Overview

overview

3

Static

static

1

.html

windows7-x64

3

.html

windows10-2004-x64

1

Analysis

  • max time kernel
    71s
  • max time network
    36s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    29/06/2024, 13:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .html

  • Size

    612B

  • MD5

    e3eb0a1df437f3f97a64aca5952c8ea0

  • SHA1

    7dd71afcfb14e105e80b0c0d7fce370a28a41f0a

  • SHA256

    38ffd4972ae513a0c79a8be4573403edcd709f0f572105362b08ff50cf6de521

  • SHA512

    43573b0cbaac6e2e1646e6217d2d10c40ad10b9db1f4492d6740545e793c891b5e39283a082896c0392b88eb319dfa9392421b1c89c094c9ce9f31b53d37ebaf

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 40 IoCs
  • Suspicious use of SendNotifyMessage 39 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1704 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2552
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\InstallRepair.rar
    1⤵
    • Modifies registry class
    PID:1404
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:408

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d0e19f544be3ad79a7a54990c1733a38

    SHA1

    094521a7c221dcf7cf4841458a355bf83b5c352b

    SHA256

    dba683863234ecd8bd2a6aec8e72af44569cd39f1afefd32f124bcb16fe44989

    SHA512

    f6af947b0aa7d1368c7b53cf111a808b90cc5d725af35925bda0ae78d85248ffbcaecd82e139e1745a1f83d6b40b2775d5697f86a4c16cec5a15704efc0e5be5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7cba3b911ba2da1951a52a6035b05bc3

    SHA1

    514fc38f08f275101caca6921fea6c22cedfd69c

    SHA256

    5bdf6ea691fa76b37dcd4beb8fd35fd2e0565b2adf62ea5f66c17f460e366a1f

    SHA512

    fa7874a05f3a790c9ff109a2509f18081af41ba3b981ef2dcd363b67a89fca2a1e732157cd034d54ae0f411724425edac0c6cbbc9970af5ff8940bb282745391

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6cfb723a1cadc6580dcbd2c47d7ad39a

    SHA1

    7d29637b35eda6fdc38591bff2cd516e8c074425

    SHA256

    b8f198120e79ccaa2be04ec33ffdd16438ea57c12c92295cac772c1751c6df0b

    SHA512

    c39f24fbc138e3493af8434a442a97d31e4fdb0b5665d83a1374e77cd7a44cf367249567e4434035ebac5419cdcb7e88c5854e8a61ad7eb6a03e60ba4b394daf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3952d8f0d309be36a07791649615d0e5

    SHA1

    e17442d604e7216e547de77af5327fb5d1ea4c7f

    SHA256

    814502cf63c4105dcd9f56cc66485f82ce3feaa1507981f01d3a6a51660a2227

    SHA512

    3c456d69c16a748874c427d7df2b5278e726f3359ded623373c3a9f975af388aab0decc7a234e95958205733640880611ade8b72bcf5de77b134e3bc8e8d7a00

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3fe230e150f7745e56ebf35329ccea31

    SHA1

    15921326cd56cbf8848943a5fea3599c2ba97a21

    SHA256

    b42a4875bd0f4d2de2db8652491cc0b90b0fad899d6ce0b9296805e6a3d4e740

    SHA512

    a593f1b4fa6c07331e49049bca485d798cf34e33638c30cb2bad9c65260b3bf4b6f4a2f2984db017c90ede7141106fb41705302a94a7a6e4cf29451c80cfcfbc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0aeebc5a0d5b4e572b6585a474b41211

    SHA1

    0fcb0ca945fea7103ef50c6e76cac15a1eec5f5d

    SHA256

    c5e640f50f9423557c53ddf3bc652deda184105382e9be53a95d90142d1afd40

    SHA512

    a200a5bd4830ffad6651b0a2a2645ce8973833802739104125c096198d3f7e21c9f9fcfbc3ce9e266b0349a8f51d2fe88b5fabfd3b2e1b64bb154d52f2cf20a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a58530d3a513d344417f8e5b8a9a439d

    SHA1

    6255eb1e7a1725dbeb74a00b20d644496a957df4

    SHA256

    0181b2af752629a28a7de24b797ea216267f738f06815f4ca2a24abefc016568

    SHA512

    10e84f3b63e29e24ff965e38618b10ab4fe8f9da239f6a528fd1aa05d8ea5a012c5a2421cefe4b9f651638fc94c938525b00e9d42112cbc0aec94fdebd3eb267

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    51d7bf6cb9ad294a03f89e9680c3faeb

    SHA1

    ba8694700dcb24253cf155ad6f25ffb486987b94

    SHA256

    f019a4a05e6336c05a4a3ecd39f1f23f2a56cb10d4243131e062cc1b0459584e

    SHA512

    c6a2d76c02e7f4e72a90321cfb538bb49de249d29b33b3bc67249c49ed50ddf1ceb0ce96fa9b20560edfd72319c9b4e9499397c6ac52e0db68b8d4cee39e9dc2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    18ad29ff1ccce2ece241c08661a4867c

    SHA1

    140da4c295801e4b5efd34a55eb4e2f82f5873a7

    SHA256

    19e955330f1f0e24d65e90cac59b3b56c5ae42823c19e7f22df767a32146fcb5

    SHA512

    f90a8f743ae6c700576f0e7f46dce71915401896b3c1f21c501c7aefb574fbe1a05931ee230ed19fb02306c539e84f96fe1bc737fe1ea0eaefcbfa74276b7e20

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3332.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar33C5.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~DFBA4F8FFCAE53B20C.TMP
    Filesize

    16KB

    MD5

    f22ce52414a0a12a7122fbe2349564f3

    SHA1

    ba6a8984d94b587d3a669407d882ad2eb678bd8b

    SHA256

    2a89020b93d1a250427ecb7915013f6a1d36bec0634816377144a054ba8416b6

    SHA512

    0a66c6cbf99fd31c5168589aa81520cac97cc537c8182677958813bb06248d5f292a2a4bea0826d2c118258696765c6f9ab7d87b451afa83efbac1a2cd2f667c

    Download Submit

  • memory/408-488-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/408-489-0x00000000023A0000-0x00000000023B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/408-490-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download