Analysis

  • max time kernel
    132s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    20-06-2024 03:23

General

  • Target

    Upload/admin/backups/index.html

  • Size

    67B

  • MD5

    4ac6b6b331d2f08e1fc4c1288c08434b

  • SHA1

    e1adffd167c5dda32a9a65e4cbe6ebe35ec146f2

  • SHA256

    447867ede78c98c9cbbfb858803380b9e89a9cb865e9d1e058b91e023a067d7f

  • SHA512

    134a9b48ebd9afb6f88a0ba8398879aeac923e30731619547fede4ee5308b03e1ef9adef2eb5c67a3fea71079861cd37318680d7b592c66ee88923972051b8c0

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Upload\admin\backups\index.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2392
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2392 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2652

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7ea7c5a13174d17090bae83301672520

    SHA1

    326b4414809fb2b2dd05a6678d06aecc6e4f14e9

    SHA256

    698081c3069eabe5b65c9eaf226452a059fbccf60f97ea39fa61a98c6da61196

    SHA512

    df6d0409be41e53e39591ad9188ccd13b94bf97f071cd9a3c1fd081e501de5c6deb5cf5983777efa96ed16ec5d69e983a5b16fcfdf585abb5093be0a8b5ac68e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    278452189bd23db10af5c7a5cc465026

    SHA1

    51e3082821cee93647b601f06661a8125162e372

    SHA256

    3bd85d8cc5b310662e50f1cbd5960e752c391e35b8e53fe00ebd2d1ccea5aab2

    SHA512

    673d348f6567f5f555c6eee14ef79de4a138f9cc3f44db27849983aaca7c9698de2eaab26f077f9aa961b21a91950ba1a725b0e65135f1073cc765913cb05b6f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5d4b34294ee3279e2c855da800bfc9c8

    SHA1

    076847434bb167d70b6f388f4f7778a6845fe6cb

    SHA256

    25843a9c89bffd6f08861a747b04f036b5e8632614b4afbbf15902a313576558

    SHA512

    29f42e16d8e0079192f312d302be683daee35a2f08b4fc3672f7bab417a0338e0ff78e6fb3293f079a110f7041ce8185a04ee9e562738f2d079dad4bacb0ccbd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    59cbde87fd588350f6f2edf95dab6868

    SHA1

    eb5da22f4805eaac64b501c192d4905d92daba75

    SHA256

    bf6f3885ce4956d02740811853ccd4223a76aa4ad0c8fa0fee83ecc42cbcfc54

    SHA512

    3d65a3c24896906d18ee5c3c1e123d67a1378c5f04b804ba56786345915afcf7c41278da4c6995cb49c8232fc8b290d7ab0cb03609b29342c2ef0c31f68d2481

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7e7e33e7f8baecedfaa8865fc678bdf6

    SHA1

    d0e8022bda8f15380f5f7d5939e1e440a7bd610c

    SHA256

    975d14b9206a78e02f8fd046a050c7e67580c38755e26cd85311907323918518

    SHA512

    d8d6b50b13de2a8c74dd0635f9ee9ad557cdfb695e6c722577383dfd24263ee960d3a58a64f8b28bfbd7f09d59f2dcf9674ee680ffa7371ffbe4214d05191651

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fe69c0bfc91cb47e48961b89171c9033

    SHA1

    19c0038000eac445f6216a6ad723118d4286497b

    SHA256

    afca5db120c5feeac8cd3902aa965037a6188b01fa8720b2dc3c3060017ee26f

    SHA512

    e6291a9a1a5e00194f80259bd02410d29c5aad6793c370bb9de8c9bfd3dca15c24e213ff44c9bf7db5339f1b54e40c90f0a14cb10f13a98120355e096fa89748

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ef834189a9733defb630da13c4a270d2

    SHA1

    6b2c8b15ad2515017512742de51c81735331f550

    SHA256

    0d54c5d4cef7a84ac95f19ad81f717d8b238e2c873b96e1a365e3a2b9fb0d55d

    SHA512

    a10eb9a016ec62de380a88231dc5cc56061e774900a0caa4ac745f78efae381e8e442a2e06f0c18f5d860647ac6eac98613330d1f10a83a40e0cd576f496fac2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a67076fb44c886ce3bab9267aa142537

    SHA1

    5581aa17e2fb11962924c839b0dd5a275c46f43f

    SHA256

    92429f4e5a5a7d066b2a3853e670adf59dca52a25a4fd918ecb5f5f63246ee8d

    SHA512

    57b2c5c754ac1a46ba969ed799a14df579fa34903625fae48e6d715380cf456c9b77f3a51134228af26ff189a6e67a8e251f82884f324bdf71c58ec0b77b624b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0453b7944ca9e5a34aa6bb8994cdf39c

    SHA1

    bf520c7128f867e08cf9714140a976d4fe304f44

    SHA256

    5655fee11042ec0f51ff71f263f2d86ebc7319ffaf427734d6098259732ecf88

    SHA512

    6abb285b396157f504ce6c07aa247cb9baae407c3210e687be26c395f57101f10ae251e1a3889b635c51f378459a83d66a3d0974331865b17ef91d3014824797

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6d36881483a67f8381298acef967c4fa

    SHA1

    aba6fc5a0c3a50bc30056a6d494991e8a023638d

    SHA256

    9606c8a61582fa72b6bf19881413cfccf4cee556815133a876b6622571f0be8a

    SHA512

    2368456e9b9c5c6624657f71941227756280a15c54e0a00164b325bedbb58f823770084b3bd435081c7f00805c97a9fd9b9bce7ef3971970555b304ba4888278

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    12a265bfd3d70fabff6e4cafd1fd8dec

    SHA1

    82d2eff090fcad9467f611d43caa00ce379c9cee

    SHA256

    6e64e03066f1c23e8120d9913a57a06b757aa019bf1afab3ed82354a2aa9dc4d

    SHA512

    82e77d62686bf7de7e359043eba7071bec1bec58023689bd4d320787daa3c1fde8d4ae3cd28ff582315f38bfb8a7d566d563fe827976886057df9fb7ea9457d3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3f4177a6be0f322c7b0ee3e32f0c3680

    SHA1

    f3d4149f6e1d9a653781db6abe1a6e0ee4cd3d0a

    SHA256

    86a91aacb29c4d50dc84b2a1b04bac611aacea4757becd75eb3c3b029ba40e67

    SHA512

    a53c52fb62b5a4109cda80a4fd8f41abe9d425ca394bdbc54fbd64e5f8ba6cb3ffdf1b02a2b10b15cafed6dfb8965620704a882e0eea362e37eb48a6afa95380

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2a7481a3e500df8b52a602693defe7dc

    SHA1

    8e8125928197916688d4fa27de143e28be6d5807

    SHA256

    3f33fc08c809e382d20667d5d12bf954c326f2fce2ac56f633b0de22537eda71

    SHA512

    c8195be156574cbf228bb827650a7bb05e167329cf30c15c70808deb954ff0eb34f6f5ca10855dd64707ae30a602110a48bb7146c2592833b2c6028273c25a58

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bbf03b85eb2ca9b4f20c34a3c9b5ec9d

    SHA1

    30225081fa972ffc33df5472f93a449e2fac5ee0

    SHA256

    698975202ecd7bf8ebb4e5c7bef963fa6d53986a21d9df9ce2c2e9d28c136a14

    SHA512

    2d1e46eaffe1a87f98cef860851fba0f460620d6d6545b3ce2a6d587bc2d1d03fffe42bb7e678190ec0af66976fb25f5c98a0d311bdee72d5b83e931b4f700ce

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3da5635f70f5e57fcc52e2f93055604e

    SHA1

    77e6192c3d12b3252e47c741b58664f97a795d8d

    SHA256

    5a389ab36242c9f4017fd66cc9e706474dc5b44308dfd37c161e5a4c65f5e845

    SHA512

    eafb0669cb865435b7a4764ba21d01328a9aad27253703b10db0ec1012633b6217dc929fd07b03d5aaa0362feb0992adf1406751db7ab11d70b521ddb828868a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e3f99e2804148fc3fa3d25d5169117e2

    SHA1

    b4754c31d435d7740fee2232cb05ecfd370a2899

    SHA256

    4c3a0c19275c86e9fe00b88f620858d7eee7bf04abe148b00d020e0c98e64888

    SHA512

    77d98edcd3a6117b23ae28f33abc287fc20272150e25a3e0c15c9030335fcfda85950fdde54d4cd7271279fb1f96f225f7a88c949b5a53f1012027a9e1242cbf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b9c49919903290fd6f22cfa63e514243

    SHA1

    fb462bc99341e8dcaec34abbfef3bb92eabc7efa

    SHA256

    f3bedf695055bc94f5179390fc749d0f92de0d27d2f0c16d935e5f83ab4a4d3c

    SHA512

    d0d0cc5fe6584ce39c876843ff910c3b56336ace035a0a4e64408944cae43f5f5c6aaf6c97e7a2739ec3eaab386f53f454a0318592b81006ddb91a48d823de29

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    54f44b15c43d9125b7e9e669bb465aad

    SHA1

    1d247b0bb57a009afa26a1670cf65174a783d082

    SHA256

    e6df2a50b6927164e8a0fafd7a199653908461811c94a1de31d037987520708f

    SHA512

    43d0cc5b130b7d73e259ed7c4e06fcf76e5d071c4627490f3206abbb175dbce13f2ab511b742fc31e836dfd1559fcabaefcd59f51d407aad90d5c6d55fb8f539

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7dca38370ef17f9229b1c1ecdd90c654

    SHA1

    8b0c59e2ec6859495f67db15e88f4ba278acd469

    SHA256

    34f7d9f5a940f908aedb57bb1337837e12c2c7b1b879d8d095f225e462cd9a03

    SHA512

    a6f1e5422749b7d7f0fa63165e5a51a569ca103becdbf25f637c5e649c7fde32555c06fe81ed712acac02578b22f971393f2c61814dcb0dd320d11340f70db65

  • C:\Users\Admin\AppData\Local\Temp\Cab2C31.tmp

    Filesize

    67KB

    MD5

    2d3dcf90f6c99f47e7593ea250c9e749

    SHA1

    51be82be4a272669983313565b4940d4b1385237

    SHA256

    8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

    SHA512

    9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

  • C:\Users\Admin\AppData\Local\Temp\Tar2CD5.tmp

    Filesize

    160KB

    MD5

    7186ad693b8ad9444401bd9bcd2217c2

    SHA1

    5c28ca10a650f6026b0df4737078fa4197f3bac1

    SHA256

    9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

    SHA512

    135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b