Analysis

  • max time kernel
    117s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27/05/2024, 11:40

General

  • Target

    MoneyTransBillQSvc.html

  • Size

    4KB

  • MD5

    5a59ee43e8e779b21595870a9a51a0c7

  • SHA1

    097551424ca593a619abe935ff212d276fda487e

  • SHA256

    39c7794117655deb84c2d6c5a761570715cdbc90973c1bac8d85f6bc5de66a3d

  • SHA512

    df626a2fb4a46c2c9f9dcdbaf7369a52313bed2a3f202fd6da1cb708f0cd44be45d5f682295e9078a4efe7c74f55692343cac1621b1470f8511cc230c1a1238f

  • SSDEEP

    96:oSTJBHBJDJgJLJpcJhCJz+aCJzkvJd1JzUJcJzLJgLHXrcCFREyRUswvL:oSFNVM9OAOUdDs4JAH79ny

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\MoneyTransBillQSvc.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1524
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1524 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2144

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

          Filesize

          68KB

          MD5

          29f65ba8e88c063813cc50a4ea544e93

          SHA1

          05a7040d5c127e68c25d81cc51271ffb8bef3568

          SHA256

          1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

          SHA512

          e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          2935c74ed3fd3b5daf5de867ca331e62

          SHA1

          8bcf657da3962d408970e6cd918a8a5285a88782

          SHA256

          6879b4d10c0b63c7231df15706ef6a4efe4658b76be3bfa68156c335d8a9bbf6

          SHA512

          5b8b5d3a8a2c850487e4021431a4206256f6474f97aeb3b7157fc99eec0c4a3ba7d745389420361a188a0d1472d541e08e56f69d1f1dd2bb2db3e6bd58250ee8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          f37b7aaa2a845dd6a8f078d3247f175b

          SHA1

          94821b493d123acb7da5895c7e8a53e06fc58e6a

          SHA256

          52697081b7300e2318a53ece84a059fae4effb106774a5bfdb71027775c69be7

          SHA512

          6604a49721ca0907d49e2a80c3525b17298b3908de6a2421ffc474c9e4036b748c13a5d5bfea3f8176b02018dabb05a47640fb2c79a0c143c8bc792362e72f5b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          41204d3220cabdc9a93fdb37fbd21e32

          SHA1

          f68e7dd06ec5af71a1f10fc5db7f29c785c38f70

          SHA256

          f773354eb7e3e57e7633e0430514978491cd4808a9faff786c9b574b29ccddec

          SHA512

          f9b8f20fc10e9b49149c1a172ec480453a216e2e6521b5acacff9a957999cb9be9e1e2cc0d81869e4dea56c1d4b84e3469f43f31bb949220e0ce74c4e31a289b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          61b3635285200ca5237dddd1241481bb

          SHA1

          f08b3219877ef4d38a91a3a7ca3cdf7701845ddf

          SHA256

          a091e628789f6d79775481351ce8a538ec5cede89b9d5bd163907c8c82882146

          SHA512

          99f536530ceee37c8175c4071cb024fe2c4f0d08e42ea41a7d3052defeb64e0408041e9eaf9d453a15e79b4a2ff3dd83543dc74e9bd788d71234d64688452687

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          c2dcca746f81908d99c5aa63e1f86c63

          SHA1

          57a8294902069d5d01959540ffb021d5ebfec15e

          SHA256

          bfdadbf7a6328d4f7956bc4101f7cef080556aa04517d2b40c9c6516f9ee63a3

          SHA512

          6405442ace04cba7dffd3e493267f0a7823161ac83f8cf9765027d6c0a393c9abe4ce10d654ba6b011f080fcb9efb69e19b5ec0eb9f156b15da89d14ca34e16f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          0d4464f93a9c0e5053fbfe05fb89e352

          SHA1

          a20e1c43544e64443272c3344269fc310080d9a9

          SHA256

          386d192b59e8697f7dba1ade188598032df475f9377229f472ca021ad71d5a65

          SHA512

          56e43aebba02ea9eb1408e66ee70c235b85745f9d97729b61703d44513823c6f9be092ba64e27eb4d12dbce83300a0422fd966bad3086a8a7bc319cd4ae9d2a1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          76cd36c1e3cbbf521ff7951d747d9110

          SHA1

          08178c365f40d516c1392600aa31669ff16e7c51

          SHA256

          7ff2a29a0f14357af5f9d6a37fbf58486522de0ac0e032bba6b8744409c0fac2

          SHA512

          91def958b7d1ba038b1c0137221a961abd0d7aa483908e5bfa7c9a25d0d156f72fba17d3fff988fa00b93fd85c4656304ca1b7c1fece513a14dfcc4d270453a6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          5261d542dc7a3ef2d1fe2c9405c5e044

          SHA1

          f6962a13da9cf8244e6f2aef8ceada625a69d79a

          SHA256

          0ccf473ca5869c9276063238935a32cc63ee9d02026a23fa83052dbf6e9c1d45

          SHA512

          88a47dce2c88c3f7a4599b52fc2ce80e7c20243f8fa9c5f128c7bea18e6e4639cf8c23664b811c92916d485be5c871f33e0a49ae8aedb98774767cb7ea656cdd

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          af969bd174fe5918a47aa0ade7f9eed4

          SHA1

          a7b16b2adc9930a1dbe07109dbb30a1cc31f549c

          SHA256

          14058664ab96c26a5e9b2b57619cb8f4feca5e43b277a7d7991ab3a7bb46dcef

          SHA512

          cd7fb22c61cceb5d3a8986eecacb6041fb53ab74a3435a293d29af2c88a88ab784618657b6f7e892e4d777ea05482e765f922443978a91625ec7474517457816

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          235f91bce5d7eecd81aa93587e4057cc

          SHA1

          5300cfcc30500ea0d848be169fd6e4cd0d5bd0b8

          SHA256

          f6e20d1df7ef724dc8934d03f04cf5dd61c6e289cd3fadd638ba83ff9989eea1

          SHA512

          81e497e901059cb0d7993b51b31b3e165fc7bf676b0c5d66cc7aa49b76b2ef22d3121a1f06103aa20b08c773cbb551a883c7980544a1826e95a35da071e5bc71

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          a87ae9da652265459e3eca6c060d1cfd

          SHA1

          5517d81987bfe314774394c5f8d2c100fe3125f5

          SHA256

          0ec19f3c2ac12b57c29272a890f9516ea048bd03ef6da8d802be419a8b013e73

          SHA512

          42aaa3d3ffa8f146eb400a2cd66f522038ecf5052a2de2546311c3b13d90dde4c481a0b5472e6920230457f52cf51017790c11f667d7095b581b7963c2eaabf4

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          a87fd1e74046a7532d820f8914907004

          SHA1

          87d94e61e1d67e7c22fdc4d66cd2e4f57647f08f

          SHA256

          e03faed208fe57c6a50112edefa776e39ac9761b6a8c4e91124a0af7b2d02355

          SHA512

          eaf27a8982a3f6fd34dee5be134e345fb36fd0f854871c6b385852581e650489e2f20668065c7c666da3f676aaed6ba4648b6bab9ed8635d8fdea035ee091f20

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          323c271e28af518c03bf2ef968544043

          SHA1

          7c69d50d8e4214473acaf3d8e91b7145afe7e1f7

          SHA256

          ceb83569e834d0fd78c3123264c96ddd678604a05f4c60c91dd34370f33050bd

          SHA512

          e53b450192111b8c5f7994b9cb98af92437d53a6c30a6d71328c815dfabc49d6fdf3c88e9afeeb24f84dccf78709e7ea160b50eb64a3cd16d0d95160609977af

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          1c969e462530761a6d59bfdfabb76398

          SHA1

          fdbc36ae881aba8994cd2761444fa8eba4ba6b56

          SHA256

          dcd2f3bc6579ce4bfda5731c6647a86b748e2b8e9903c5bbd924c2d2145834da

          SHA512

          49d4ae0ac3d11ebbe7d378631a51604233c543faf9c6e5fd15b91989a124867fc0163645d350db86be7a54623598c627ea5bd0bb2d6271d7b93977527ba3ecf6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          72add50fcb9148d4869c91aa7f5b3f20

          SHA1

          e92f805e94f7abaea534253e54c8537bf6f10b1a

          SHA256

          214572e918937757c7a7c1d27817eaf2712783e1d90d2a627f3462faca8da94b

          SHA512

          5942db073e63a2307ef1a81cbd9623165b28ef98f10ea431e7eabed70d629d42ae2b34565edcd91e8802c0c76328202ce7b5ec917ab245e90a311f42e1b9344b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          df8812cf8122fb080181dd2aae5ec3e8

          SHA1

          7394b06022cf06eb16c2a0806fb15eed32c10506

          SHA256

          3ee6e49d955a884fbf3b3ec2f420459cc3e442eb363b788658ec03b9fd4dd655

          SHA512

          4ae5f861589436791c65d996770d6f46858d670628b076faa9be1b5b687a94648e9a9865d5b16b2b31bc619dc37977f98f487d0bd946e1ed3e087b5c59d92c3d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          d87282b388e46798bbf8921a99d5ad43

          SHA1

          946dd3d603def3fe67cd6313f2379981c5d3f701

          SHA256

          b6df8db62c55248df31cbf64ead1024b55b5d5be3742130725704bdb21c60d85

          SHA512

          29b80c94053bc617e63bcd34a88c1f9f65e09b1332d8bafd12aeae2be6fbf27eacec198fedc88c2ec4a831d8f3c99ebec56529e0301f441f3246744360d53b22

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          62cae1ae0aae2d00a5d4902495932eae

          SHA1

          f7c2846b6f426bc5861eb64d546b8c6459419760

          SHA256

          8b6679c59afdcd245f014d352316daac41337e90be30578d79f71826458fe69f

          SHA512

          4822a63958dfd087a9475e71910b7d84eca387b4d17cc54abc1e6441e8d95a457208df0770aa0edbfe0848eebc6281d3431a0214b9cbaebf49cc2798d65d140e

        • C:\Users\Admin\AppData\Local\Temp\Cab934B.tmp

          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

        • C:\Users\Admin\AppData\Local\Temp\Tar95F3.tmp

          Filesize

          177KB

          MD5

          435a9ac180383f9fa094131b173a2f7b

          SHA1

          76944ea657a9db94f9a4bef38f88c46ed4166983

          SHA256

          67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

          SHA512

          1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a