Analysis

  • max time kernel
    135s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04-04-2024 00:15

General

  • Target

    widget/biometrics/queryAuthenticationInfo/authenticalDetail.html

  • Size

    15KB

  • MD5

    42a0914805d7f78a3d9543f213b0a45d

  • SHA1

    035f315ab00826f1cab00d08199a68f37ad3d73c

  • SHA256

    207589796c3147dfadadb53e7482f01302ef402309c6a7f1e4b6cac647a407d8

  • SHA512

    64ea20b3a0ca348227c252853b13524c6d8d72da874bd591cacc19e19e2a325dac1ac2919bed4b624923c79bf53cd0c62e800ea05656deb2eae5489504b00c0f

  • SSDEEP

    192:IUTHXLDbyvam5WJOId5WJB7dKp45WJB7dy8SW5iQNEt9y81jePy81vnwy81A:fzvUeR8D8b8y

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\widget\biometrics\queryAuthenticationInfo\authenticalDetail.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1936
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2552

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f34a3fc712f6936edbfe65065b7e85c2

    SHA1

    50883e5fbb418a414201631dfa7cb7bc2572b343

    SHA256

    730a444925cd7a708e5fe929e640bd2611653f5ae0ded9411db762d755ab4662

    SHA512

    c0f7a4e1cb5ff0f36df977aa102c708e12f1be40c37abd3d9d42182e92b102dacb79573821796b5f14e9f8f60f8ca0d64a3676956b5e084e69b55590fd98e56a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c4110959928bcc8384520d21cbde0e8f

    SHA1

    2761ec1aa08ea0cfcc23078ed8efb7a7afe37162

    SHA256

    9db1a3d2e51d7d001f51c3d546698edec94b89e703331d98b1311830ec5b8431

    SHA512

    616e7625a999991a345a687c7518443c0ee2450c62eec6e83fb49f70d56ceb7c8ad04168bd2a8b485ceb6a4440fd9615ee1f3faacb4d0ad9e18a0535e2cce2ac

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    688a4cf48ab2d7090b46b72afda278a3

    SHA1

    35e0d10a2fae1ab20ffc917693297e328b0eedd7

    SHA256

    02f9bf8e04628e5f872979f8f0a0c027f04d29ddc824e8cf33647a10dec7022f

    SHA512

    32c0466f89e08f4b3349c6f3695b208352c2138fb155aa6e17c23693108194e7b59bbaced19492edf10e9d32b9b04384678b06d290673faf61dcaed619728b23

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    64013024b638f19f367a1c655bcb73ef

    SHA1

    ae424c088f8e1aa063d61734f923c1944320f14d

    SHA256

    27be7a684113d8ea690226aca34c6bdecb45b60098b6df29364391fecf9356c6

    SHA512

    43202f4db539a269de7661ddf0f0b203180bb3217c8dfbe7e3d8cc0055cd2bbdcef60e749e13c66238919f4b89027a1fa74bbf7af91ec3d717a3385a236682ca

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1ad6fff493aa7e194294d249b67cf225

    SHA1

    f7dcf0baee96fbfca32a13bbaaee078b2b71a6ec

    SHA256

    78d01ad19f3b265f6fe415248000cd795cf674a29aa5ddef177d3a7b404d9310

    SHA512

    ee16a8744d8e1e0331b5979280a7f631f6cda2119cf0679c9193e5aede029d30b62244bd3982b95f96c156e8799f1be7ac8a0a4e6edb4a82d38ccf5a1889e0e9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    07c3bbc1cd60d9f875d4cbd9d621d1e0

    SHA1

    d303213fa45b900152d477d880e8cfd1b3626dbc

    SHA256

    8257a7758b6aacd31eda0cab99863878f0fd9f47b426a57f67c117d1a5be151d

    SHA512

    ee12b616aa2ffa34049f5934ff6831fab9023bfe6cd66677ea927a1feaa60ff2a20e99df1fc0a0e0b734bae3850c8e5b2def6f2e4e48eb36201ce592739dfca0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    383104092e099240f5b3bc5f38d3caa9

    SHA1

    4f04056572738bc60650c1ef90fadc744eed1461

    SHA256

    d9ea1d7a932e491309fbdee0e8a0ab4e6ae45f1394df9b5a91f9c5b4fafc161f

    SHA512

    60e2a9125d19b923dd80afab29696f2aabc2684a379967f8dc9dc2f7edc75257e4e2fd04f39e578427f765e91172f733dad3cc0aa94b31db0bb603e5279e1378

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    baf171c4454b5f4424558777abecacdd

    SHA1

    745b759dd4519e3546379a22c7b587c17a485098

    SHA256

    74dc06b07b29124ca5299dd1363a802bdfeac427c5c75e1a421dce2ef4843eb5

    SHA512

    4604c3a32b4ec2b472f816dae837c1ebd2a78b22a2ada11e02494e7e0f911e4477db04ff331542933a428383db5628ff1ebee6af96d768485766fc07328fa1e6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    04bf394b0dfb09797a427507355809b7

    SHA1

    c9e6b99f58bef16f95baa1568fb2abc4dfbe9b36

    SHA256

    849a719ec6bc3f8c4ef470f632aba6dffe530b6b1e28930691579ed635c16147

    SHA512

    429a815ccbd31fcfc8a35b2dc54cb05a39fa35fd25603019b3274027a36d1c48e0f5b0b5e3e2e5cf7d0df0702ca9ccdab61ccc1fa01c25871955e17ee4894586

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0d08428ecf36fd45a123bccbcc2cc12e

    SHA1

    97a7fdf909aa22036b8e19101a7eb99112ccd33c

    SHA256

    a4d46909e0ca59b2e79081e7114f4b6ab9141546e36f4ce886c9fc8a966d45bf

    SHA512

    1e5eca8b859447c7a5923270f7d80f5a54528823a5573f579eb1f07c46e3df8f935c7d101145de73858e569bd69c1921a4e1a5f12f9a2617343c16090482f177

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7e73e1743b6cb2b80d59e176f88d8d96

    SHA1

    ab9cbd7709e1b2dfbd9fa36fd238b4631c47a670

    SHA256

    17208dd1fe1b3d791e7c67dfbb4410b243c5f6d375065b61bac94201e4d99ee5

    SHA512

    fa156bbe847799f3dd8fcac955732301119b909f2a11e43b886e14bc6f8a766f25b6ff719882891050d6ddb7047a87836d094bcfbe0b9aed99116c50b9504331

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3bf51a0244e7bd2690422bd5aca270b1

    SHA1

    69aa09fd670d1f95fcbeeb43d51ad6799236abc7

    SHA256

    77f607a11906283fb89e6cc00ded0dfbeb5f1fffd6485d96f01b1df885bd0c24

    SHA512

    0a9068b22296fe5cb3fa6006619bcbf6ab0c0cac2adab3d655215e3eb1d33d47b09cb54b8678b64e1a1747064dc3a31b070c9c4eb930ae89ea145e1764dd0a6a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    37f623e1372c0ce21e0700af17748038

    SHA1

    818a9a72c8b4a32e1cdd85a8c8041958e4297b21

    SHA256

    fd890a92c948e0895ba20fb7a20787658e2f8e176850dbc2e196ba0a09db493a

    SHA512

    945b532c23b203cd3cab00c4bf012b10b804f65c1e101eb8ddbf8bfccddc308dd11ea320d9f5674c583d668d68118fbc7b085102738679b299d8ca6ffbacbfc4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ed60dff109901d04b5e13d9783dfb7b9

    SHA1

    624f1041afc99ea868be71515790ccf31f8f1f90

    SHA256

    b5c5f38faae0ef993b531e0e097524553b4a19a73a100b074752a855f0f5c360

    SHA512

    4f706ca13312fef0c9f32d9c1d593e95b29ffd5cf71c62fad06795f20122519cc636546ccd053fa9d8ce85895180a37798cf5bfc6791401ec5c794a5c3b8060c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    54f4a0a09dada48323df424525a52a8e

    SHA1

    58492e357d8fec562ea90a387a4f0bd148caed9a

    SHA256

    10e2c482ef5b3817bb958489724bd1eca7da989be77bfdb287873dd773edd5d9

    SHA512

    52bceefd23c8c06110b023699245cbd1408e25c13157d7861221acc965043cf163425adab0ce310b8a1391300c97ca6fd2394a7aea171cfffbdd7d7f618a3b97

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c7f17ece6fdfcd3be4447cb91f8a19c3

    SHA1

    4b1b38c054816a639833e342342375a1e3fa2b4e

    SHA256

    524965ac22f1e459793a1c5bee3c814d43ddb3b27cd1d9df74ee8fc2f69507a2

    SHA512

    733a186e6170a295e57fbc0f581566066942c2d0088836d20dae98ea6836e415b1a984e869e83753129c803735285ce2969b8bc0d74dc07545b878e68d8ca492

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ab232e179261885c50cd3f462f869890

    SHA1

    513c06603938680fe3deff606237a523d1dcc231

    SHA256

    81dca558b4a0fd5394a8d6f52a132ce93b29e374adb2a361592646fbefae10be

    SHA512

    1139095e4332e76446e2e15903b502afa68031f155cef10c10f8a590d342eb6746ddea199efd5958680cdf853d563e015e37948ddd8d57fbde11d1d323b3b287

  • C:\Users\Admin\AppData\Local\Temp\CabB369.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\TarB48A.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a