Analysis

  • max time kernel
    135s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    20-05-2024 10:39

General

  • Target

    blogid=321536463764.html

  • Size

    23KB

  • MD5

    ccc65a8593a809e1b3665dc1ff7c0286

  • SHA1

    f8a7bf2ce9f171771d940568d0b62dbb35881c8e

  • SHA256

    5bb67ce78c62d4f8c2b3867acf7ee24e2b967661a6223ad54f46c48c3b0d82c0

  • SHA512

    294863882d156bc2515c7db73adf63b2bdde85ecefc499af7a09d2b65faf52c2f91000a959bbd5e1df09915f651748316396667fd1fd9ca4ad7ccb4c171a0ca7

  • SSDEEP

    384:azZ6ej63Rwhm4hxQ2hXqhInpheBmAqt8NzzW5JIzw:kQ+hXhxbh6hIhX8NzzW8zw

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\blogid=321536463764.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1368
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1368 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2584

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    82e40d63f3ae81c63086cae432927e8b

    SHA1

    86cccf3b1f95e2dc1a84b7e00fe0b49a53c47824

    SHA256

    573c861915d61dc880523f5beb2f30dc184d554bc7b2964be3860bb309d4caf1

    SHA512

    1adb4985dff0f5c9730b3070c7873f0b7744dd60a2207ee81a85485eeb558c0fa92bea2ddea8f4bb88eef88a01bedf124de9c3235bef660e8da4870da0e1b8c8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    802a05e4a4af1b83f748da867c7d5cae

    SHA1

    a5727b2bb4bc47ee533a2ef52ec7846a7adaaef5

    SHA256

    600a77d8a8ff4d7e6c90c4ceb3d9e9ae2a3570153bb0a9116348fbdbd9dc3071

    SHA512

    85c0b87b0d7da7a165b6d3ad83c283c62f9baf53589ee34ef6e1a1605875e0e43b5404ad6895130425afad4db8098ee27bf220c0454ca9d709a81dbbd1a0ee27

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cac49fbf45826b311f7baa786a0fe0ab

    SHA1

    1a95cb3c44fe5de2ac2d7521e01f0df3bf5f2e81

    SHA256

    95c51b7f3d37a59a51eb9edcc4e270f9a1acad27035ce761a6708bbc643b0709

    SHA512

    0934536530be09b4f7bf96a5979ead8df5abc3d0d0f9df997a629615427af4f8d9cef4164fa10a4f58775bbd5f7ee2d1f4a6adf323ad4e5b6b89942ab20bc557

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    644cde9a5385408f5950622aa623dd6b

    SHA1

    1559864b3831853a2f9fd90442a99b938e3e6097

    SHA256

    a41e75a16f2c56ddf1628113c02d8c927d04689193f3f91d45e3eae6dc823a31

    SHA512

    400c943af7004334a7d0bd77c1b4a427af8aba9cc377e5208947cd59b86a844ab87cde0181cd2fec2725ca3597c0f0e3ee4ce609b77388a162f0f24903725e6b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    056b47da1ae4c69221d439f42dc7b8b9

    SHA1

    2fc4fbfe8a8c0d48f6a748d94e0ebc893d2bf3d2

    SHA256

    c6dcd4374805c0245f3e56d3fe1d6819d213278861e2becd448c30c0f046be0b

    SHA512

    7a3abd8d124584c158ce273d3b67fa6930aafe0bb2b7c58d51b4b0fc63304b7ff5fbba20ff3d559ac7057770b14e4d0cd2b832ccf20ef3d906626cfaceef089e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    92dab032fb6a70df0dfed8ef74a47cde

    SHA1

    8072fdf84c8a0a107d68d0ad582869576ba27dee

    SHA256

    3de0ee597f80d87068391d5a7c6f734373592303a4e6175516da5f380da4271b

    SHA512

    4450f254d3782b721d8cc9af4865964377f4e52767f84fc861726d5b3ec78c24cef0b0d56c084822bf850c2bce6317e45d067b6f3c7969fbb61a13b52f6e6514

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0cf4a21559435808890c4f27a4119b69

    SHA1

    49275e0df104002d4c9223f00c20030d4c41342c

    SHA256

    ae2577a4803009b57cee4f642fd8618f43198ef6cb52c7389f704d293372be20

    SHA512

    86a67334586bcc3a60d127dcaa2bde07992e01f54222f7021a325c584c1f288ddca8cb57e1162bfdcbbc64fadf60ae67ea6fcf086f95245ba10e5ff9fbb9e2a1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    85cf9c0f95cbf1fc1578de22e0901b27

    SHA1

    04b2f88e240f7374c5d0f4ed04e740ed2575dfef

    SHA256

    65cf9eeb69f748ec5f21a529be04e6cb50a4f26be1e749728b2ec9e9e63c439b

    SHA512

    699064619eed41f2d39cbc639f5369dcb358a863cbfe47f05c6c686e22d022211649467b5f32d4c00952cec74bf9b917c7cae0f1b46c100162bcd8f258407906

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1834451462714d43697c79a5e7aae346

    SHA1

    41e6827f73b2602a6cf3341cdf87178fc0c3371e

    SHA256

    6df5f7c314aa18ee6ec721db3e455e21b8f96c57c5d66006d386ce4f8d6fbb74

    SHA512

    59dada44e3502a889c3f776d68fc1a6001efd76e0e9f28df5104d1f95c93c5a9de7ef59ffa6909f12e9d4c3e19540e23c02d3de5354267b79c0c1a3ef7ae772a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d0e35e1c57fcd85fe43ab366f92206f8

    SHA1

    0c5b1f09792c3fd57e0afa1379fd88ca7642374d

    SHA256

    fc03f763da3796c1c7dbe2864871a1cee06c7293e7a49b72dde8bd790a0a9317

    SHA512

    3541f674a73921435a0086d7d901fb453b3b66c1c2f9c0b1e43592e7d6ff8fbc7d66038709748c6c225c50aefe48b133d9644d1935c5aec063230cb77246b7cc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    86de599c98df22b5fd1f05b60c5dbdb8

    SHA1

    2286550db82456fa13bc56e8d88583d970a2b0d0

    SHA256

    cfefe7baedbcdc8c8e6975f90266d505720edc669291b29c39f6ece10a18d150

    SHA512

    8fc90ceaac5f6b6c78e2421e48bc8608c0b9a90a0b3597088cc71d788b7e4f198623071c8cfca6e62bc28560fe562b29a8a7425387e079d6a311fda919372a4a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    57dd699c5642bc01a505f33822236750

    SHA1

    d56952838670a1c1e23382d755a49fe5060ebe8b

    SHA256

    2d52936a34ce590b2607053fb9cf849d834255267302000230ac4e9038c6e6df

    SHA512

    e361f1e09c35b976b43739d4e88b8dd71706509d817870e2965ea9105b7a491d12739c809b858d08217b90af7be7b50f02feff5fb0b54cd95a12c23818cc8be0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    958bbc210a579e45a159a54f954e0d11

    SHA1

    748ca288e8f619a944530c1eae546d48885b9927

    SHA256

    0b4fde03140a8eff289d591e9797c0fa3b1edc3646f228b133d5c26010a6b96c

    SHA512

    2a53007f6752b36902fa1c9897287ef555cd9d5c34a580c1f94373745b189aa16b3592ee96d7fcf8f25e1ec1fdda894e9944b65b7bc1c8b1c5956ad522442ca5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bf23cef79b5986c4cc83140a3f0fa214

    SHA1

    055f4a721826472de2f2fafbe14146c23550c131

    SHA256

    ffb0aff01c8f1d687379b2f6c18ade793a8f23fb3cff60081332e1e5b35e5f29

    SHA512

    1b71aa6283ec049f202a1d1bc162da95c8b04e46f9799ea1db3a5eef4eeaba1ed0d4ef8664d2b90c0ffbed8fd084f8343dd2bc9d362895f7eef840b02ffdbed7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f026f719dda1cd6d61d7dbfb25204000

    SHA1

    dbd61be78b90a1dfe5d224da2966e8d5f351b7e6

    SHA256

    310fd3b8cb6157f825ed9125eea660e628775b5c2f2aba29c231460c8d900097

    SHA512

    3f97f519d60a84644aa784deef4dc8a276a08556a7d9f419c385974a4b789395ed363636b266db344e5bd4989093f2eec7a09fa33b3a973126d9adbef88f11dd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c1f33c3f824fa9f256cb69ae6e673178

    SHA1

    09fb63c5dcc4bc69e23c67d2ad37add5ac4bd6ae

    SHA256

    3a3b7ebb5ae3aaea05b8e02199c38a592c56299fdbd4ae06a487df61eb5bfaac

    SHA512

    adfea4346c76178511b806e15ee44e4613666074ee4893cd314f73fc19746d3afa36afd144c1d304beea53714748eb9f9746450bfeb8496f6b1bee0a39056527

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9e6598f843d1bf7b8ccadb4113d54250

    SHA1

    0732714effcd6b1814ca3bfa54a3f0ebf4f0383b

    SHA256

    d22e7c7adbf18ee045dd801c5d86eb6c1f2cebb1d06cd4b0073ad82dc04dfefc

    SHA512

    ea31fbbcb8ee0b5ec9b63b8f6c22af7e2151f5bb7e2c04699b1817ee578fda1251416399023bc9c0a058d2cbb397e753df919777b5ba0b7e58e9da513032340f

  • C:\Users\Admin\AppData\Local\Temp\CabAA37.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\TarAB09.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a