Analysis

  • max time kernel
    119s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    28-04-2024 15:15

General

  • Target

    apps/admin/view/default/common/foot.html

  • Size

    543B

  • MD5

    e451f41c4646f04e17ea27892a431b37

  • SHA1

    e293a3565276fa46d1d8989b5e3007cc80e7effe

  • SHA256

    e258dbaa329617fe2788b05ec1a8402a343003e439ad263b13ef60e1eb70393f

  • SHA512

    efc4a904413e7399e7e97c0659d0fa6e11b1638814f527348787b3a6d0d6b2b448b4b1bc6abb694335d3728e9f188c136b47b265f6e18c3b7be07fbf596a86fa

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\apps\admin\view\default\common\foot.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1108
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1108 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3008

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    72e7bb0a19de295905fe2f5542d266d6

    SHA1

    78300d96d4294ec2e67f1631bd493daa9ff22723

    SHA256

    3b249f96523162e166fe4102e32bd133864ddaf1a5b75ad23a49fde6e0d083ab

    SHA512

    5da8689f7d8b470713b6f8f5312e3b77c9a0cee1ab304b398a4eb81cfe068c4b151a31de83aacf77e89e0a9bf34e546f79efd629d93feaacf3444fc696cea70e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    65710282b4b0af27d7b4845339b55791

    SHA1

    691c54f952f2afc7e603fde00f2d82d494426ca7

    SHA256

    00c8a125d0da77e0490e45177251afad506b11c1f1fa97f8f44a1853d240e2c2

    SHA512

    619764200c213272e151b768fe96cdfca4a1130dd0ae4099bb5479b4b1cd6a4b3726fcb2d6ee075a676ff6a6ea3d6d3f0579a5db282ecceea108bedb2ac0eb3a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4be9b3f4a2a40a56392f0b9a1801c1af

    SHA1

    eb038edeeb8ff023d814f04673d5ea77ad774fdc

    SHA256

    19f5f07ef745b505a9e1c32622b354a29db4c89f30553e12e70dc0ac4883702c

    SHA512

    f0982202d49a5f8651d3abb1f146a2dfb9af259729345a7f230146b79ceb0387080068005e7a624ec397d17ecbf9b7a045b7fa7e38857814ba6f0967591c6576

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7da7bde877a5c1e68a3e093efb7467f1

    SHA1

    0fd1ade7d5ee2a93073374cadf33053e3d55fdf1

    SHA256

    e21911afcef7015103c4f457cb1ad547d9c271a25f2e956895aaeed913883a19

    SHA512

    64c6c84335ad13ab857d499c59e237cd1917d3a621ccd200b5d27e8371e081f7b0483485d333a28fd5bbf80e1e7d868ff17d326d295630f0a38b422dc6e97dae

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    996b53e0609f0ced096474bbad3884e8

    SHA1

    2fc9a37751ed6b817cdc1abb2bc2654e8f4463dd

    SHA256

    7fa45d2757037cc8666566e2f3f079afd41122e409c3038d8cd2a37e2156ff92

    SHA512

    01c6933c4615855d7bd99af61957e5da7614523c3a15211ed5e102ad0ecaa902c57eb70e046c8085818698b8023eadc0a8180c0cbd3198d0d921b5de48f0322f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a3e3a3bd8919db4b699eeb5107236636

    SHA1

    861be4aa44d5be938deb82ca43d2def124d3218a

    SHA256

    2198ae2c0672c443a10fe5c9f76885011edb14ce794ba489b27bb237f98879ad

    SHA512

    259f0d55229fdbd826552268e58c634f37b139061aa2753a63a8fb76eb05db73f4c2ce1970d842e0db6b36c55f0f1f5d9e53ee4fb273b2988ac7f90914f4d567

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    830a10d2be94f92bf571ba5d4d989791

    SHA1

    7af50eea583d96c6172e7eab02cdd3c65e0495cd

    SHA256

    f3691bc8720f90a0cfd889b69ae03a92b64c368690f9db485d6dedd2ab64133f

    SHA512

    859aab330c7d90cb74b92de5af6fc39d510441be39ab7e37008dc3e3489c1a1d1c4512ece56f563048dacfd0a62320eec7ca812afd9db4f0e2f7f719b3fd6d32

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    56cca728ad5baade563c390e9d8745bd

    SHA1

    d06f428fb45e9f187fcd1799f87444ce5d23698b

    SHA256

    0da8f642ec8caa32cb7d7da13cc2a466caab557e05ad013c99620db8834931ae

    SHA512

    e93616385d59b78ce1120df583085be171e36358fcdabea81c54c255b451ad01a615ed93e4793d0d198436edec28139015dcbd01e9b9d2882b0866636f301919

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    be3a440cebd70fee844c8b694747f203

    SHA1

    92635bfcf259267ae1385f8e85abfa6c022a7b90

    SHA256

    c22d4135eb484095db4b942bc9b0e45285f3feaedbd831e8b9f1d0c11381d319

    SHA512

    39059c1da54d6d57569992b570f85c1ed398b148442ad855aa792691a8e523ad83d2554932acd1cead022ba0fa8046db2edf526cdcdae59b411f0759eb272bcb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    21cda153a1f45aba8e475b9ece2f3eae

    SHA1

    553d40babd8fab6fdf5d364231475cf262b20881

    SHA256

    bdb0809657ab21553b5e887f9e2046ed4be745a915297e705765500d603a0a0f

    SHA512

    c69807ed563bf430d7afdebbe063e0dfe8e92cf46f6807699ae91953673b2378c068becbd79534d64609dcdb45a764e9ac0a32310cc629544e6b9805d848f6b3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a3a8e50cb10ac1c8e84a979d92d10769

    SHA1

    969d0b793630426ba09a1c80d080c430086e7ff7

    SHA256

    1fa756557276097dadd1950c97c454b66e93e08b9e60cf53b05d01cb724a748b

    SHA512

    db8180c73662065c359ba72a7f948349a285f3358f3ac25b8f216c43473dc2278a2a6f06925b9377b0ac53cd67441df45feab667c7af06b4a17cbd908d3978d2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6512dd2545d1e79032d2854a0df58267

    SHA1

    c00b8e8f543676e5bd6fe7e85f8026b9ac5b1294

    SHA256

    984bc7e3ebaca16254698e76aebb3db665d90d382de1159494ed4f8dabe092e0

    SHA512

    3534af1752ee433c85d4445080081aee0bb1741572b9098fcd82578b5a644932ac290a06ff5749c537860d8827751a8f60c5cd2cae970ef82a0ca787b00472ba

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    dd3a489b88ff815f6b87da89ee3d3c08

    SHA1

    2023bf3c5b32da665618f37c6f88c073fa02ae6b

    SHA256

    46650f9f019de4cc5c70ff29f34ad52dfd7384be32d58a321856f05d470fa7a9

    SHA512

    287434d6a8a20d79869a8ce6de60bc30f3d7969747f97b1b046c377347fc7a1228f94577955110704d41ed5378858fd171766a4bf584bfbaf638db305c119d12

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    491061a340c38734a1bf8dac16317a90

    SHA1

    c47c3a2aa6df5db6d9661e6af13e2b882a50ed3b

    SHA256

    c0862cd278f403a6a69c483c22a50d63173b5ddcc0ccb5a7ea14fd9639931ce5

    SHA512

    88b9216d89c60f0c80c50c74818c9ecd5f070a17173b1a285ceba9b3d14ebf9bf6906dd95be8341cd8b1ee251e0d8f4c5d4b96c86ea6f943395ea07355a4a92c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    55ded1ee7c80dd06e84407c13e16027e

    SHA1

    664c7c31ea62f3cc930efe026779408acda9c234

    SHA256

    e0ea8e9af3b64c10714f26a45ac032acfcdb0bf82c7c511ab952f401b52b83c1

    SHA512

    055b0cac15e41339597b9050e3520d5778dbdde9e004fefb6d74157031cb844bd4e961e0598cef26dc7d2cbc8507c7a19640e17ce01aec0cb4fa1d4f3fd1488e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9cc960c2642c5cb724cb65c866d17d30

    SHA1

    6a8930076b6c2af6337a59762a77b70b3bfb7334

    SHA256

    f0eec5836b5ea9dbcb57d283880557e2e77eb79edba6c22e63c2c6fb380d57aa

    SHA512

    fd295517bc1e44ddf943f58f4189c162cedb646312a78015e8ad497d35864989103961f1cecf9bb8533e13b8b7bc38ac2bfab6bfbb36b74a000f8e47c15121bf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    86fc302c5951f2c21ce2e1ef1899aae9

    SHA1

    9c14c1b41d883cc950d887b8cfd7d245c5d9801c

    SHA256

    a05e3ddea52226ea2fb470ea68c000fe6de548a660f6f7563cf1df818ac97c6c

    SHA512

    4294a6be249d4489c884074ab16836cd07405eba798a4d38652d7957e90c8abde4039979642ccfdd3dd8075a578b28fe497c7ad323808c2056a21223f40cb4be

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    294b70f3cd2c2a32ad8657c361471715

    SHA1

    b6c8bc558ff1113e38cf44344fb028029f4ab495

    SHA256

    028eb9766046a15973d3c9e40470ec67156d34552b9a75ee8640d3df4976c67b

    SHA512

    949f18bbd43de458e9dd8c237354e99dea9fad756ef8842ea2682560853461c5c909de47bdacf4d049b436fe7434ea3f7a6891cbc1df55a3d8a5ea842464d1cf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a6bca5b98dbf8936ddcfb887af4e8e5e

    SHA1

    e87a1b6a8886009ddfbb7c3d8de78429eb091b74

    SHA256

    7715bf00d67f6ffadcf498d6986c5bae93fd97e621d85a5082ff6425fe786cd0

    SHA512

    fa1e905a08887820a29ebc9ccf7ba96726dec298b5497e16f3e6d0156283fed4401b42f561ff5f96b52c810e7e2d1147d6a813a6ead749e8bc0750cc2eb9fcf9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    4ab6d25174dfdf60c5748202e6e40fad

    SHA1

    0d40944c7197b793831631531d41349d98f2dbfe

    SHA256

    2f04aed60d33d08c358ad120591138111b5bc3a51224e5cb13d0c4680c3056fd

    SHA512

    e079ac19b68d6f281602a7c479b194de9e67da174b3a68f434efc0c82129d036f456874427f58e8017c4819e07fd1f1dd018d52f079fb5267d24f91f2b676b1c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

  • C:\Users\Admin\AppData\Local\Temp\Cab27AE.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar28FA.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a