Analysis

  • max time kernel
    133s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    25-06-2024 11:59

General

  • Target

    netw_ali/fin/CN/source/page.html

  • Size

    12KB

  • MD5

    9121cab8ec5fcbcfd17197a35e4f9c36

  • SHA1

    87c36c1e78ec97fe64b04b6eafe3cdd5b00c42d3

  • SHA256

    a92390961154ad30bf60a07d6dab62fb95e942374f424ad64fba515fac96cf76

  • SHA512

    1c73596c54726d795342a215afc4eafcb3cd1c77518e96a0ee17265069c637a6a57e4de265fbe604e05013885eb323183d841f97c2c8d3c29c628c7a0754acd1

  • SSDEEP

    192:fTgrpIRrk4g2L2dV2Jo9q2+k2Djw2sL6jR93vlJ+2Co7NosMORvSqt2C0QH9:r6pIRq2L2X28q2+k2fw2sLav31Nhtnd

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\netw_ali\fin\CN\source\page.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2904
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2904 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c007769b7674083beb350395df5ef6d0

    SHA1

    5601f636f94aef999ebca41dcca9b2d37b1b3649

    SHA256

    232fa08dd84e81f409d315f8362386500db3b06cd360bffd2dbdd081dd6674b7

    SHA512

    6f6ffc8fab6f88fbc71fffc29601c7bebae848b77ec4dc7c5a7d6701577c59709d7a7c63b4146caa74c01ade9bc885c429e76df402738d945b1b61df2fb4c619

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    51c56cc5667d4ea906273d9efdc0a05d

    SHA1

    f6a2a12e6bb23948e6efe3e7bdc1ca62d72d46f4

    SHA256

    7f2a50caf5c7c19b2fde6254a6419fbe96cae1026bbf3fefb1c6d391e3bd7e99

    SHA512

    e4dce6c580f8291ba7c997e03df26ff2ed0364f00a00b928c3deb5852fb9348b7c5cbf228635bf7e17f6409b3052348303291be66e6b5ce6167645b9ccb48cfb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4eca4e6c5890f7b16dfc0de6285ac10c

    SHA1

    93be49072209231f57c8fc3c5b8dddab02a6ebe2

    SHA256

    b886ae243e4f7fa905ee8db2eda016a8e0194f4ab1ccb2b46dc3063187d7f2dc

    SHA512

    1a97937269d543228e301b8728527526e83984a7b7e783f59e35d2359cf26ad0780ecc6cd2c58e9b2361a7b1d385e375287042bb67e08e0f925b3d7841d9bb50

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0b20a9cf5b318eb463c2c3f3a5b8d59f

    SHA1

    ade145717da0a3ac3ef9bcc311a6d258506e888d

    SHA256

    a5dd014413d97c04cf21ea94d0d0a412cb33993f4764e9de948a84301515d6df

    SHA512

    9804c82e0e70d9e82eb2391e1558af62d0eeea826bf37e3914f4a37ae08ce45c175e172addc775d650925b52767505c262ec07fe79d461967886d388d36be15c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2c89e3034ba233b5843545ba56c27b09

    SHA1

    aa2f9a7d42f4f8148850f12bc63ace8c288b33c7

    SHA256

    ece5ac02493db5ac9a8bfd2fd08482f171b752c840e6993036e8d987588e7c5b

    SHA512

    6205199c9e993394ea6a513b010b0c180a623cc161169b85577408d04060e1baea7b76e8cd731bfdcee6cf0e65d1f6fc8b60d54962d44baaf8a3462185afffbb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fb375504c7995432f09c0bb6b4760af2

    SHA1

    991136877282bf73e362fa12b1b1c2c8326d9d23

    SHA256

    01bdbf3fa4fce7b02a2c9342693f508c3d50bff58a4a7b1048cc8d40b69cf2eb

    SHA512

    f8b0b9404bf259eed781479ea4149ba6891230ea95f0a58d5c67b2ec548bb611709e4f3bb1cc2c8fa1b5d1891a4d0a547cfa98da4248ab510cf052a2bec6c163

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1f057c1817fd390f2c30f15c1264f720

    SHA1

    c5339042a47b3c0eb8c172bc4ce24d79af614f05

    SHA256

    8139c436a1f09cd143e33071c487c1cfa4711071aecd1510daa41099bb65b248

    SHA512

    b6fb95feb164e0a5c323d4fd2f3c004576a8c9ac362fd32d94274661fb7124707a609ec4e2ce7317283cb3f7621b59fa0ca403f83e363ea6b53a2028eaa0b5ee

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7858dc9ba575795f82ce775e8085cd79

    SHA1

    a357cd9e1c6755bb056fd7dbf4652cf1d01e87f4

    SHA256

    970cd59078f9b7989c3199e0549284e9775ef1ec1ff616080117b94b8537b0b8

    SHA512

    eec28f62eb36ea5ac11c6326169fa4d0d3b729ddd2b8e8176f5722a2515accdd63b7e874cc0d20776f23041aff0e7019d03b11599acdf35181c54408a15d7a23

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    13e35bf9a1b0fd4174424bb4ebee260b

    SHA1

    175af3ebe15edda4406cc828fecef15b4853f918

    SHA256

    c519cbc0acbe83dfdffa452b9ce90813f97491fce28f7965a54ebe9852b1da19

    SHA512

    260be6ad0d398d30df0f1f6b1a87eb096b65474d0d4e3473b4b4ab138eb805b123f3d1cadee4edf4a23e68657cf604b8f08aae76d794bede900cedf9a23a1206

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    38250cddb8c0b094ecbe4d31a221c884

    SHA1

    7f396bbce6406dba5c216a46c09137b5bcbc6d9a

    SHA256

    007f38db57fff1d748b42260e114e9654c98dc2d1c01505c04a26706387460b1

    SHA512

    bd6a26487bb56731e8c8e4463625c64a45c7a854a4373471fb1b8f004bea54140f3b0a968f7fa3b30d015eef1746c9a04c5669c8a77456427c04ef9647de859b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6d9a0ef834ee0437a26527f1300d4c02

    SHA1

    c0c6c38e57a9e199e2a8fff8b78c0fbed8dc6a4a

    SHA256

    90578a4ef8f69c8bd5bba6ca05818ae01c6610066a55768b82f6da747646c489

    SHA512

    d65ce5b49ea4985957aaf1270f34153018735e644655bfb22c94920a287760dbc1e9757cd662a2ebfb1ee295091024f5b9f626fe5d5ed822ee4f967af5cc2a44

  • C:\Users\Admin\AppData\Local\Temp\Cab28D6.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar2A46.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b