Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12/06/2024, 15:11

General

  • Target

    MXe9aGVz.html

  • Size

    11KB

  • MD5

    19a4f5701266aa16dd98333710b9be7e

  • SHA1

    72d97ba292b35d6d48448007f1da72d0364f2cd5

  • SHA256

    b5e6dc47fd7476e15b172e6314c9d637afa56aaf7dab04367530497567c02832

  • SHA512

    e54979feb04f7932358b1b54ade28cbb0204a177e04db046f605dbf6f8f08ebba037e8047983c5480917bcfcab41d25162cc16173a610a756534b1e64efab4b7

  • SSDEEP

    96:qwbwowUVU1rJbK1jEQwK1c5vIQzHzGzQOfRr8LP26e5hNvtdLXe5GaZfT0g4/eyW:dMnUVSVK12K1kwRr88lu39n4G3INnx/0

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 45 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\MXe9aGVz.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1216
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:406540 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2060
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:406548 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1628
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2084

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      79b30f1480e824d8ac1ab4354cb648b3

      SHA1

      9fbc54a5cc10efed47f8fc81fe0c377f854d20bf

      SHA256

      1cb54a26d539b58a9aea280338725926bb6e18f6228cc20f533bd0bbf422cb4f

      SHA512

      46c4f7e713b1b8000d8827ab3fe3ef57a21824743b8aeba8c76221760443de0034ec4bcdfbe39ee6a1915419530e80f3de05f6f0f9e7756df55716616790ea94

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      488ba3430e6273d75d5d50f3ebf041c2

      SHA1

      b85684e902fd3a5f9705fd44b578ac32edb21a3e

      SHA256

      edd065ae587d5e7f63a00c25f2e2c51b085ed39fc5a2bcf9bec91d8d804663a7

      SHA512

      d64dcbd9d852456328fa58fd014261bcdb8ef549848316d82a14e887d178b7b76dd70fa661165bb2de9c3870b0b4274a911d1329d943757d984c21a8e9671a78

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      99e46816ee830b105af75efc69007fae

      SHA1

      b91c3f11c984fc6042d486f76b7e2cf29012c5da

      SHA256

      d537a39bc3f9e96fe2ff73194c29be002937e21e5db98a9c921bf674e40c98a2

      SHA512

      0d054d3c1d875ac54e54b294362b66aaaa9c28ec19ff0e03224045f99e630798eb559bc8b574dca6e39e1ef3cb4710f849f7434c9cacbb172ddce366afa5ac02

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4b96314d6ec0a03a3016479029100dfe

      SHA1

      0a20b18abb6e9ce3f52d48c827646df28b38bd8e

      SHA256

      ecd03724638563facc6434fb3bf041db9c9ed583cbd66dabcd1241780c31016f

      SHA512

      376ec70309454e1ed8cc8972b4cec2bad3208980fc9d97b83dc480da6ffabfacf1ea992d9eec82d55e2518880334a40f985df5af887ec12c522909a2e0fff917

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      898b5776857e486ac191de773046cc86

      SHA1

      38b88819f7924c370fa499895c51afe6cb940cd9

      SHA256

      4e75f8c589f2cdfb2c972ba1531cc9f7a3660885cdfbf4c5c35d4f9f239b793f

      SHA512

      a1032bf5ccc6c21d4d91a2b527a50bd1fc33354d2fc0858c96f0599ec59bead566692c022ae810ec21ff4d2593095b64f73494126aeba50c91b8b1db821fbdf9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c965a552f6e24559ec6cbc6aba6b7406

      SHA1

      d90a9c1a36b52026b38a5952a5c2b966354b589e

      SHA256

      0034d3fa1743f1c50234c6ed1ef8ee3e7fa4bfe7ee17c4f3efca80cd216db052

      SHA512

      573c6ffada4abe43d8b7f47d0400c94df9d40c600f24e07cad1174a266fc4437994fc092d9ce72e663564601d2e3e61419afc6d73679e01d90ab1813d7c16ef3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      198e5eb4375bd89ee54188489a34e1bf

      SHA1

      481b3a07175aac2941a5a964b61cc161730e8e14

      SHA256

      6a9113cb57057b847ce020b7452edc744d2be22a57e9788391548a6424dabf4f

      SHA512

      01f9a2e172ea11f15c73b0db03fd0ebb669fe83c98474dc80205fab27912efec5912cbf5e3a673114ec678b12ee2b4b5d109ecb885fa5ee644f2e8bdb0c9b0de

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d747210f3e5a068456a56dd7336cb269

      SHA1

      92371363abde50b0502a11b33e48574062f7acab

      SHA256

      a69c123bcc83d8f1824805838aaa71637cd6b5cd62cf9f124ebcfaf4a488e761

      SHA512

      8cecc3d6fc73b0fb01cf3ea047561c56e39d09e43e3158d25d1e13ad295e2ed1ea7099ca2d562ead1ebe67e8508bde8d979435e540935e465bf7cf818d80b97d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      fb04cd4f1cac7a68e786c0f2b089dac8

      SHA1

      745d19817ec5647958131c2ed85988d222990195

      SHA256

      308d4b675f99801a00196d0abf9b45b8794a5f6cdef3c231d7ad4ca59328bfa4

      SHA512

      d3431059239e868b3bd0bfbf18bff303d638ef6eb82f707017ec2516110d11b9d4bef45486672b72377aa76bb64ea7adb6d4901444c0a6a39d2f7d55646a6ef1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e8e8738b3854f4d92cb003a5fccb9dcb

      SHA1

      953956596045a4eed0f4eb88eb9cf16df0b247ef

      SHA256

      6d11e6be418d9f4878239760c92839772578811f2917069a32b480fcbbdfcfc3

      SHA512

      084716df91702942102249b397bad251eb98da342908c60a6d4a47efb53ef2d09338d0acf617086c5a90e14185c31935b7550a3dec6705297cbb4ab91224dec1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8b70906401eaced5ec974f5cf73f0a8a

      SHA1

      8240968ef90baca9d0997471c3bfe1873bf575db

      SHA256

      6f77a981741a7d2623210ce3c5c59f4268f288d09028f7cd2555b772517bd839

      SHA512

      f06d17096c9973b745e7b5dbf3053f3c50104cec629ddeb2ef1837160e5519cfe0f28eff922aba80b8355f72ae4ba9b1c2c2956a3b99cd04d4e94dcf3642ee6d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9e2c599d3bb2f4aed92bae8e7d4fbb83

      SHA1

      f05ec824257fb5ac4f883c9d0cd47fd46e0d8011

      SHA256

      7f5df1d99750fdb5ac5c0781ae28d16997c22279a40b84f4454abacecf77649a

      SHA512

      01428a547c71225a33ab4f00d19a0c227b5da24ca6597d7c296136d150cc7bec35eedac01fd783dad8443eb0eb691bfa3f9a9bb70207435e3767eb067a3137a9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e0f8a92b23392358b2f1f8ff8d416e67

      SHA1

      de21f5f63cc3962b995f5ed8f4140e5e82e2205a

      SHA256

      ba56f791fd5cbc2940eedaa39ab1c9b77627836517df184f29d451039d8ed1b9

      SHA512

      54b0f206829f1d9650ccd4fa4a495dffc6e3a9cf62064b1d8ef8a921292961c31978f07443ab35297ec8d70371e027afeafd350ced00caecc46fb8cf8ed38a21

    • C:\Users\Admin\AppData\Local\Temp\Cab4423.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar4525.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • C:\Users\Admin\AppData\Local\Temp\~DFFFD530B180F3B625.TMP

      Filesize

      16KB

      MD5

      1da341b01bf7a0df89dc7d39e6052eda

      SHA1

      358c8ceea14726c11dd3f2a8b2ffe9150c485541

      SHA256

      c1190db2895edbc104ef328fd59aa742ea3044e83493d8f4ef70404f4ba8e5ca

      SHA512

      89eab4261d06853c14f52d72c028be652da8769bdde4889061171f5f52acc92570f49103cfbf4f695bdb4ad110dcccb02db0f564828e4db68cf532619c8e7587