Analysis

  • max time kernel
    144s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    25-06-2024 11:59

General

  • Target

    netw_ali/fin/163/source/163.html

  • Size

    33KB

  • MD5

    ac6b80a110ce16906e9853471dc74b4a

  • SHA1

    6bddaaeed18ea69189cb8e695a5b98d0713faf26

  • SHA256

    9b392d3818fdf4f6a3d823c190148a7305d5cdbd1044f78769486271cdb29248

  • SHA512

    dc41cbdb02a5082e5877ba94f16d4e4b06b5cd4c927ea8082c120e67332a2ecbb58a7556a8c283984bc68213ab2f6d00aa5689580ecf9da2f0ccfbde9c704c42

  • SSDEEP

    384:j0iq/D1SDFVmVs9lz/DHgYm/DA4Cl4pSr1AF3j8KLkgwqtjxd19hlr79UHHxk7Pc:jf4hVs7YF8g3ZFtjjxlr8Hx9dM42Q1

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\netw_ali\fin\163\source\163.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2468
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2468 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2656

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f16dddaf061a19bebed3e926ccb382de

    SHA1

    4487acfc3fd6889f0f23d0cd044a30ca79947012

    SHA256

    68d189a1b167bac07cd22ef12169b88811070b19f2fe3b7471069569aff23ba2

    SHA512

    838ce6a09070b48719f07d9accff8c096d6e86bed8053e5526f1027d718c34b8543b27aec966647c9f75f9e8778c1449d29be8cc94113e4116a6f1d2280259bb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    89b90c133a3be376cbbd891d4bc9fb0a

    SHA1

    797840940ad4085be256cc55d67daeb03ab1c387

    SHA256

    4b3d76dd0f98a7872459890defe04336abe990dd89fc8ab22d80ee0775928704

    SHA512

    68b7578bacced37904f2570c9db83872d1f10406c619033348b4ba66ca9f3168cc4df43140e6f4f06dd8fb79b3156160767b3208078be3fa746a42a32075f9d6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    10658b3be825b0087930c3227b94e63f

    SHA1

    6df683393fe86624ad8b0dcca5907c33573aae55

    SHA256

    306f83c04d607036a16ddce233e31cf4da707bf23576ec65e48744c7002b8b63

    SHA512

    d816b2bc352ee41433d316d1d94f397bf1cc867b9f723defff8ac80d6fb62532ce1ea0f7b697a8947d98d54010d82c46ac07293253030a99d4eea63282edc9ae

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    921d8d7f2470b057cec04b5331dd24f8

    SHA1

    46f6366ea2198c44ef498f3758e342165c4e0bd6

    SHA256

    695da3f540bb8ae43b4a6103c2550f197a87ba143808a2cb644867d58b0035cc

    SHA512

    6517f9f9d9a5e96ac5db337687929568224ef600758f09ccc28ad5bcb230a64b244fe3011327a0d164cb0ed3b2d1ed25c2e50ffdc9f697f8873e68c4fcc42fe3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    726032a5ca535139b4e273fccf69b328

    SHA1

    b552a9378ac72ad87fd6bc30eca177e37db38277

    SHA256

    faffd741758df4b80a026e75fa6e6d402994bba3a0247e685ac633c5194879eb

    SHA512

    12beb9e08af73ed814d904e2f9e30a3256c55f0d2f933a9c38db1730f4fd7e5eef242a25ce0830a8c93665d3623a1ec89d640cc87bc0d309d23f68a40397b9a6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dbabcc459b5df7e12cf8ca603001f4f2

    SHA1

    b7ec1aa969d30e621195bbe074bce93487523aab

    SHA256

    b8747231be3836b10320fda7a88728e510d8cc0d9d1203f241ad1f599da3dc79

    SHA512

    8a6f6a17a4f64c16625ff1e742c93b944a622699daefb638b0a1afd6be5cb8bc8ca14300a4e6a4f3166d9f3117220c4fb5041c9e72b49a81e958313ca1187b0d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4db073d7affad5a480ade3628c8c6bb1

    SHA1

    67d606f596d1ddadf6db9b3e891326bf188b11b0

    SHA256

    f03c07eba855321cdc15e67c5ee4e82982db0d590b229b6ac4088710a5e860e3

    SHA512

    0533cbc01832992ecc337293730fb0cbd3e7c6e1390e3fc96fa3a169d0b79dc222dc4f08469395e120ed7b4cbae37ee32d6f481bb702042408cd9b54d587b026

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f2e4e2861aab9fdfd230611126529c72

    SHA1

    218ae7bd4cd4af95b9472867706f6adfd768a123

    SHA256

    e6cd161668e4455c4f8d4fa1a8f65f870a7453d8ca2f851bb67a47c97b639bda

    SHA512

    3c2d180d78933853062802057c06f7dc18f43d946f6b365ec3b2100465ebfbe348eac41264155ed574a6f07b00ad006661867d0a376ce1c6acc7ec5c3f954ad8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    94d728a161521f06ea7355ebfe6e4ba7

    SHA1

    b158c0f2c4c31dfd13a22eebd7a885d7423bb1aa

    SHA256

    586bea232727fc51a8941406dd9e1695186cb0a4dd424ae62276493ce6a2023a

    SHA512

    b87802e4f6d02594ef6123423ef9443c603fbbc0ef79ea6627e038d2760bfe8ac72c99d981143a4af38a50358e815b374ee89cbe093afff2b5f2f8ce995e5112

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ca33d915e5cd0f1fe70e45751e4a8ba9

    SHA1

    c001207498f48e1c9838de84adf02eadd43731f5

    SHA256

    fc2bc90a67acafa500a0f2bf930ba0ab7abba757fb923be3499cb1e156ca29ad

    SHA512

    3913943e33c0eebe03480f95755ba40eb2c9b73787f9df6b1203e0f51b32ac73d9ad1039cc124df245c2e99e8d5dcb679eaeff67474029871b3e677e842919b5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ebc8d1caa715b2e5a892e34c59ad0e8c

    SHA1

    e879934a1d213f55ec694de9c1b111b3b2bfcda5

    SHA256

    5b1b346a39bc622688e1ec81262bc9dfaf59485d3a152639f39c028373b3e5e2

    SHA512

    49bab2b1f6ca4c7fe612fd87cc047bc3b94c57501a9418a398694ffed5c2fa5df185dac8f5bb74825968d091e23a37f2ab539548376194583f99ec0b71a90150

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ff007e5bb3c007c847ae96d2120fb911

    SHA1

    0c2b301503fe442a452f87a72f5c6aaf85035478

    SHA256

    8d6c30ba6d45fb9bdac3c0982a85344edac61efc094715fa28131ff9577e1d51

    SHA512

    753b9c23dab80b12e309735978a5d3d63d4d6e5504ca6d28cfe8572418d3cf08cb4cb072db795ff65f5f0bfceb6aee0c3bed741c90656e691cc0fc8ecede5036

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    534de8213976d18092062e96f647822d

    SHA1

    77c87a21b303722b7713ac5fb48df20705209c11

    SHA256

    7ae754b0e9a4ede463421bbeb57fd60c388f0f1178d344681ce3b369da315495

    SHA512

    8364b4c8c0e7e53f7e497334762c6820169d8019a472c74368f87bb15aac869345dad6ad1300ff401b6858aaf703ec5aa4fa69545df69bc1af8150db46bd9b43

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0127419308ecbcd931c9874dd836bdd1

    SHA1

    ae538f5b176f7990814f0dbc318921194ca0743f

    SHA256

    da2312122d381975e49e5896e14f1529a168942a9c3e4b1633053e1d92fb30b3

    SHA512

    b853b4069ad7c26c65f1319dca6b283a4a23d6ee25823f7e41086c3a80368186335de668f6d675cd4d88e7d648b542009f057c900c6b477221271aacae930706

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0c67271692601e8d662267f99633229e

    SHA1

    1ec4ba62e64d2a823b1fe985182079662a4ee88c

    SHA256

    b4d3ef78c2c57fafdd3ba42bc3a3d360ae43f8034a29ff40187243ca9bf4b5b1

    SHA512

    7759fb6ca3151e1014649a76dc3f88cb93112bf19099ce04b47888b11bf7f6a035c60a09e32ce5b18d9b57001644855e5acbf8a757d460bc4143f2f0f1abf0ba

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e1d5dd519e4c7cd0da5afca837a57a74

    SHA1

    ecc2a45da5cfcdea1f4ea72f79741f04a3baea3b

    SHA256

    cb1418b4d3cd2eb03829e75bf58104f9667afbe1aec4b70b0a928231308b8f84

    SHA512

    4d2a01752d3ca6e0c8feb3aa1cd07e3dc4e38a6f69f480377ad11acbebaf72a2643ca90f57eb7fc3388c25484872972f2c698cbe6c4cde9ff83c697c219bc0cd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f8680842022099e4e87f18177cc8e756

    SHA1

    206a9cd1f78f646f0979120644fdf81a9af9c7ed

    SHA256

    f7716549176766be4bb99cf6b8db11e58f63324445826d251061b2a59bb875c6

    SHA512

    3c90bef7ee53f76de015513f38093228fa12c7d7fbd00f8a8c49a020a82fddb7e7892d11e1948d3c037cd6907147a970e4276568e3cbca0756a62157dae66f07

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    04de5a61b1d4c248763a2851c5a12a78

    SHA1

    994e4a08b28f3d341b907229c7d273c500b354cc

    SHA256

    dae6ee0f1214c766b8a05eba44e59d3b85c925867766cb1fb07c892ce63bd826

    SHA512

    4f2440e0827c0f461b0ef53a651d79155210c6e577285ca30e708ab8abf6edf3b044887d57ea3f1717444fe9517949776469885b34fd536145652101b09c3b8b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    273fc89c16ee9a6d6fd7a81d18bed947

    SHA1

    ad17a0a15dd8725a955614635822bc4b852c9d47

    SHA256

    d3fa5a2a62b7d340d31ae0b37e8b9539c7f13ea22dd2ba5b657fdffe04ea803d

    SHA512

    0f3d11f855d0d306c5fa443a9c32cb191b7929369e9a182984e9c77b01821bb83a1892049f9245e9e4ac43d936d377b51213019645cc5a1b2920dd34f076d347

  • C:\Users\Admin\AppData\Local\Temp\Cab427F.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar435F.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b