Analysis

  • max time kernel
    119s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04-04-2024 00:15

General

  • Target

    widget/biometrics/hospitalBiometric/biotypeChoose.html

  • Size

    7KB

  • MD5

    904eae7d3ddb55b35852f51f1adaf9dc

  • SHA1

    2c5e90cb46a5435c7dcd975a01e3d40db49b25a7

  • SHA256

    5b2821d952ac9ae74cb562eecd348dc01ab0af65569db4f0f38e988571e8c8ab

  • SHA512

    1eb47636aa8f0caeccaa89d41201158c82aca1fa6eeb75df1c40a802011c629f887f48d555052d07c7fd9e885b53366a4191257d8aeec3fe1b0d2b45e4a34ad4

  • SSDEEP

    96:8vEbdRGmqjMQf/I0rzMhpbjF2AbWmF11VQZhnZBYFYUcASMzK:8cZRGmqJSiKSaS6K

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\widget\biometrics\hospitalBiometric\biotypeChoose.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1976
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1976 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2128

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e3f8d3a72f10eb8769f527a995a7437a

    SHA1

    9cc65936595cc049c0d8f9131f40b5a4810fb50c

    SHA256

    92abfb5bbe2532fe174715dc490dd32ad98ac99f08161a3ab5fcfdc59c287b08

    SHA512

    88d1c67d56985c5cd7e2ff3656a8ca8489b180e19675b831556a27ce46f15d4cc613c67b2413ba5572be8e409c564858a299129ede2ed66ec23b40a91678c41d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    761a74d741e47b0fe1aea8485041dd26

    SHA1

    2c6e6a94e0ee39c8b0b5469a0f2799ec8fd6bae5

    SHA256

    8f6b3bac17386aebe39991ddd5185e22582072ee8f36e2e00481c742663df262

    SHA512

    961c3c20b2079509db68b77c4e4991edf1b691d0181a7a973a8cdbd47bdeed9386a961ac3c9b53c91e637bc12cbbd45987973bf101655fbd11449d89e5bcb668

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c2bf32d0f39978f96fae33af57852175

    SHA1

    6a1d5a0df08870741492bd502cafaee2b40e52dc

    SHA256

    2246a8a0576099960220e41543569642103f19aa23a1403a846e19939b1cab12

    SHA512

    7db1a85cdf0554c081262304c912d3dd883a9235321c577954cf6535b7c0abdac9485b996d461742c2a138c12d94dba2ba60173c9e309f0b0aaa8059139efaa2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f6c1dd7de6bea7d9297f41555e5a5686

    SHA1

    2d204f7a51678ae3443d223bae23e1cb8f2ae36e

    SHA256

    5310d6ee4563ed34c475eeaa65d9c3950d6993b38e0484b805dd002302ed8d98

    SHA512

    c8a3ed667eb79b4f20c0fc230800267974dc9dabd6cc5c7673b8c305a94515f861f0731a16a3c9899fab13353fabe5160f78bd2bd9c2c414cb3b49e2ba53dd15

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c4448aa7bde9ce9a49667c0b1800bfb1

    SHA1

    2becbb4aa566b1d734d29c12dde7bba554118441

    SHA256

    44036f77581584c7d14fcde68b5cbe32491e8d9d7f4b31f54cbe25555a28de8d

    SHA512

    b284aac872c6ca4764e799ad0cb233287a550feb96fc6783313536055f678a41adf268b313bde1e31baacf5c4af2876e21d988f569b1e12a9b3c2cb860d67e49

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    de506c74d29bdc84794ddbd0c06fcc39

    SHA1

    2debdb5126fbf6cac1e157d849683bf92264dc12

    SHA256

    921d173a1a837ad6d03df5aac97bd6b97f7cc73ab48e79fe0a9d0aca30903a3f

    SHA512

    13c5e842ce1d3d3bbd7bd3d4ed54b5153eb28d0ecccfe8631ab454ef5127d4484c29ec820cecd18e926ca3b95ee39a33da3076aa5c3e6c0a6fa18d0149c64261

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    74c915fef69b5da0601e7997b169f7a1

    SHA1

    0233b08c42819a99d84aefc32a0454ea77b2c660

    SHA256

    e4e7e250224d06ab0fca453b5add9b471e6b6a0eb0e1859804328807d7cea14b

    SHA512

    58bf2ec3ccce3a6b3d4e5f474d57c5c72288f5e4c8d970949fbf4acdb5ee39a7851d68d8ad1862224c1cf44b7f53282078be39b90b3f90ec611182ad11f4481e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0542fccd17b0cd360c4c9ce6602d3ea0

    SHA1

    3643c025a43eb17c212f842a6a18f6b32f5bbe13

    SHA256

    d5d961fc185f57bbe23ee0a23dd11f16994365e121391b2ea08c9ea94ad32331

    SHA512

    eafd95c81916dfbab7eaba1ff4131467d50eee573139997fb0f4c544af4643d6398fd78d2d03bc6d7687ff9016613476ffe5d01b8cbc6986558afec31cf075ec

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    060cb039bdf58f2245cd60edbacd8aa0

    SHA1

    546c9e844798ed4f9dfd7830f7fc9c79581c8fd5

    SHA256

    6cb06467d324d40c9878cd03536c35d67c8c333823ac7a96ce163f1dc5a42c54

    SHA512

    091b888367375c97f0a0148b33e8ddfc6b0e1e38fde13790e7a08a06b49fff12082cfba568a7e913eab3e72a0f39e08f5c9264b587fbbf007998299f1fb3c1d0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    aa4204af236a1f9ca1820832036d44f6

    SHA1

    e13d672d417072cecbe98deb3c5aa756491d6941

    SHA256

    60673885a4ee8c7bd5d88ab3314f1b5f032267c61d01826c9d5c274d559ee329

    SHA512

    547c129f7a71fd1fa7770b7c43779d34939c113ebf90e45b77a687c1de919b31c36f9043b629890ff24c908da40bc509d6734f8f35d369b27bf1249a35e3eaca

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    71959c83ccad342580fba8efaa98b9f1

    SHA1

    0284a68e493362a2535292bb8d822fca3e8bd280

    SHA256

    4dd339bd510fc1d3c3c8779f132228f2edc5fea81c840980a2430a9f73093d5b

    SHA512

    f78c3e931268bc16ba8b9db276e91659ebd8e29e4018b32421162494c55cda2229d791fa47f946659482348d61713081c803b555626ade5662224bce35f9a843

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5a8ffc4b50b283ba6d6aea706c9bfe10

    SHA1

    555a02b20ac06a7e9ddc32700db2fa845e987931

    SHA256

    2889b3e1c010a53ffb2cc7a4e943380361111457ce67eb0ad45b09182426bb02

    SHA512

    7e769e8803c2cb9a47b10088fd51247e515ac4266894566eaa9ec7260f41f53a782b7aad4e649e2b70a7608b9a51617498dfb2b452d7e5341232d55aa39ae3d1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7ac22ac9b476b20ac1e4ec92a547e014

    SHA1

    77fb2ae8eaf7caabd6a95d79ad310361f3d777b2

    SHA256

    f20acb2dfa99a9604f98ea5a41cfb94787bc9aa251bfaae947d5c1407a2ff5ba

    SHA512

    fbde479cd36a52bc3650e4a59f055cce83f39139df869ec1ab407ecefab5b3060a52803afb555787119664350dfdbc2a39892b90bedc94ae121a9324b37ccc90

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1ae66762f9339d5ce5af1e23289d54f4

    SHA1

    a31cae279f138b9d042a8e9d8c88fa67e8d462ba

    SHA256

    ab812419c4d4c8260cccb60c4d2b9dc24213088f491decf266b07bf4b15b374f

    SHA512

    d82504b6eb9f131371bff98a5f2d707de72e22e13771c9e0f2523356b1448c9cfa4233f3743979c80e408cd5dd608484f1de6946b837397c2b1187ce2e995a3a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    495d699e070b190b72b4ddded99c78cc

    SHA1

    ab09fb2dd80226233d04aee37ec1982bc282df72

    SHA256

    9cfe95738c81d219ebade0205baca196f349e808452997ecc6b2e05f081cc576

    SHA512

    1d164c645640d480eae45c028a9463aced5f1d2400bb3d708929b10cca8803caa6c88c96b96a17c84a4239cad9c2c13e52823be76d7a8a8c3f072d6843eb57ac

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ea97c759400e0841b4229acfe5b22880

    SHA1

    7d834bac40e3395db882c9a5d007fb782045b516

    SHA256

    9de7ae4d07ce1f5a8958f289b46b4b073d670e060ca88dcaa6918ed83e6aef67

    SHA512

    57bcbc21b95faf55517df20441728dbcc3ec4b74d3d5160bbb8c1aa022274651b8007ec4400900352e7c4cb64eb9b330fad075bb97ad9787aa99b8bc8bb4008a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    420200f77fdae027994ec0898b9add31

    SHA1

    6a398ebe8f2ce7668ddbcf8b6051909e858b86d7

    SHA256

    ca88293349b95a51508e40e0fbab808a31745ebcb76a0d9eeeb43c752d1e515d

    SHA512

    cd00e6634f2a61738b7665ab81308ed4e0df5b16ac1285a401c6b2bc6bdb58cf093489d7fb4f319e076c38bded1a83906b5ffc7cbb80993317f499a13ed41406

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    888c31b46e6434318fbedd7e374bb50d

    SHA1

    984cc0ef10ec19bfedcdd945c31aa27096bb8abb

    SHA256

    c19ec70a877981a065348a1b9b8bebf50bff0db096760426752787e9b7eccb6b

    SHA512

    945707d621ce1ad1a2cefc4a26901836fdb922a2db45e0aaa499e9605d6f52716157db2f87d86e9adbcbb7f4f939b423652547a213107a2fb9d002ba9a8a247d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e3ac3e2cd35e51beb1de1463026ecc7e

    SHA1

    eb4643f05ac8cc29d0bd06eb9170e16bec3ff4f7

    SHA256

    bf8008fdd3bd6f3e809197da42d5abab8d7a3f3ce3550b55f707647ab9dfdbd4

    SHA512

    91ea5009063a7eafa4a6c9532dcada5c5b1600b0718d7229106fd46e91f9f128fd22a7df5ecb326da0b7c937064bf598c599c2d0860a381ac475d7a3897108b0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ddd34c48f84eda905a38e12a7f58a086

    SHA1

    5d5975b42d4a2dc0f15cca672d6057568f876b1a

    SHA256

    019b10c6b8b2bc1d7f64571d9d5eb02116676124e79f49a39c6bfd23d9a671ad

    SHA512

    480bafe89c12bcd37ea8cb9a2cf33a4f6e3954745e8896d67fb3932ee8505b44b1b354e5113556298de8c347c1846feabcdc1bbde0f57ecfe2e545c25e3d9bb2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    39c8560a863913dab55d6dce92950d94

    SHA1

    711cc21f154afa9e9c184d7fa41b4fef8c4ac732

    SHA256

    565907634309abfd8653197461d2e3ade8c0e70eb2459b4e93b32bd6697981bc

    SHA512

    f8feaddcbe04e9e69d84670e28a8760214fd2819e94a39c2196d933b5158f56ba157f9540053e446545c31abc4b00b0e4563f974b2d75527e90873b0ca5f7d4e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ef82e795a1f6359c154aaffc310134ec

    SHA1

    aba1fbe0c8fae1f4de6c57a1a1305bc87b7132e6

    SHA256

    34fe45d4322a6648e9dc62eaf3d16e3d4f23432b5a15389ac5fac5d5225fcdb6

    SHA512

    9b13e9c792f168d5180e5cb391e3ab2f57036b2f3d437a289d620c6f1727d8e31069fa8312f7ef5c9fa1c8e2c38d722912506b0898ff81fa13f75eb7eeb922d5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    99c8544439e10136be12c78040f8ad82

    SHA1

    f3b542d70718e1989567d87efcfca238e05ce9dd

    SHA256

    e4b0ef34651af2e5e06f1bfd042d83969a4932a8dc0b25c16109a39d22400549

    SHA512

    cae85b9eddeb6410caa7871df996f980a0514f66f5fff2cec3b28ac3b0f4134803dcb1a14e2befc1d1a891108774985a323afb13fc09b61a0b5dc21e6b29d2b8

  • C:\Users\Admin\AppData\Local\Temp\Cab7784.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar7875.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a