Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-02-2024 07:54

General

  • Target

    9171fa6a0730bc46d49f7397a2a730af.html

  • Size

    56KB

  • MD5

    9171fa6a0730bc46d49f7397a2a730af

  • SHA1

    676beba6c566c674487a3dcf9d42c2e875cb53a8

  • SHA256

    6185c82b2ae9f30decce6ad3864b4741c4397f74e285066de14cfd9bd32a83d4

  • SHA512

    7f11073646fcbe69a7c5792c47da05ebc3cdfccb3cb8513c920abab47f80e8944f7aac71ea222e1cce877affb252018edab5a47b39597a41256b038aa809661f

  • SSDEEP

    1536:/HTupBtKQZPYHb2W+o/he3IWwdisjQ3nDaLL0ycygvb:CpBtKQFYHb2W+o/I3INM3nW0ycygvb

Score
10/10

Malware Config

Signatures

  • Detected google phishing page
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9171fa6a0730bc46d49f7397a2a730af.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2776
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2776 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1296

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    471B

    MD5

    7bde92ff965b73dc76190e608c2fbb93

    SHA1

    95547789d183bbf9ea20ef6ba4c6b2f0249fb30d

    SHA256

    821420f187b512f853c8b73d9439e940e6e04c499532561343a739717a9a76ee

    SHA512

    21406b04613e8be9f2036f5057d6d3de568ec1aa4eb6471cd457e70e6ddadfc3b988d5f4c2d316e548b21b2850944a78d75a44ec3bf929e71fe61fb6b0de4ec6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    404B

    MD5

    507e732b6646c77dd4d1afaff29fe5c3

    SHA1

    54cc838725e6a300ff88a92f828edc0fa3aad3df

    SHA256

    fbbb6a2a0fd922224fae6bd12548670842f318ae9d40f5b75fab929f947bb5fd

    SHA512

    c49e8d7c98447dae9040f89303abfac10817be87aef1f91071f4dddec23a3704128df88c967cddf2498453d5967659e3fc2ac1592c4b7b7e871ff75859f32787

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

    Filesize

    434B

    MD5

    de8647670bf656552991f479b2b58d33

    SHA1

    2770217270fbc7ad587c728680623bd88dcddafb

    SHA256

    067863f8f292e77a3728fd7df43ca5eefc9b69effafa0462ace52b7fae3d861c

    SHA512

    0c2bd82c9d720c5cead402bb73b5f2c2cff977afceecd31fbad4981f7bcfd474835c0b584e1219d9749fd8b4755572b000cf14fe50c679e0065b86b42f020d01

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NSWVVUXL\cb=gapi[2].js

    Filesize

    133KB

    MD5

    288c5ba5b7001fe841c32f690f62cc93

    SHA1

    29aba9d8e4f7cbe25fa5e64b9ecbe256e51fc789

    SHA256

    c2f33dc18eae27d4e878bf837dd97f1bde5151e44b0271408535bb93265b8c52

    SHA512

    e375d41344a086d35accfb02bb1f91e2dd383db032af387fc3d6b1230057cc5e432e9b2cdd976e51425b4f587391d42f4d9d857c2e6f11e822a65edcb85f1c9f

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R977VUU4\plusone[1].js

    Filesize

    56KB

    MD5

    1944af3661da46249991197817b6cd8b

    SHA1

    f952df40ec79fafc7c798f37aff92878977376ed

    SHA256

    63326a1c4e0eddd3501f0a064b06a2708eb0362f3ae934f53145978d3d0799b5

    SHA512

    0bef19b32be337cfba179ed9ce4533a207cfe645d2e5fe0da9fadc7b01c72704fc89749670d1ac48b8d494675bc62ac089fdc4d8495979226f10828225594376

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R977VUU4\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee