Overview

overview

7

Static

static

7

dfae5349a7...e5.exe

windows7-x64

7

dfae5349a7...e5.exe

windows10-2004-x64

7

$COMMONFIL...og.dll

windows7-x64

4

$COMMONFIL...og.dll

windows10-2004-x64

4

$COMMONFIL...n7.dll

windows7-x64

1

$COMMONFIL...n7.dll

windows10-2004-x64

1

$COMMONFIL...st.exe

windows7-x64

1

$COMMONFIL...st.exe

windows10-2004-x64

1

$COMMONFIL...m.html

windows7-x64

1

$COMMONFIL...m.html

windows10-2004-x64

1

$COMMONFIL...xt.dll

windows7-x64

1

$COMMONFIL...xt.dll

windows10-2004-x64

1

$COMMONFIL...an.dll

windows7-x64

1

$COMMONFIL...an.dll

windows10-2004-x64

1

$COMMONFIL...fe.dll

windows7-x64

6

$COMMONFIL...fe.dll

windows10-2004-x64

6

$COMMONFIL...an.dll

windows7-x64

1

$COMMONFIL...an.dll

windows10-2004-x64

3

$COMMONFIL...fe.dll

windows7-x64

3

$COMMONFIL...fe.dll

windows10-2004-x64

3

$COMMONFIL...fa.exe

windows7-x64

1

$COMMONFIL...fa.exe

windows10-2004-x64

3

$COMMONFIL...rl.dll

windows7-x64

1

$COMMONFIL...rl.dll

windows10-2004-x64

1

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDIR/OnTop.dll

windows7-x64

1

$PLUGINSDIR/OnTop.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    26/03/2024, 17:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $COMMONFILES/Angels/IEHelp.htm.html

  • Size

    932B

  • MD5

    4e72a0d4ecf37f91b9fc9fd2e27a6661

  • SHA1

    c3e9117731947e1a3e2f9aaea9356cedf5fe53da

  • SHA256

    609471ce7403a914ef23d91082242c876e1b2ffcfcc6a70ab1309f45b387d1d4

  • SHA512

    ffc517b819c9e995f0aadef0583b099b16bff262315a9f27ba1c6306d0e0fde30c32ecaac19fdaf9584f182b64677699b42d40606f4038637485b2b5601d79bb

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$COMMONFILES\Angels\IEHelp.htm.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2276
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2276 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    40239dab20494e7a5432b9f843e866f9

    SHA1

    186f8b392306a590bde2b76d9922165fad723999

    SHA256

    48099224c5bba33c6ef1bdc3f5bac0b5b0e81afe2b00cd2576f188e983d30c3d

    SHA512

    707113eb9801b58ccf85f3f1b3834c5f127a536e143fc01340d9250f8a40f6b8c39022e05e2857b488d344058eb6b8375a05624c6c587c8f3b512ce712406097

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5e1fdb83eb49ee28ddfd86242a034be2

    SHA1

    c98e5323021a48f78a301ca61548de1a5d6a6ae1

    SHA256

    3077ff00ff1e165f16a7675915a4cc04d6202fbe761cc7a803500513278a91f4

    SHA512

    e7298b912e56f5a853f2678da9f4c074e6b21994ed22acac77c5e6bbf915ca9536918c0242b1d3844dcdccaef6d7efb35fa7e7ca20d0b7cbe94b5283b8a22c09

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f69a9c1224cc43d54993e499828c3705

    SHA1

    069153689be4620e674eb28cf895aa43fe3d2031

    SHA256

    6a2452ce7e8aa32c14273751efbdbdae71b221c17bfce1101c513904ddf8d5b6

    SHA512

    e1fbfa0aada6d9bfd9d7d4725238d4d210e2496365aa34c05798336242b53ef262f9bfa9f4103ccf508681dabd39cff233c4daf5c13a621b1a62fbf46260726b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f7c411b5e5fed96ef36945f5237de6fe

    SHA1

    251fcad8881908d57ec61a3c2d83e1db1fc26a34

    SHA256

    e29618cff54b8b0b7c5c4fad8c3d7fdc9827ab19639870e65e241bed2e7152e1

    SHA512

    a0122a6a61df47d8c61f0eee3ef1efd791c3ab8075d77e9827ea713cbd658a295187f60863eb7c55441b1707d4c9cc39a8b7e4f43dfe62d4a5762933c9467b34

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2e7fe200fd365a8d43ace718608d0cf8

    SHA1

    a0fb01f587aca7818ab891d104a7875ef30d4aa3

    SHA256

    e5e10d6a2ec176fbc9624e631d73eebd4ccda6e6ff9fcc9ae22762d2f2a3dee5

    SHA512

    21aa4905fcbc098228d6cc725521cb10655826195c73661de11dbafe6f2d837d7844ef962ada67de69e127333015f9d60743383c6dbb438ff24a3061aa089595

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    daf9a8f2d3b79fec3170583585812308

    SHA1

    d57a150c018ea93ce53bd3f6134191792854b000

    SHA256

    433bedc6cbe498f49616ce8c9d3a36b2448a44d3d33cde5847646d27f245de2f

    SHA512

    57aeb1557cfd587642990a8b2310b4205326cb31ea8e7615daad4c4d2016fa289cb9340c074ddccf5a66d7539cfac7f5855edf50563963afad354519c95ac687

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab21F5.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar24E9.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit