Analysis

  • max time kernel
    117s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    07-05-2024 22:13

General

  • Target

    begin_password_reset1581078162.html

  • Size

    11KB

  • MD5

    181a5920515e11e47724378e01d7fc17

  • SHA1

    8502c1c6296b834fef79332d25f759d6df221376

  • SHA256

    cca7e9b73778febcc86560ae6e241a6260ff35d5aeb1a2fc18eb6dc7165ce0b1

  • SHA512

    ab9cb1f8e9a9aa57a28ee426e094ed5cf5b187ca5ce360cd1d08f601c0beb957fcc941c769668aa15e1df11685b3ef3290839d16d2ca2944be4d30cceb7ccf54

  • SSDEEP

    96:lXdAxWMo9PynfKoBFLaDNPkew5zm5u1VjrwJu5bMMwQheBiq7X+mE5Lt:lXwWt9PyiovLOZHAzm5khwJeYTU4iQEf

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\begin_password_reset1581078162.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2488
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2488 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3060

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    df8c262cb4a7834959c7b618eeebb411

    SHA1

    24fea188b1bfa9e04b1607fb40f0021077d0d65f

    SHA256

    545acd13f6649d499dc446cea4d4f40994216f882e13208da830bad5e3ea084b

    SHA512

    da2493978f90711b295dfb80d5b1986006e310a604c42c83d8922a43b3646c0641935a1787c9f1857497e6f3caa15a0a52d3b2da0dd26f8804bb4e99a8597ce1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aaa4281af8d8d5d12d07b6a43d057768

    SHA1

    0334bcd7a614d7c2cdb01ca5f2af34b2832573ea

    SHA256

    dcf4b295a500cc86ab20d49e3f5af37cb73cd8f722758f164f64076af693be32

    SHA512

    a129383c188fb94f8808de8fce0d737643622c275c840a6cf5b501e0205699146e3a8c8f0578565aff722e0c9b76fe2a11e8802a3e557e4b66e5137b432ff469

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d1843834968c5ab4c1b2faad09a37149

    SHA1

    39f1913bfe47e1092a10ba03a7c903b18ab66069

    SHA256

    eaa96daf73f70c240e35ffc95a58b0ae0c8fd0ab92d10b006cd604cfea8c14d2

    SHA512

    050108b1e48be12d80fa38c9a53a17df4bf3cdb77940e59f518bb9cbbfbca2825a62bf9f9123d4e95d5369a24d4b06b7315caf7b90d5734097891f78b8af899c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4ea2d879129273eeefab20bd846fc191

    SHA1

    9b02a3c659bb5468c21704a8608f9d97a4b191fa

    SHA256

    1199d7ebb3d7d213e81c03fa81eae34c6c9397e667674274e991a617c7423041

    SHA512

    cd84fff85d30b70ff28dec5a544ef322c17d343adb8c534d1c9e064e6019b5a8fa6e0164657c704a7fd6c05375b06ac1dd71a0cfe2b19e65e59e8ffb85cebd0a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    345d5d9c9cac45a7520beccea704b2d6

    SHA1

    e49d8b5e4400dcd0691a507c4948ce9b54474868

    SHA256

    c87bd7f964bcdf353294891b320651fb3a48089ae976ea4bfa3d96c883c2cd43

    SHA512

    45ca26fabeab66de96e29578e5f511070ce39fa9146d46c00a315769d21ffa4568beb8d3b8d9283db5f14bd6a566ec565da53c18dc4af07528312a7ad58c1d51

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2a62f17b455a647d76a671c108ef88bf

    SHA1

    bbb23f4dc0fbfd470187572f72349392add41959

    SHA256

    e543a2954bf45516188a1f52da34a969280c1651c30ae4c6dc0e9755cfe12dd2

    SHA512

    156eee1b535fd8b5004d7b86d797fc72b1f77cc1cd99e1aca821948fa0e3b5bb3af68ea9d204910cad0ed214442f849784d7235bcc8603abe9ae9b24118bb615

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ef2294d394f3fc8d90eb90adb8507113

    SHA1

    f2956a3bdfd1e2d87374f76ebf76f37c27588ca5

    SHA256

    277ba0136ec38ac0df91b5d55f56d55cc872d2cbaa30e46b3cce54dcd73a1f39

    SHA512

    512a9ac5b03427b77b3f05b07faa9884b17641b96748c2952d0f4dd3040735cedb426c3bb5643f3adffd68f39465622f665a1c359728717bcd4733f3c0e42aae

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9bc17cab07f742d2fc2bc62c40e41e77

    SHA1

    876bbee0bb82a23bc4c6e784520d4f8a9ab39345

    SHA256

    0ad70eb8d3eb32ec2639f58a9517c672dbf35a09e3640c47119748bddeba05e7

    SHA512

    aa4659819c789449f2e65249350f185117d084615c401a25807747112853c66e7cb356e2d8be31274e4e1cb5ec707db88a0672819cf2797bc876d75c59a55a31

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a9b8f9960f1ea558ed10ae2a385e2c52

    SHA1

    20d94a3942e3d9e5a63949eefad18e6da6c6649c

    SHA256

    2448013aa55337f167fc79266af0ad3cebe477afc0c746ab1ee81765ce7afed3

    SHA512

    e103712d9795f2ffb4037007e1d82b0f6adcbebb29e37f5f84e702389781c58d67808e8d5cf1e82948d0e2abde19752a641a26672679ccff335097ad2117c373

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    892714bc057fbbd9c1637a37619d6a03

    SHA1

    ada0285a5ce6bf97344e6efaf5f9a1d0745e3506

    SHA256

    a67186636906d0bf69cbca8baa00a5a3b1cd455b10a5b600ead9dd26f45bc5fb

    SHA512

    dc95d688a3f4e9535563944ec9df25c7b2e0832fa41fb80fe75396a0aa827fb37946b3d4ddd87ac86200a61088db5d12ebe4f6b6dddb72623c8d11878e6500fc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    097f8b33a4c999ca2c4469e74ab8c70a

    SHA1

    be7507fbc25c183a8a4928ac8c04bb120385914b

    SHA256

    d8e86c76899a32a24ef9734591b129f3afc383662a0951c88ed714bde4bdd4f5

    SHA512

    1bd617d981bc17bb3afc39386958464a12bd9e415a9ec07dc8878ec5f834e0b5721dc3deb0fcafc970622316e6f6bd778753b21432db6aaa0c32777116d26f19

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    52feec72bc3cfc63b223c406c61a42bd

    SHA1

    0b595bca08067c7c8142b7c98abd85a64fb14121

    SHA256

    0c6dc25446727791804b996239bcfaca6902458df4e8f9dcf4ddd36b93f6d409

    SHA512

    1268a10e3650b7a1e88e463bde6bdc15eb4176c2d3235cc7ad71d78578286e457cebcb1b4b98c03e9456b26978ade661b15cd4ec1b8cc49a0405bff2a50e9128

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    650823571b505c98fd0fecf82c986196

    SHA1

    c92dc29c279c316eb30265a405b55412f485e4b7

    SHA256

    f64bd688fab419fde737b16242d48fd5aa58252ee747d29b4c695554a2e9d9e8

    SHA512

    317e96221f96ea650b8ba7df59bee46164b9552cf04c442b1cf1484317ee5ba8c17a14c8be120b388b8e815399d5d294c331d80b190534f157f3d14b5984c1e9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f500df1fae300f62f7a1beb32a0427d6

    SHA1

    599137e5faaafd7dec31004ed66ca2846bcacc0c

    SHA256

    d6637dced45d207318ec8198fb46a1d718a7bc8acd5638e67741dcc4b0ee4a7e

    SHA512

    3a19f0c2b71eaf85270cdd95b7585cb2ca5afceaeffc189cfca8d2006e958fae8797b05e00fd093f5ecda5a8f1f9731f7437aea5baa318c0f8de429ac708b465

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2d554a3f9beeb83d0f1254dd86e24cad

    SHA1

    c2ce865dc3d9387f46f15b522c30e7768ee2836a

    SHA256

    3005bb1d4d4e89ddd4fb43f8d8468535e39ca3d34c6338bd90b52420c78e8c08

    SHA512

    72f844dac3a317c641a151c4d33ea870c258bceb1d43a2a5b734d603120838f8f0aadc1e89a8ffd63c3fd1fce3ec60d3f36af3b04acb567ec6e52786fc7d27d1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    261d0b2350719baec22ac7ddd33acc80

    SHA1

    c0ac79843b63d40bbac2a93d1122905124f51579

    SHA256

    2c4cbe7bbe52522f2d1f12c60faa075257eeb72c05cdefe188dc113ad41a9449

    SHA512

    0360625d5c166a7db094cfc03821ff55c896f408016545cb39ca5c65666f044130974183d34594eb83c4e769ac980ed5d79cbd07368ec7a012ee897e3b43c989

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    59ae4aa2f175ba3623602058d80efc89

    SHA1

    8e181c0b70a2ffc8dd4857fc5f62c0798c956089

    SHA256

    cbdac6aa54e3ff306e7b47fc402b345d0e9009528784b766dcd5c77fa1c6631f

    SHA512

    d3beacc4a06a3d761608e6a663fcba6af4a388e62731d050ed9541d87f24a76a2431d993189d1fe3b826eccc94807b2b05c8aafaa471ccb8e15329410001da91

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c05a7bff4c757cbd18316f59d0ab5b35

    SHA1

    c12603c0db470b4fc8daeab96a8336ec3bac24ca

    SHA256

    4b45913922ffbdda53d9182f04843f2970940b0a7462bc97148384d325651e38

    SHA512

    ecdb12e95a827db924da8f0f4d1dade09a7888f01b96825faedf64a7c49b823ec9a6be4a85c1c728a9affe8283665b2d78d03c5e3faba3f0f44c7f8f395fd5c0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ff8960f77ed8e0c4ce2fa3f453c5ccb0

    SHA1

    78b766e27a6b98954fe0635920662899731ba4e8

    SHA256

    61a7144202a834f312bbb680c2ecba3bf67b4761f1c9ff847cf7534c3c774235

    SHA512

    8b0f54c087fad7af5d4d2ed224d6aa43eea11d571b97b8996f402913acb0cccfc731378aa6d8a3fbe00fbf05a4ccd86f12e53c4744460d45e09495eb98c28f43

  • C:\Users\Admin\AppData\Local\Temp\Cab122A.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar129D.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a