Analysis

  • max time kernel
    136s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 17:37

General

  • Target

    ??/img/????.html

  • Size

    5KB

  • MD5

    11d5034fb5ff7402f9316e9729c601ee

  • SHA1

    ca8f4b993bb6c2f31318c6dd322bb07056e44219

  • SHA256

    ac622232a8b7cbbc56b03d130b17d44cf14399a4d7287faf250d9a94f4733a3b

  • SHA512

    efa3e9792d4ea997976926dd73789ba52d9eef85890d23d5cfe35af6fc70b3475b0438d6f127aa613f91b60580c37c27565393e353e89a1bf530aa4389617bc0

  • SSDEEP

    96:QFMCS6ppWanKnwSjcV+i+n3DbLHAp1NlKLsL5MRposufvtpltjHl4/:QFpLWaKfje+i+3bHAp7lKf3

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\__\img\____.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2196
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2196 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CF14D1855652602540DFCFECD21854DB_54588CF5E8C00DAFF481CACC7AEEF6DA
    Filesize

    1KB

    MD5

    fd8db736cf5fbf00feb8e923f926743a

    SHA1

    5bf427bdff4e09ff5b117dee6e092a7a78363b3f

    SHA256

    f1d0d2f878d5cd7dbdfac3b4a8ab0cfb2167cd3c5495e101eb08fefc6b5ca310

    SHA512

    b6bda2753b8fc0eb40b493d0c67c5e187090bf22f97302e9f5dcdae56f24b6c48dc0312917dadbf3a576205f7629c8e028ed7a04df934190e46d2fd5965e7c97

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    7d0eb1ba20f17c83e4e5b6e36714e61f

    SHA1

    6cc98ccba092ea89378126efc02523fc05c26c83

    SHA256

    c96a6bd15d8e25c212ab99e869ab8787abd851f82524016aff8bf132ec581d09

    SHA512

    b1d796e3fbf10f83a4ee599742215ae9e0fefe8411a1a3f9857f0e71aa61c3ba9682d09e29b0ed2e35ef7c9aec56fcc7d80e1c0126d1007d62faead411c82173

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4451a78cd3c83f9c46e79a59aa607509

    SHA1

    c30891c97c3cc037550ef98cfcb3a35318c51a77

    SHA256

    87fa83a8765175e10d33e4172f7a65795afcc80a9387c2b8788dbba06b23506f

    SHA512

    f3ab26d6357fe4d237e8c67e6b3b72328b50a2f7541a04fefc47f0f30e30f39eeddf1eb96a89bb28f231aae17a2dc43072713743b291e9794110f3d440054c26

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a0661b7de37cf232662817dca2bd2173

    SHA1

    07054ce2af9a6f0f58731a7a4251d4af36da0224

    SHA256

    6e789868956127a4d781d7dd42d65672a093bf88ffd254888f49acc48d1d410f

    SHA512

    57d90f48379867cf2cf5cabcfe21c8a5a9d8c5cff70a08258143ad762c779b42d34894d3450ffbeb658361f5f452bf645725c15c9d608b0d86facbfa073359fa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    37ac536b7ecbfb36f24d05a263cab386

    SHA1

    e3b1355e4ccb78c4be020a2b7f2391008895f72d

    SHA256

    7945f0975044b0f21ab3230c5a2a833f3e7c231781e31434d8c87e385a443fbd

    SHA512

    e9e32eeda7c1c5fa9a6d34ff47f3a3dec6a7776036a93eb383d19d532d9071d5e63611f1f52594faca13aa05d7273ef1a810820d5cc2ef4a78b38a1eca78b747

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a748a577243129770616b1e4d0ca9232

    SHA1

    2c980223c582c71e7544f2ee202dc0c2a8dbcf40

    SHA256

    2beec67ffcca5a73a989781f982dcdad3c4b6381c16b0e5c083f188be31de2c3

    SHA512

    304e1f50bb86c2f2424504fc5494b7b0ed821b9880cb24b2c8b371b8f709578d01f282a58d790eef5680f502915e5a9e849972420e5c6b63dc718dbafde8102f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    224647551eb1bc761dbfb91ce01f7b6b

    SHA1

    6bb87e3ecbd52896bb4f6d25015d1348421fdff1

    SHA256

    26aabb4c2195165b6653292ed350b79f9c68dbc9451ffd92d9cb103ca0f193f8

    SHA512

    6a8786bc061a80ed6694386342896b90c88e1f9d190c784c45e2d7bd7499e9754dc3d319b520e00d49be8c5544a05e56937374d3f3469ac622d1b0b589df6482

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    76199cde15f81d952db1424a31bd987d

    SHA1

    de44910c35fd9d51eccbef04b8797540feeff0dc

    SHA256

    d12612baca1b4ab86998aabcab1a4add5b7f4c7410afa2a7591c24f99e6434b4

    SHA512

    035ae880c9c6034b545f44bed0c6e65f2da9639af3ec55b001c7397febaf45502f93e64177a33940940e03cba9677068d1f8fc34cbe1c83d976b178ad2d202a7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    374bc1f50eb128b5a91f9a439d23af98

    SHA1

    afc6eeab2da33237eac95a00d670ee9b1d6e8639

    SHA256

    9cded326552eff8b26d97908f1079671fb3209c2024e71b208f85a14902cb138

    SHA512

    7e0991f9dea9b546f926d4f508fac3c995d5ab5ecc93d82d7fc75016002bb2693b3fc364615976d753d316d631cba32db0529efb880022838c61ebc0d434dba2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0376a23d6de08bf11024ef01017474dd

    SHA1

    d349c361e80c7d0a16d55f2aa0fa3f708922b50d

    SHA256

    4976abe7dc4a2166210645680d429b2a3b21045fc00ec3ebfb1c5ad9de399149

    SHA512

    40e2b842a948c3a66c8cda48d47debb95710826687c58367c9e99ba3057043b8ec455056bb96db46e16eda6fe9a9a17bc92edab5544ed6e513f03ac6d18cccfa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a2a3cb8e8847ca333d7ebed991fb785

    SHA1

    754a23e853ae2a9d3b6498c26c4db3a87033a511

    SHA256

    7ec8f80e6ef29a2dbedb914db3fd1ea9e919d39f939bb3967232244b7a29fa94

    SHA512

    f931201cc2a0c3883c0063975a32912397e8c00b090f6bb7bb996cf7c8673ba5884b38594273d882754032a3b663fb7f5dade762a0cf613bc7caec564c76fa3b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CF14D1855652602540DFCFECD21854DB_54588CF5E8C00DAFF481CACC7AEEF6DA
    Filesize

    532B

    MD5

    b6f44daac0974e9897349cfaceea1867

    SHA1

    2924fa55a47e252eda0a5e3e58c0cdd0ebaa00f8

    SHA256

    b8cb2afdda9a025f7d9987c84c678e85bc9c5ed433fe563b6d041a75445a12f1

    SHA512

    781392a33e85a103a67b01ebed868274100ce890a00539ef52957a765c3eb4b75df9012cba365bd0e7f0c84520c52efd1e2bd76bc7d916fba76da182bd4a35aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    64d1d0f4506c35c50a7aed5d0e863541

    SHA1

    abce2f93673cfd090959af3d625b40c410e22d6c

    SHA256

    532bb3fa53dd372e21bcbbb02dc875c976b8d4f59a5d40cc5b855c4f2065ad51

    SHA512

    d1800da34b18021db28d0226d894d42bd3774c3dc1389199e40ff046bfda5b3c213c47522dc0b3b3c23c60b91752475076dea3e49cfa08d90c7345f655156a34

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LDWZUQ2F\cn.aliyun[1].xml
    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\LDWZUQ2F\cn.aliyun[1].xml
    Filesize

    202KB

    MD5

    a81c1df89d0af7837b65342ddd9d107c

    SHA1

    1cac27a986e972833dca63d59a6448ed01eb8b32

    SHA256

    fe510fe6953feff1419bda7a4bdc1c4e436abbdfec67166b420cc44d2dc8c55f

    SHA512

    56c7a7b61a308fd33f5fd1bd55d6ccdfc1cf4b7f6dd2f9ebf4bf421acc3c7a418318a3de8b00c92fdb4389698bbe1dc61439bf1c68bce8cb0a3131a4155b565e

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\3pl5scb\imagestore.dat
    Filesize

    4KB

    MD5

    9061448fa4663fa71df50bc338684393

    SHA1

    ec327a48c73cf0ecf1df27b3a65f42fefe437ca0

    SHA256

    a8984883c0dadcf2d5c9dc79d49c979e1f980acffc11363c8c5776e2f79b97eb

    SHA512

    fa7dbe94a6260c9602ee7bb42b0b11a1ca6ee75d103e4b5f9affa10dde1e46a545c5d0231f0266bfc9f702157da329c352f72e893d6511ee35cdc8cada365a65

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\TB1_ZXuNcfpK1RjSZFOXXa6nFXa-32-32[1].ico
    Filesize

    4KB

    MD5

    35887422cee44083ae6e90dff5ad6588

    SHA1

    e182d751ee75ca6db9305b3d875177d86968ce7a

    SHA256

    a79cc4c0c10ae94fb5d6a56daf3f187b869e32f20a5bba1eaddad36ac3e21328

    SHA512

    b7c85488e64c59f3b0319939b7eb258f9ba8572fcc7327e9b1dc97f677fecf98a1f1591626fd014b9dc7508e20bd63cc1a5718e14f22caabaae68bd679194bef

  • C:\Users\Admin\AppData\Local\Temp\CabC9E7.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\TarC9E6.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

  • C:\Users\Admin\AppData\Local\Temp\TarCB07.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b