Overview

overview

8

Static

static

3

IDM/!)ж.bat

windows7-x64

8

IDM/!)ж.bat

windows10-2004-x64

8

IDM/!)̻.bat

windows7-x64

8

IDM/!)̻.bat

windows10-2004-x64

8

background.js

windows7-x64

1

background.js

windows10-2004-x64

1

captured.html

windows7-x64

1

captured.html

windows10-2004-x64

1

captured.js

windows7-x64

1

captured.js

windows10-2004-x64

1

content.js

windows7-x64

1

content.js

windows10-2004-x64

1

document.js

windows7-x64

1

document.js

windows10-2004-x64

1

welcome.html

windows7-x64

1

welcome.html

windows10-2004-x64

1

welcome.js

windows7-x64

1

welcome.js

windows10-2004-x64

1

IDM/IDMFType64.dll

windows7-x64

1

IDM/IDMFType64.dll

windows10-2004-x64

1

background.js

windows7-x64

1

background.js

windows10-2004-x64

1

captured.html

windows7-x64

1

captured.html

windows10-2004-x64

1

captured.js

windows7-x64

1

captured.js

windows10-2004-x64

1

content.js

windows7-x64

1

content.js

windows10-2004-x64

1

document.js

windows7-x64

1

document.js

windows10-2004-x64

1

welcome.html

windows7-x64

1

welcome.html

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    25-03-2024 16:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    welcome.html

  • Size

    3KB

  • MD5

    dfcfd01cd1323e88e3c96c5249193f0e

  • SHA1

    7d9969970846c9831d4e158c75db86b56fdb1c89

  • SHA256

    871857877cf47972d457bd74ccab05da31cc58c9eb0471a6e15b97b7d68b8a25

  • SHA512

    cc101c59af5251287c8597db89dbbb90c5323d247bbd4d76b88c2219804d0a77edc180193ac0a13fe9de8a601a1855fccf03cb2b055a6ac902307cf59386c5ad

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\welcome.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2752
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2752 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2880

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a9cb527e40ec8b3c73d784a317c0e320

    SHA1

    6f1d251bd4295d3acb97b6c5920018aceb57e7a1

    SHA256

    2ad4768102b2e557d164f9da4169540808d15bd4d03e73dd26f5cd9d7f4edeca

    SHA512

    5a18c153a2a5172f113c43c60fa33ebb7968c0f8bbcd22cdc06e7123da7f3ee307db8a89a8fbd3f4240344394c736a23d04ddd37e6fdf7a9bad128eeb4384d8f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fcae3391e5bb945313f7d652357080bd

    SHA1

    4ed5704bfa1092710a7edc7a76fdde6361376178

    SHA256

    34e9b6638f32326a986af2c1de56bc09e950754ade95ea627b20332daef34033

    SHA512

    50b054893c4d539b42326f60061a473bcf482d0d9e6aeb1e6b0affba06dc33725f38d85b04da5a096f9329e5015b5035b53a6a2a6fbe109ef5279e6227dda1be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    39d66d8e575caba3fc1edad83314c92c

    SHA1

    22d26913630554645b1917f0b73a8dc976cf50b0

    SHA256

    e820df3a19ce8121dc02901a9db56aab10ba168f28e9ad3ddd36c3a3f5ed4885

    SHA512

    6b9e5d3284378ce318bbc74550ab8420a19bec9fa3277e6fbdc8d025441ea739e7148858ac30d4ea513052615bc3bfaadfebb34b23597a2a329d38bf96643e74

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c27c9dca0aa67cbb5b17537c0688dff9

    SHA1

    58f84bba480dcbdce1e192040142e3822b453a73

    SHA256

    e8e2d5bc4c48ecc5da143200594b1d80e4cc9dd3e99bc82ae8bc001970e13eaa

    SHA512

    f39780d2029221f8051b09a87d15dcf6e8ef9d85effa35d28d5ef1c3c00496b8c2f4eba4d9b182d296ef9578e36d6b01d90aff3630513503dcfa1b8096cc6f39

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3D40.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3EA0.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit