Analysis

  • max time kernel
    136s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240319-en
  • resource tags

    arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
  • submitted
    04-04-2024 00:15

General

  • Target

    widget/biometrics/face/infoquery.html

  • Size

    11KB

  • MD5

    287f9cdcbdb4a84bafd60c5d17fd8a43

  • SHA1

    c39aa62ced6d92e48d212c82ceb131c289a5c9e5

  • SHA256

    a9bccb1b43bd88dbf3b6a9b49a7b5890d91d32562c597bb8ddd548e99e1ab37d

  • SHA512

    4496f0b3e3502075a67a29f3dbc582448041b26b5e7ccb266977006eb0387a11c9429fafaacd52bc97e3830120230a674123d6e0b151ef8cbe3b16eb7ca95d4e

  • SSDEEP

    192:3AvirngJ4+U6LC7UJjBkSJMCpBiNqYUmys1JrpYuOR/tyh1DaDt9z:luxpB8qmStJ

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\widget\biometrics\face\infoquery.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1624
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1624 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fbe65a0ec7b769c1eec8e5aa647b9c01

    SHA1

    262d7de6453404850473702625cb18967899bc2a

    SHA256

    229208fd5b736a4b8c46ecd87328dc02c6538a08bb184586c8fec745ce7f5716

    SHA512

    f4239e647d41aea42ad3c708a2d04998dd72fbe5c5ddfac96dfb5bd72ae81588f8075b896daa88aa17eb2980d5872b784ac9c12eddb66d95c71b0fc6d1497f90

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e707e3549a6fa0e0f0b3f1f410cf77ff

    SHA1

    3a16583cce83fb43d82f8c91bbd40ccaa8c1bdb0

    SHA256

    db51276a645891281b44574affe6ed6814506525046d7e358c09bdf44e1a11b0

    SHA512

    08062cd8bef8638d0673d458df4032050fc0b69eed3034aacb24b0580346e47973e4e2320ae83f80eb37e4e2a182f7b7af42d3b0d7e6af19af77abc49ba8afff

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a4724a2d6134b723082565825faf082a

    SHA1

    77f2b8b09db86ccd075f2daff336963e7e520231

    SHA256

    a3fb83d9752acaa4ac143ae46ec8ebeac2ab47495cfd26119cabf44d260b0ed8

    SHA512

    4626ca738792c7fdd38702c843fb36074037ec3bad6d47f5473ceea78455c00fdb3b02d35e80d6b52624db137e65f53ac8f38b86d85531953d8f1af85dca01bf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    86ad7dd32e15f6de1c456e39b8243b5f

    SHA1

    9800faf656978c37f817c0f4c24420b2bf89a3bf

    SHA256

    9d34538494645c3987a39b3ce7a082b97eb537a0cb6d2cc4d3c0309a2711d6be

    SHA512

    0f8d16feb52750caff9f50a4f2368afefc1ee3e2e4e688a1de2e55211d97af21ec027dd73154b4266fbae17e446c6fe04c81ed7593a4666000fb265c9184e6ca

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    71d838359473de6459707e54bfb1a2d0

    SHA1

    a3d9f145d85d013e08c740cecd1c2611cec3b165

    SHA256

    a40443b740388752eede5c9c306cf13551587e6571e600ff000ba76c4ff58c31

    SHA512

    ef92417e65c8b16a467617e5d23ce16f999c185c0ffd7ea1e0e34287121e001298b800efb0820e43cee01fd38af411a653559fffae48fe2e3aadbc6bca77ebf6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d334a99197ff6903628b2fd5b6ed1849

    SHA1

    6723a44fd5922b3b627cd7501ac3c574ec41785a

    SHA256

    71069d72b1953e4bb9da902db31e2a33112085f683fcee5d3bf0f1dfeb4ad1d4

    SHA512

    28b32d715dfbfa529c8d92606ba09ac7eeb6741b17dab36debb1b3d55ca29386949a28fad4cf091b1c7447832024ef25f59297807437ea940d9d06276b080bba

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5442784026716fb5c83f8a811e72daee

    SHA1

    b162d1a2e54f384673cbaaa15190fb930a928458

    SHA256

    1543d0c0deee66b82b4f884875ec18de4d094f5c4f006a276b31108dbcf372b8

    SHA512

    2979db6714ea85a62123cafdcba5db19629efb96eb87ee494d5de1fb901d79638022b4b29a5a733fdd52ade85a928379d7a222e2575b2685f755f58399368bc3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    064e64c3ebb81b55eb443d8026068871

    SHA1

    293f566063b8df9f057a2157f453d96c580f9671

    SHA256

    25c4784054110238fec43d906d15ef6b08feabbf50b7d29be47edb0decf83199

    SHA512

    a8043ff25c1dcd251a1546477a9761eb7840795550b5f18a869ac62fa96f4795c33c6d40c189b49ee366c666904c11496ec80cc69a8b5c39a6894bc917615674

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3a0425f542bdd8bd8654ac33bb55c903

    SHA1

    06a8c7d96d132ffb7b4f35fac7c8588e01b71d40

    SHA256

    03b2f8f6c5c7b47f8a606b8d8ebef373307b6c2ca8273b4b8f26d461ceb4d45e

    SHA512

    742345e8e072a077ead8b9754e206ef7edcf13e899ae5a96e5cd4b0220cfa9b3504491a53b64eecd907010e883d540545e4d5607c2bb22e1dba29ae4ee12f25a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c362b77121911ed5cf33b2d03370f8a4

    SHA1

    57d65830fb3775718cffd9436a186b662547aa88

    SHA256

    249276893d1e16b58c5c1d11d3bc09988d0ef4ac14c80bac93584261f9974c86

    SHA512

    321d20f6d11a10da8036ba0bfc8ca75d152e9497fc0850da3eb048f1aabe7ea36fe250f1546b962f5a5350207aef74bd4edffe8f6b8f56b95e408f4ae1817a18

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ffaf987867fd4e021c0da527f88a29e4

    SHA1

    cdd9e458f51d5c6c837c6085860b5bb637e7a576

    SHA256

    c485d984af8fcba376e17b3d728c294ed45fa925241d44c044d60a49ee61f9d6

    SHA512

    edc70b0042988a424eb20922fe264349a4d66ac41e2713c093427a50952ea88f9227d2c6e3edc509f9b0f49e4690a9254a006395e9aa7539e13784ef22af2eaa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    820f52343901455e0d86e7ec25a676ea

    SHA1

    46eeb2cc73c8e72c2618ef59127928e21b747346

    SHA256

    ea30e5327cefbcaafee2c11b3ad6a15c54baa172ea27ae946faafc48855c3179

    SHA512

    8a11d3489192829771a384cec6e457ba959d08c4e7483faa5353a8afff32c808af4e900ef86537bf063f665791800aa1a74950bda50a3e0958cfd1b64e4aee7c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    dce38d472138ddcf00f5df96a9b825fd

    SHA1

    8504afc63e20749742e27ba807e7c996efd60605

    SHA256

    f43507394be3d4a15d45ab31bfccbb73ff6e26bb3bf18ebd4d9cafa90eff6108

    SHA512

    80bb699e2b5bed37c682ea4874705a1c85b1a93a69a0db1bafa8d3705b627e34a67b10356f5a3ce3c0603e3392c43b78bec3ecba0cdf7f550d1aef2fc13c24f7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a0eaf5c666104adc374b6c55620a72ec

    SHA1

    6cd681f6fe85dd369f2989099a435453e8c80a07

    SHA256

    cb556bc8def59f4612baf22e245fb778eb513a4f89a61b90428c66488f878171

    SHA512

    abd40bba1e7efe7004686a047394f4942ec4e267dcfc32e30e80d6aedcd59236a98d3c8dbbbafaaa1f5b93b5a77fb571b798fb8ccf4e8b2677e8998402489d1c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5df70661f380a8fdc6181f98f5ae75ce

    SHA1

    70e9c991486d14b2cddcd02452dc8db9b74b32f0

    SHA256

    f54c8c193f75938f4265e9750a873c5a80788361c378191507b22bc03c2e31e1

    SHA512

    34923ae9292cce20baf7fecf62c005814b25482ec03008758c84a48df3151ce4e5e7c787e0b8338794c0a59c8ac8724195d8e7a48a5503f37b417df0045937b2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1b5653ed4a76f30d023e48c2a83d1d73

    SHA1

    379daef750e1a763dac4cf8493ca6fe18a05d674

    SHA256

    72b4912d4778ee06c59fd3d35b074be1ec66415b5cb633a84482797e89fca5d0

    SHA512

    cfd8223e70960a029cbbda98e15b51af0eeed3ffda17aa873bb910555f8f16a44b8b3346c8c93968631bb7b78dc397baa8109c8ea4a2fd454654b6135495310f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    476c121c03b7242e5347278c3f29e1dd

    SHA1

    5493b29839baf00e9394db66290dbe8084d3ffb8

    SHA256

    fd372b03c718aa0c4145ea2d00e5083161b27249f218b56f5f030bae29de9365

    SHA512

    181cac78a8adb58032aef1da5bf0d600edbac3d1061425cf585166609ecdcc10563270d93dcf0a9d910057a899f62d41bfcb7228e2a427d744f962e72b7b4b99

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3d268ed483be9385bf241f2dc1025ad3

    SHA1

    7aa9819f1b7f7b5d61a5eeb225eb5f1104cb9ea0

    SHA256

    b9b089a77e6ec91a4f0ffa6cf023c3441032ce23df61cfa8e30d59c4cfc6183f

    SHA512

    035bb266e94ce1eddd46c991a689e1ef90853a73eb6e4dacd894d47b5d8a22a7df30b649e6a995a8f0211b5abfd6592395e6507ce9fbac03e54efb6687c14280

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f84692bf036cc7e3c632112ac2e3eb12

    SHA1

    eaa3d0b9825f06ed9ca6613e2b139f8f07e21bd9

    SHA256

    d7c9c431e3b44615ae8100e3a706bc65db4d5d6ac255c2fea2ff1e3de4115268

    SHA512

    7c0c0d553263d197f86e263fbebab5b9d5aa4b2da659feae2f8abc6bc1565c58f51a71cfbbe8f9ad22c0c041db3e01d92ca4a210cf1e6d39808fa33002c40f0f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d6f437fd89ee94c3c49e294fdf42a162

    SHA1

    0ef5e874ed4b7b3538919669077a391b36066e52

    SHA256

    5ec1bc3b080436955ca33db7902bb9406fb9204d100b07340d2d887345d42149

    SHA512

    c6cc33304f4edb94cf15251f79a3b4377fb82c5d5237b2ff089edf1d38cea62602b35c96c7f52a3c997ff193bbb65824d0bf32160d65458813c0dedecc11f165

  • C:\Users\Admin\AppData\Local\Temp\Cab7AAE.tmp

    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

  • C:\Users\Admin\AppData\Local\Temp\Tar7C5B.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a