Analysis

  • max time kernel
    144s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    25-06-2024 11:59

General

  • Target

    netw_ali/fin/126/source/126.html

  • Size

    32KB

  • MD5

    e376cb95748c634460d334486dcb193b

  • SHA1

    fb7329acdcf5c1854d41df6b9bcbd4caddc52cc0

  • SHA256

    8394c3de8f162457d9722ee7258a93391c2eebcb1cbce3a54dce04c1422486b1

  • SHA512

    3871c6703f803f8b5e7e56e87b87fd59661888c7643d7f3e8fd4a8f96dd8f0a467de948d2ebb2f93a337db224a009dc753d88221c362a1109f1f40b1cff3cdfa

  • SSDEEP

    384:q0Up/D1SDFVmVs9lz/DHgYm/DA4Cl4pSr1AF3j8KLk4nwqUCxg19hlr79wHHxk7r:q1DhVs7YF8g3FFUCGxlroHx1dM4211

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\netw_ali\fin\126\source\126.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2848
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2848 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2988

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    aa3af5d1a102de2a217feaf27714ac44

    SHA1

    5a9e41a2b6203277072fe0f07cba03e5e96fe823

    SHA256

    64a5fe9f940e10213cf3236c2132fb6fa7db3ce6886f773d8302cca2314304a5

    SHA512

    00300878d34b265f3c5e1a2bd69e3f320e9be83ae4e1ffba9de7a41cc621555a12804969a019d175d47828df990621fbb81c570398ceb8394388683b47a8975a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    439f8bdcd283ff48590d76bf98d3b841

    SHA1

    126193c9dbe49eed60eb13c635a30ba8c49857b6

    SHA256

    71870d6f00459f166324ff88279d5bfa8deef939facb489455b2283e489a26a9

    SHA512

    18c41afd8ff15f6d8fe893a76750098261ae4496cd6fb9d3b2a94310b30033f6d768c0e3f5e7af59ce42b81e7c9da586b2687a8d70b31d24090f765d73f548ac

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6b797bce981a3d8756e286bfa39e9aff

    SHA1

    76c12e2c700a4e961bbe159bd6de0aa517ea2bd8

    SHA256

    bcf15a1343a13a8964ab48da87742e4af7d50e4d546618f91ee74da78277ee1a

    SHA512

    e6d1c4ed67339264ad517e663f0c87123e986162dfa97a021723b1ac7d5d36452a01f496cdc942990cfd9a727b0bb26cd654170854b777376fd381f1128d3beb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9ee2f1215b01fbbeaa6b12a07df937db

    SHA1

    53c2e97f3aeafc3fad4a1ae59f99a7d7cb332f9b

    SHA256

    e11c1780f4162b7ac857eee3df62bcc3028789d532104fce76297d0506ddd30b

    SHA512

    d664039f71d689c2a95225d487edd6b69ab40825313d8531eb018f344974118046c0115d11670f4ca84a228a917b207d2ec5f7599e9bdcbc6a52dac64afdff8c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    781c467363775cecbfbefbb5a0e645fc

    SHA1

    4960fa0df27922fcd2e56d735996ab96b83147b6

    SHA256

    58a1f13846b12de3949b925d7e6aed3336ac5ae25098314bd507622236ee56b8

    SHA512

    b80328598c3a4e56027099155a35dd4a75c4d4107da42311a379792f42159bbf7819c3a79681ffe3966301b3413c14312d973fcbe84ab6faf699bcafdfa6b9bd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ab649bc0335c486d5054a575ae8493ff

    SHA1

    6362b48c5ba3d51a63bd968c69edbaaf48b3f116

    SHA256

    7c993ef245eef29b8675b84ad6bc44644912c5701c2b8c6ef8e6f306923b6652

    SHA512

    58ac6627f15cfe0572f6a8a987386845ffe345b628b1d7ea7d28633bed98356452020820e383c2fc36018eff2adffe2afdd9dc5f897c046c946d24dcaca73797

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    36b25fece75b8deb688f8c7ea1be9293

    SHA1

    2c40b5f00b0a4782d5ee3ed7fdf5f659171d85e2

    SHA256

    ceb7ec6034acffea26386ba9eaa3fe3b88fcee3c5952fb2dc71386cc2afb22a3

    SHA512

    a9420c6c2e7304ca2184bd2122733c84422713d4b6904f5049a1b29753f38ef18a449e6d6350051ec67b212d4ee70ac704f88c58e9a9eb7a994056daa57e2e04

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    12f6615834976710df004485fc85304d

    SHA1

    1886f5e5805e1ef838b68ce28ebd9c88545b0d0b

    SHA256

    5543be4a63f0642491ae4d187f159a68ab06e69e11d05fc41a2a14a1fea0fd78

    SHA512

    0816782d64e2f20ce7c2f847faa45242c8a987964896072a69f33f03ef9367b9422737a4c222de67bae12b785c702d9609dc16bcfcb86e4d92d8f124600a2882

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6d21e6aa6e30658eb757786bcc02ccd5

    SHA1

    9b6b5337ee46ba17cfd04d33921f1ea1fc869bec

    SHA256

    33629fc859bf4252d160acc9931bae8b700a2532bbe8a2ea70ebe5305e41c440

    SHA512

    9fed7b81ac546ed1eca897ca41d387a16c7c18cb3a72284a8a13472a1ced8453ae9f0e1253f0531b266ff117f7035e4e5b64decc41d717516e2929ca5b9d38ac

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dd642220aa30a4d8927827dce280635a

    SHA1

    37c79d03d3af43e3f55012a15b4f30bf3b2180b5

    SHA256

    9944cc1b7ed3fecd3fc186cb853806a621fd9ca770191f27184ed697b4461ebc

    SHA512

    16b0444758a6d2e616c4e3df196f436cacbbd4d2bc8927a31138d056cb9ca7b8a238e13a6335ac9d26352dffa954cc5b9e7b6be89677f68f6b991663b8c32605

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    248b9733b9916beaae4e661d74b21245

    SHA1

    15063a8d6cfe6c93eee99ae1f1e2d01aeb6aa0fb

    SHA256

    94e18ccdcf711751a71e1c74b904ff2210dd71808be8a0f5e70402cf15679c2e

    SHA512

    d8e81fc3a62111ee5d7a8da8f5695efffccc8351319ba87455bea98ed39e2eb34d85284e013f230db82431a57fd420352f6c3ed0e9ce0b5eb8dceac2e7f36c98

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a297d95298df82b0a74920f191467a96

    SHA1

    34cb9ab3d55cfeb7bafad5af68bc9ad8508fdbe3

    SHA256

    336162972aebb128191cf761f4be6314c16efc122eccd6ea64622b768ca55d66

    SHA512

    05705df914382ae64a7b6e5f942a741ec56cb12f64f4af032192d1e81ad247cfb8d2c824be24ffcf8cb53ff7d61300b60032426285fc7fd5cb5200b0cb80e9c2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a531387a683872b390848d48677c909b

    SHA1

    b31caa7e29cc7df4226c2dbdc1dc2532426522ef

    SHA256

    2bb1b26dc86ee1ed0705a624941254b2d5250ee7aa5044c9f77d94dcb97ed4fa

    SHA512

    45b654a2298bf2779729a41c7e90f2bccca1256f66add55f7c92a7508e94c4c90a64eabd54f6e631a1fd17084e5d112ea1007d1e875a348a7b4fe8a523cfdb44

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7d2b65db816eb180f11124bed05acd45

    SHA1

    e5082fb351e452b255a99355ecc434d4a4daaa28

    SHA256

    52c259ba48656e3676458ead99361eaf06b7553458113da77566402bf1645591

    SHA512

    934c23eca9a3998fdd2ba95eb27eb97a8dc91ce10691b325bba997ba959df1574ef6401d65ae122e2080e253006c08401ebd4a3694dabb04a07d23e886466bbc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    34825bcf5c0f431ac83796cac9efaff2

    SHA1

    6929f5295d8bf2f54d6b6f309f25cccdc085dda6

    SHA256

    7bb371f2cf23ebf4d79f743229948f673340844055e9a7ed38a2d5f160d4fc78

    SHA512

    1189bb51d155892fc22248a7952bafb9fefcf972337c9ceb563d8efb8081ff24167a46a8709c54acaaf1b651dd199393864a62c5c4921d363921ec8440c2320a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7a43653d8d45ffe1bbbc2b2b3e8d190c

    SHA1

    ec56c08469e7f6747a6180dcda1a0da4f00d3505

    SHA256

    efae15dc41504a9041d31251fe572a5a29da3c325a3d63d2d06fb9c80e84b41e

    SHA512

    5a6537d25a98c5d7fe5e83828d2c2ed02191161e823676eeb6276d81397afab0b0050c826da7d40f83912978231a7e37b013f29f1a9d1241cfca66888d8b6c48

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8ee6ee7afcd4db4e8c46388e13ecbcac

    SHA1

    0eed3a0a7cb6bf691da0c3898db689e46e0643c7

    SHA256

    1ec9a4c3310179af51fa47216d3455b9c2d1d4c8c8852981bc63a9e7cf3c70fd

    SHA512

    16e061754cf9690acd3e09d073aa05e090ff047615970fd52a923fd8df8f4d6f2eba80ab125a55a10457d9d109a413e986834f98e1ceb2ab5c394c2807b2fe5c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f2da0ef36f1b1e46e17045218bea623b

    SHA1

    221ec918cffdb2f13d0e9987f14c6dd7b4f25bc5

    SHA256

    1c47b86dc49bb6c04d7114332e70baaa8a8a21bf883f12aa7cf5200c19202009

    SHA512

    97a3c143b8e50e0a8a70535da53ba04df656fe7ed556ef61401be1f747c8631ed43c1751e5a806099553a04dda70476d3771b41f879afcd0d763cb5b402d2d72

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    85b10dc4b6a01555dd2b61c7bd95bc78

    SHA1

    cb6ca097aca6625c5852c47e89175edd363df436

    SHA256

    9af92f9c56fcf38b9595d3617844181e3a0d63f4a6c1d0d508d744cc1521d542

    SHA512

    9de3958f72ee32d849c84a48dd96ab020b95f0261c780dda10f3e20e4291c6c323006cadd7dc06359488f0e0f59524754a4513a512a3ab1c2be7720887ec4b06

  • C:\Users\Admin\AppData\Local\Temp\Cab3FB0.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar4060.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b