Analysis

  • max time kernel
    144s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    02/06/2024, 00:52

General

  • Target

    sample.html

  • Size

    213KB

  • MD5

    80bed4a24ef105bbc7c1499dc8fc78b3

  • SHA1

    9a688728aba11b02d1f81abb49ee8e6fc9b30dff

  • SHA256

    b867d0a2b46a77d2b6eb3893bd2f7b755495ec2cb090b6a47ee10a95f6a6d318

  • SHA512

    ad5a1531ae8707a6060960c3158305cf40ce4434fd957249faca217715a3670cab37f6d560a69052ac179d4204a47a0677dbb16260a20d7b79d50e3997da281b

  • SSDEEP

    3072:S91gRk6wsSHxm4Qs17rdD9NCSl99EJB5uijEz53upXAPw0Z74Ttrh+/yfkMY+BEu:Ss6pKsMYod+X3oI+YQ

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1724 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1936

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          da14f0a21171f3d04531ddd21d3046e7

          SHA1

          7eb9a03399cf58b6f1ff7870fa792049660735ce

          SHA256

          0a6a43250ec4680dcbce8d8e95a248e822d1f2b09eeeb246e32293c49931448e

          SHA512

          27c1625264f57c5f8a82295289c20caf867f267da97eba5b4854f5a7eaedd8be4aea1cd25a4397ece0ce5ab4b92b5edc7055f704f1e775be5b647b53f1cbf816

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d9b174f3c850d8a11952f5598307026f

          SHA1

          78ef069adb254809eb3f3d54af5f0ee2a8dcb00c

          SHA256

          a65eb3bc4438011f091301ed3d391ee62ae8614ef075e99798b47002881422fa

          SHA512

          e9334388f93c34fde48dc263cbe6952e74b5249517a8509e9d29308d70f704d2c83a3583bae8e2dbbc236393480a468ce878762dfdfbf5d7f382bb4eda732c44

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5a4504ccd26c5e0d9e35013907c15e74

          SHA1

          6abf74668d3cd2e8931bb3a3460ef262f0056b0d

          SHA256

          dd39f991355fe831b905ae214a9204b6ae7c60ad506e00129cf651eff96eb730

          SHA512

          5175e2674f84e73871a5a6bedbca215da03b6763e89867cdbadbd1620c2e8750e3395e240e986c85255fc4784468aea0ec63d7b6429296690c16a827384e14fc

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          078b0a57b63541214d8d8ee66f20648b

          SHA1

          a5a4f7ad50d7be2ace0619a5a37962cbd99ae133

          SHA256

          bf6ac6dd7c5ed0153c19f8da6d6585652148670c1a4e1c21fbcbd850c88e56e2

          SHA512

          b0c491b7e60f3afdcb6bdd77c90f379e2c2a0e4351fb452d4c59db033def59326c77466064b8c7b9b60724c37f422ef6166fa910cbf23b908f11fef2ade6003d

        • C:\Users\Admin\AppData\Local\Temp\Tar264D.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b