Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    22-01-2024 03:37

General

  • Target

    qs.html

  • Size

    1KB

  • MD5

    1f8a533b1761fd59231b763303647650

  • SHA1

    8f4f75b6b7228257b501c6b3f990d27c55ee1b7f

  • SHA256

    1a962c7395d596113445b2b7fa0efd5bde4b64a413aa528daed9b7327aa2ae07

  • SHA512

    f04535920dba1a820b1253c61b347bde4d14307258b1ecf866b9f481045cef074307500bdb1c4bb5bfe4f9a22811ba79df42f38141df15d3ae332b445095ad1a

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\qs.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2932
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2932 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1948

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    a87d9dfd890338b1c48b8f3f998cdf51

    SHA1

    c00227adcba23fe94ccca0add6cf863592bfcb77

    SHA256

    d3ed6b18b962ba8c6d0d14ef85bedc6f11c06edf5d102142cd42626a3fd53443

    SHA512

    eb38cf7de56a2c55c45770802cdab10da3e8b4355f77109d2a221a9e08ed9ced947e6eb44ee608bc55ae292278a77107c0e9fda5918ab163f032612af6a8a35a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    51d2f98b1f231ee26b81377c20622ccd

    SHA1

    4e94b0b016279debbade28c24add3124f157b19d

    SHA256

    53825c781fd37168c2660b0b5b92bf561dc4d54ef6dd61370729a92cd13efe42

    SHA512

    1f6f640d7c9fea9c29c63b2b31d295cf92806ed0ee9878e86dcd34f51e4c345b9ad13ba321b5ab7e3938570e1620f4b1d58951585c4e8e3c7c9abe101964637a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    026de2d5c8ffa516ab818475c0739f57

    SHA1

    2cf2702c0d7cba3a8b97c94e769c0acaad8aec3f

    SHA256

    a81d0ff1e402c9ba422c9182d496dfb690dfd275a198fa36f5f7430778c54451

    SHA512

    ddc51b046f40fafc40372437d495520874f532cb191a353675d7a1e124b7aee6106c74636d7931b32cfc994d61d5cfa74e52b4b58d468a9d735ed58444c81efe

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d24ba7add75d48a6a4f6ade7a3ce194a

    SHA1

    44ac0f6ce8bc735c80b8e6798f7570ab6fdc1ede

    SHA256

    1ef953a941d12dff7d23b2d64022e3538d36d04bf2fd58ca0323f7bd41dd0e02

    SHA512

    8e85d18e5202c5c3c4d83cd6cc4a3e5c8cf6a1a4141cbccdff2495736ddff4d6f15ec5d76e43776fed50322c6b716c168dc3c0a104b0830b485a35b31e57ad08

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1bb2eea17329e29a78b531f5b992ab80

    SHA1

    2adf873a4d430e6a6ffffb9ea5f0ac056d9b22f0

    SHA256

    88ec65c2894c839935bf82a5049f7fb4c6f0f29bf352fb448e0924aead8b7982

    SHA512

    34848d0c46046c7f907f927a2e90e1dc537c3f4ebe6d027ee3200edb05da3d6f1cd2c9a241c01c799ca623055d20c487ebf875d7b576b4a898846c7d4f0c1399

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4f0fe5c5af1c41182d662ec52dac2282

    SHA1

    2f30aa7d99e9dc300ffcb2c60543e697432721ec

    SHA256

    88365bd330a5b63c8807c8f19639a943905e812e5ce68058726be1bc676462cd

    SHA512

    d98d06ba750390d89debe8303013f68fe8519f41a05d1954f08eea6b5aecf6216e3759f271acfe25947d3ffb26aae1c760660d3ebffd58b0d73fafebe94588b4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    506d0b059ecf1a95ca22cb36961fc970

    SHA1

    dc1dc157cd1af5b21dcb204e3825b449f0ba649a

    SHA256

    bb2c0af693c7c9019fc682e855852c46febdff486655dc4b56ba08cdaf347afa

    SHA512

    d0abae0544863345b4621c99c014a453127a29474b80758729a5012e78080dcb3eac9f194540cee7d5712008fbb11ccbf8cf50f1c080365dc47359f5ce73fc78

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7b238d6013059071f9df8069ff72dfe9

    SHA1

    bb6c5019371691835d5289430e5a4d1232caddaa

    SHA256

    a834840300e5e92c5fad5c469ffacb68a3fa8fbcd3ef09da11117e31ca78e813

    SHA512

    0dd9232a913aaa00d4f1461c0e123f82bc62a826654366052bd0169ea58890378f5ea9a913e1cb9200795948cd78c04e606646be3cc489c295a9eeb9b251e5f1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    65fde50ea66a094afb5a825a2d2568e8

    SHA1

    6595113427ff1bd6f1c5c6f5752b3da64f95e986

    SHA256

    c85f41ca96094005a066c1f3b5a0c2a38a738f6658cfc958801f50e2f5f8cf38

    SHA512

    19f96b63ba20cbb989702506508639234a4671cc3ba4608539be3f21d73d93a41328636bf23b0a174d7c20362bb575cb2c4b45c79dc5fc11180d1d6962ef2d06

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ccce599212dff7259641d219b078b1d2

    SHA1

    c325dc8954b9d8030fe67930848e8e1fe87c7331

    SHA256

    cf56662c1c61fe3badc7ec5769d2937075d2d50204420ad61038487b90157158

    SHA512

    eaf3000546c60ac182e2f24db46a22a3071add873042e0a76a16adf97dcac1be4e58f162d0c8ce093ba4f08ecf1b76a4cb1b0fe375c0a6f2e4b93163163c17d0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d68ec3ca1078a3f0f0d5bc72751c7ff1

    SHA1

    a3f3b4c67116a31da02751ad1de38fb9fc5c2adb

    SHA256

    73337e9f862e78a1abded48bf4f12329219f5de9b182cd23f28e9b4245018ce7

    SHA512

    112bd5f5e5e38475cf83e9045f35db67cd7593ff9441291532a939c023e5ea40d516a822c45bc0db45c4c5f815b9f3fc4a3bce105525cf62899d8485f54679c0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b597e2078e962ec0431072565b4cdb98

    SHA1

    87ce66186446c4011e5b6834b3474e73ab82df85

    SHA256

    05ae49d598cef0b307659d0f4b9f10ec4c3f1a132ccb1d4a15dcc7c5c2531d77

    SHA512

    9c3c08ad9f36e182ff1a6c4344256f6b42726013342b0c29211601e9ef48687f770e35850ecb2e56440f8b79573e2440e3c2aa7a63ea94a32e58af0cf2f40176

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e56de4aebc23f83eb078bf8e494c8e49

    SHA1

    2f9285daca51b037e6e25b4cfa7aa9a1d49a0e21

    SHA256

    b2408112763c8a5f6309331e147dfe4c6e03a63a569f9242afd118b8146f61a8

    SHA512

    b21dd2ccaecadb5b5ef0c3e35055d61a170ab1ebced370efc1e9edc8360120ecabf78da9c4f89fbc603872f3efbbd68c2ccaedcafd88622615d01aa5f21f7926

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4019b878273e4bb5215095c3096e4441

    SHA1

    1b1b3848880e7cb5671a1b00f7211301d708c4c6

    SHA256

    d35e23734419c60a5c2c17239a71603f3aa496ef786ff10a7d65f15b0529a677

    SHA512

    6a09f0ffb0bd7e7e12560f31c67eb440c048da656c1f0a305b7675dcc8c54f352eb29a4686e9935a5dd2453fffe7baee028585d91d578623d275357f738a0fe8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d14d941af8ddc723e9643c9e4c8ddd2e

    SHA1

    f1d11298982373eb6bb2f0f505dbbe8ce15b1010

    SHA256

    16b8dba3593b6cd14ded05c8fa838177ed2f756d76e909460a4d47520801df5e

    SHA512

    eb15c425a62024ed1d3d74aa045788107d0446b95669a0631f4eb0c9a0cdbe4d03fedf8d669da6be7962a128e5e031f12a39306d26eecaeb4a1c93b36d64fe41

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8643a3bbdedfa23f5e7bbe8ceeec8cbf

    SHA1

    a70bcbd9a5bedb0fdc1b153a25579bf88fd1089a

    SHA256

    2e9eea35b58f1e10a690fd14368ade2a34ee9673042b4b245c633529ab2f246d

    SHA512

    dd02ed38fb202531bb4fd5f346f58a6de75e0e766ada484fff6b1c4cb088d2819fe475fc0c3edd1bf8c8f47ac0dfca114a55bad468602add96f2d44968b3b9dc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    08916645093eac7f4a9087dfc7c036ed

    SHA1

    5365118532cb4e6796856c8dfe8122383e964739

    SHA256

    78e32c23a396be5069e3441a864fca8bced0a34113e2655b1e21849382a72736

    SHA512

    5049224a19eca30a315cf23beda2a644c1efdca1b64e722a6c2d54e6f556aff450a0a3b2a37b94cc40adae5aa6d8e03dc2f7350a6e024ee82965b8826b696b15

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    782e3662e77fad560a8c0a3cd3bb089e

    SHA1

    65656e5bc4a7b73bb1618c3d10fe6ae92910186d

    SHA256

    924a0b3135cc4d73d5a4820d623e721fa8d052aae24a511cf4509f95c057a6f4

    SHA512

    489b2aceeda5903a6efafa545bc4072becfb8801dcdd7d0c4067724e8ef6db86593f79b83fe03b4a0a854c267b307ee196ae017e1c40fcc7312d56ca2c543601

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0b4315279f8194a42fb42d38e74c95e2

    SHA1

    2282af95c534c972a6eaedcd0f44f40f9046ae61

    SHA256

    3efc5ec1f8722484ca7318624165721fd65f94e940a149cb0ae9ec09b4dc7d27

    SHA512

    045c018bd768b20680559d327f90962a536e20a893b46fcd75d0bb5ce1fad6e0880f9879808d9d7144d3620fdcd9842fe37b46c29d23a8bac89a5467536cff74

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2bbec8340e4c0bfee156c4f99bfd225b

    SHA1

    de3509a057f22a9a489a82cd33d4b4e38d2dfc38

    SHA256

    622978590b325ac4d7d605babf182acbac5a42cc277e9c7d174172c88dc06fb8

    SHA512

    d86662ddbcbec442035cc395b43edda99a0c883866002bd61144c857e2513693bf0bedfd4e4b6ffbd9127158918778c5c2cd5d42e012df831afc5b1f1bd3b849

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    f70b185c96d7ad6872e2a57e9adf0bb3

    SHA1

    6d279bcd0e4e32b5f84462e2cc16137930f4e362

    SHA256

    a3d1e622f2714bcd563ec733b0c595a7511b59c1a49a88b760580e44109230fc

    SHA512

    ecd5bed7814ea8e6bd0a4623b108c8d02605ae278ec3e99573bf4088c43729d1d99494db091cdd766b08a9ca44ec56a62956dd4e263485e0ccf7686fc387e269

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

  • C:\Users\Admin\AppData\Local\Temp\Cab140E.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar152C.tmp

    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06