    28be13057bcdac744f62f28a1aa0e02c33869af2245e6c52f5376f0677187d24

    SHA512

    008dc4be862c06ba6c177de265a63adefba2406d79f474879af60d21f04660cf7056a823a28e83990fbc98c4d1c89c7da67cf16ddb43f3ca7e2957d510a6113d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    301d5e935e73afaa6f358b27a9211819

    SHA1

    18785fcb23d8532b33d3e8fb13c39aabff4ab10e

    SHA256

    4826a2c0219954e2a11fb9c2697811430bf1780e342be1e85c947cbe235f2806

    SHA512

    bc3af78649861cb9a6ee469596059d4424751d4d454ce749611b22bba055bc7ed5c4673fc4c0a9a0221204c2db6381896ba32d6a4935385b6ce84a1c73314691

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1372f0a9db3d4abfa4d5217b95af2b14

    SHA1

    0728e901e7dbfdaa0b3834249fc968028450bdf9

    SHA256

    4a67905388e159b59f84365785a1d8f57ff0afc2759f49f2b3dc162363bb84c4

    SHA512

    e8ecf5562ac17948ac459fe9dd4070eebe6c7bcc68b6d6a26f3045d5858f1dd66aff58b8bd9567e39d048c0109ded67a7ccf477b10b93f17d55a117474331fda

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    195a116421aaa28036ae9f51901ed860

    SHA1

    d4a6741f64461b1bee2c5e825492f967af29c0e1

    SHA256

    9e41988251fcd25f21aa04162fa2d8ad9df5f841d93dfcb769905aca5e226eb9

    SHA512

    e2b611d4f0f7eb343ffffd8837c9439f598d6f21abd91c7f48eeef216a861001fb1095d1b6f6d27a3108b1db1cf3e847f9ebb18635adef9b026bb3a8ee0577ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4ef6acd914eda887fbebcf947a365539

    SHA1

    580d13201b518b877ece7a6f85f45469d11cfc06

    SHA256

    1035e37892ffb5d54734cea84c9d15980b4fca02a90c81680dc99c6eed43e1db

    SHA512

    a08742e95464fb253fca97d4115f6b43bc34010fab7c170be12f8061a0d325c674e33b2e38856693cb5a8eb35649731ce51427ad0ce701e287f7e1f4e92d5bb2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ef59d51516dceb923e454ff57211060f

    SHA1

    5d6afd9f892c4cdc7bedae68ff4bcb80316e6a69

    SHA256

    6bfe4645aad96019dcb71e72b68a62d1e53e39797f729c8bc25bd29ea817f4a2

    SHA512

    6ce32eebe508a0160fed665bf9abf7f317358ed940ba134584d2fdde886c7b85ef3749fe84e9201ceb493e1a2ffe5ce81d6edb544e02b88629ffd449f6bbc5a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ef01f890005b7b467b99412c01b44cc5

    SHA1

    e51f75613d4d0d287014dbd2738423053b32fff1

    SHA256

    4f301c656fbb3c2530cf4890ad326ee5bbcc0202875a4d0c11bc44e5ca711241

    SHA512

    1cd12cc443116868cc39824955d62b5ba188a1e43c871cc25c1a28cd4cf1804e0dbf65d937c747455fb946266ab550a1ad2d655aa64fa75c56fff8028704d56f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b1afb52c163102f27d64ad64bded2ca4

    SHA1

    a9722208777dce53a3380f56be0fb8558b358a8b

    SHA256

    d4be693f117f2143acf30336c65300f5a5167dd998b774a1147d7d064d663cad

    SHA512

    7fe2285e48a5c1d60070c003c4da1d9ab16c4d7887ee1c884df14890448418f448041f924be8eafd32af686f7d4e65e6bfff153f874b35eed21d527739df4fc7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD8E2.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarDE52.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.