Analysis

  • max time kernel
    121s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    03-06-2024 12:00

General

  • Target

    NedBank Statement.html

  • Size

    720KB

  • MD5

    7022e76bfe831b2791d3fc632748f48c

  • SHA1

    6ded1412a98bcc13a7dc57c9cb7efc16a8ece1d0

  • SHA256

    3597f8e0c8b101bed83ed89fb397c65bda14f09576e5481d8918a4bb26aedc27

  • SHA512

    b79efa8f2c53e1a4ff366ecb2869c83923f7a273fba538175ba8ea320140fedd718938ab03cc81a3b684af83c36bfbf43ba619fd4f77176b687025ace983c70e

  • SSDEEP

    1536:pTTIek9cuR/w2TnwJ+1bEDIA8WDfpyC9o0VgYUjuuNdysva1WGJtj9C3e5pTYIcX:M

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\NedBank Statement.html"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1192
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1192 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2920

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

    Filesize

    1KB

    MD5

    55540a230bdab55187a841cfe1aa1545

    SHA1

    363e4734f757bdeb89868efe94907774a327695e

    SHA256

    d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

    SHA512

    c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

    Filesize

    230B

    MD5

    1529a5ef7c121d822bbd35422203483e

    SHA1

    db3f84e477e3e5e2e4d3aed079d3d7a7fd496b68

    SHA256

    30f96577a4dcf33b80bab2b3c5324688a78d61a3889ac01a3dd85b39430a2c6e

    SHA512

    eb40a185455da927f4501fd6c11fac9571e2008e493e66faab9e3b058476b8bc21e76b87d6f9578114e06178a7d3296dc0588ab41c7fede84cbb5532d93fa2a7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e6efa901881a4142db05ff6d53576dcc

    SHA1

    a9ed717b5dfb84d087af0d1d2d43e9316f773a72

    SHA256

    8518f42cbd9dc32b7cba919cd31e96dc1562611d08bdec87ce9409aa1e6aa60e

    SHA512

    dd136164cf83adb5c7504e26e3178c904ca38a9d16976ace48c080ac3eae0827d295b02a167f8c46b53012bcea290312103b6c654f1d3da48274a9bf7897f50d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f12d2822be2ad515f2777a0aa83e3ea9

    SHA1

    c661e395e03b439ed753a8f0935ba438c666f027

    SHA256

    b520b31e6accaa97f9617036d09f246319f28d1a2c839da22e1b69f8202aa58b

    SHA512

    bac05cead2be54b3f5fb56644a8b3a53914fde2aec814d31cb1517d956b4f9719ecee2274f67f6efc54a97f3fef4b9a1c401199e1e5ac3761bca6ccbab9f3525

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7f74c257680a4690c6a3da1bc8bfc64f

    SHA1

    6ec6076cdf198e2190944a6d825ad58e46909dbb

    SHA256

    07fe74a1af0c87a660f7313fe3f4434a0effc9cd1f6391ab0afef8c28ba5a65f

    SHA512

    52c20d6bbb64ee6501c2f139028e8b22c432441d9952648abb3186ea574e3866ee4b008bf4a36e7152502c86a63dc2804baba7b4199d01a4b40fb9170aaf0f86

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    56ffc3a3edbb7ba2910a1d61cdb3436c

    SHA1

    fc2f7f6cbd17e557c9e2e7c3fcd90d69374607f8

    SHA256

    89d27a81a5ae4ac805e981802c2dd0ce63aeec82645736562688c26ff7378071

    SHA512

    4e2b74bd283136a035ed99d2d5adaa07180d40c4ee137ccd745f456262001ce5a7ff5f904b75d0d24802709063410d1f3623982e0568078131750d9a6a194f02

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5283f1868f02ee715797830a7bc097f2

    SHA1

    70f59f5a7a9fd30ecffea7e8dd2a2a029cf38869

    SHA256

    cf87c1c8b13f250a741659c656508cd2abe552c22fe93cdff914fc1af1c08989

    SHA512

    25fbd337fd22bb5b30abf5fa3ed537233924522bf776ffd18088645a75703cebf66426b451617dbf070991375528b8531db20ed276f371ce4b6a84a363bb878f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    34efed43e7145c5558d42dfd252984d3

    SHA1

    6d6b5d3492d7b7278e15308754f221cb472e75c6

    SHA256

    c81d65691753b78e591f8112b004d6ffd6df39105a2712bd8b660828ed2367c3

    SHA512

    1383ee41ca63ca3a282ce48b519d3ed78ea0010167907afe047a0fc270c92fae539b2e76e33c9eea49583ca3ad781d60e55f718e85afa4404743b167dfe2602c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bc755464d1c15442b5b90179c9b70aed

    SHA1

    3a3c63987a8aab21fffd7bd09dca4ceeea6fc79e

    SHA256

    d11f45245280e7f5f694415417ccb884ecc2022880124f507b581eedac803a3a

    SHA512

    036c1efe395f18078cb3e73a9b8b61941a61b14229d338f9ba70c856713a7704ec55d40f7370d6aa9e28d1cadd57862bc26a2e918a8db833d889bc0188dc54a2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f1739a9c5512849c31ff56b9c5e0e589

    SHA1

    c2704cce76cd8325a23a389c74109fea95a9c861

    SHA256

    e615d108bff44cca5e8b7dae9fde2818d557e481b5c68720367df363649197fb

    SHA512

    6813a84b9f78f8e57408256c8d871ec571fda783b2b566d9d25e4a5b0b1c727f0298051aa22139bbc21986e19368fceaa99489cb5b7880b54e2e96436638470c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8865aeb9d01d03d4de596f266a52d119

    SHA1

    6f5930e6594399dab7ba2c04edcc68a1e86b6cf2

    SHA256

    8937599a5ac7a36bbe1eabe8e37553c57455d8924fb3f403669f112810ff77e4

    SHA512

    d62b767c3c35059f78c0abcd152cbf034184697c82d8ab5e1cb6bfcb5b573763f6b8d1cb7ee16ee703c9aa3860a49128a8bf6e5191d4385343c1199766dc9f6d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9b822211e7029c1ea25a63bce6bd20a3

    SHA1

    df86778688a230e6d7f07bc1153ed668a3913bb9

    SHA256

    caf715547da89e21a4622d4e29bbff3f694365c22b67108972a5c26d577fc85c

    SHA512

    04ab0ce7a95d7f83df976a5784df47222dfe8ff90d52619fe274b206d5845f1073c1663fdd00c30be9d49a6a0d416cda3ff48e3abeb56d66db39676ff5f1794d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9d2ea89ea5846867beabe6e5fdfa9add

    SHA1

    e9bc74292269d33309aa359942e4ae05bcd1dd4f

    SHA256

    bbc42de0c134fdd7cfe4d84b31f672590aa6e7cc5b4d889e9ea412a537bf3a82

    SHA512

    5fc28b85bc52cc2dc69b6e389a37273c185f2c14bb077b33eb8082d7edeb4562326b6c19a203dfd770d8addddff03fdc2c2d09d23607675b64efb6a5e79c0c8a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4cf6379b1a229ec04fad10783e01929e

    SHA1

    eafd469fd5dc0f86898746dc0c24bee8ce859aae

    SHA256

    d0f0e74395213170e7067abfb6fc7dd89e92fc710241ad15031baab008974ae1

    SHA512

    ba3cb0a384c2a580eb6613ad15c30b89685f1dded8999db92ece1eca14fe08f9ea2ac89bcc90e878dd19a10e4a647d8be620f7cee9084facf870b6ad06061b44

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    033ae9a979341b23098c8620a71601ab

    SHA1

    57894173af147dcfae65e30fd5bb7cc6170219f9

    SHA256

    6017ea03d11eec27152df7024415388cddb3f4d5bd5c9bc81899e040b529c9cb

    SHA512

    00e642cdfd9dbfc1f4ca66d3e912aed94a9ebd63a79ce6524f319130f41eb7d6fbdec8694c07addaf81536ab5fd43b3500a2c54ba52ff15086bbdb6af9d0baf5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ef238538d3a3bc12ddb4192512be6bab

    SHA1

    99368c5f145a984a38d05e5ca75dccb6d03876a5

    SHA256

    638ef6a5a35cb26f975a51ec487d758e90056c8a633977f1f0b507dc2fbbd3e5

    SHA512

    ffc87c92bbe659c7debeab074589cc1756a18555d40b8d7fbdccd4fc444f61628babec384de51b76d319a98bb8512ab43c1aff25d620225b52faac4486a05563

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b26a9e7122bb380ffc5f77da7c2ebfc2

    SHA1

    789cc1c5baa5fff29ef266d7829f39ebfcbc6488

    SHA256

    b748ef181fe31f33014d2157eb20df7ba6a4028e49762298038ad676a4e4ee55

    SHA512

    fb9f232a7264f6376eb122ce33a7e6d6c0c2dbc3b1dc653f669b0cd791846386adf71974479f03aff4fa7270425725a132f8bb80dc75953a66bb14a8046408a3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    34138367a9ebb6039a50fac841a8f92a

    SHA1

    c813c60e827bbdd74431bedf794220164e82012d

    SHA256

    a350515b59a46aedfbe9d6e2c6dfc80efe246edd0c3b21358fd062b5543791f0

    SHA512

    2df5dd43c9c579f5f28910f92dc7b63f1a0b7bed8f39cc3d448b3ac46905b2d98cadca8f5922893bd236d141137d5ab33c9de93a8c2ed53b70886f181c95d933

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8c61d1708db615b25875d4700f72ff75

    SHA1

    5d935e2e3d1a540aab8e87553c92d846bc70ca3c

    SHA256

    82d142a7201bae3dc1fa8c8a156b602e84ab4dd807964e39c3ae536152cac51d

    SHA512

    675cc07fb16b13398528c10fa02f9fb5c5a386a6cf53ab8af2cc707e77ee7c3c79b92e516839970b84792545f725762f84ee1c3a1e7076748c6d25cc18640d91

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2ee66e527e8256b7410e914649b3827d

    SHA1

    d4b482f43d08a9939566967d4e8709b778ce33ed

    SHA256

    bd673437d517862414766f488f76699dd88b418712053b81373377d45b5097c1

    SHA512

    f6d14e57237df82ac0607e951ce9fed13c3978a6276785bbf15ad41aace60f939783a1cb3491bb8ea4530b9cbf613c0c1e6609757d685b080ff8bf9972944cf6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    38bf2a89645134ecc251a0ee77c55a6c

    SHA1

    f9a4b81e158dd44317d5bc967ef76f4fd2fe17c0

    SHA256

    a1d8b171872825e5754fbb6a1af91ad427e0e20fb4f1546493de62c46ebdd1cc

    SHA512

    dd509ca587f7189a3088012f314a5d634a92a58e90eefced4438972851da9a7d93aa7ae8c0c0378c29a1fb4df5982db3de4f28fede888d834541e9988f60e1f9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3c216c4fa5f4aaf94584808b9b71ca92

    SHA1

    5d4986c101928e039c78e3cb4aa076a20083f27d

    SHA256

    28477cd4c15f3a0cb361274648deb2322be1ca758e3d8eb91a3a042bda04ee02

    SHA512

    a66e25c077819b7717039800505ef2de7db13c17e815019527fda31638eb7a220673f21482d9340a8afb183948b9794ed2114ce44011d208399bd4c6bfbc8aef

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    088627db73f9baacf13164724476057d

    SHA1

    e0e8b50a58304737962c9c08ffcbbe5aaf094a9f

    SHA256

    8d6037a91f1f2df3f2f5d79585581f3dbc37af8005173cb942b70d49ca558ef2

    SHA512

    1c1843e8e7835ecf0f0e81c6ab52cdac9d9786ade2e2171e0eb09b45b394af7e0e0c566665249279a7472953231d3d46d358e556f1c2640937ca0fd6fdeb0438

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8d9ed8af19e6ab7e6cf46d633624f379

    SHA1

    267816f65793d0c6d7031325d057ae284f262403

    SHA256

    bc69f24431c614269fc3ebfe853de7045485406c22059c4a59bd64d91d743105

    SHA512

    92fc4116ab88dc309e4a0f6cae49a3a032a514d212c14ffc1448d052aebb2b415b95802cf57a17650838e74ce60194cfa4490b84e5c0c66e0d7505f299cc1a58

  • C:\Users\Admin\AppData\Local\Temp\Cab3554.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar3587.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

  • C:\Users\Admin\AppData\Local\Temp\Tar3619.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b