Analysis

  • max time kernel
    134s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 12:47

General

  • Target

    Payment_Information_209.url

  • Size

    209B

  • MD5

    36121a06f7d94bd1c18f5ff4618d5f29

  • SHA1

    50b0e8a3153a09f542bfa7c8aa2ccc12e0335d3a

  • SHA256

    7ffaf82d721b2050b063c4c63d8a711e6e9f0ff3f725825f0a7ebf4501a95691

  • SHA512

    5e01f7829c9665def286f46c8898fe585bde50ff89ce6af379611c8a7d45986abe4cf4a3b1ef79fc666b7b4f341f7f86a7237b73272a82180bdfb60430fb4974

Score
6/10

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\Payment_Information_209.url
    1⤵
    • Checks whether UAC is enabled
    PID:3036
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2888
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2888 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2524

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1d8c085ca891c7a527c64bdb16933dad

          SHA1

          b620440f13ecf1ad6902cac5bb3fd91c55e951b7

          SHA256

          46f37d3907fe953a5fe025dec5abc23215554cb97a0a09ec7451171543e80a6d

          SHA512

          ca7edfb4f9d533ffed7157e59535a5675d4355d5986377ce4daae1d25a6dd35b4763c3a9f354f3766e984bb6daa7f678971741776663f4669b55195ffd4b5908

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c6ca48504ddea39666e86a225cd36032

          SHA1

          6c2f810d4430ff695f2ca3c02de6a7a109d77401

          SHA256

          bb3111be7e2fdd146ec163f91b35668cf5bfdbed0cc64f1f2435c34635d8cf3e

          SHA512

          1e67e15ae38d99de5282200826c93ba151500edd81841cbc92e3757561eca2792a1d95366fca536a17a5d530aefd77e60c716e6074d5c0449fd36d0a0cf4671b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          f89394333fba6fd0c014bc5ce5ed5fd1

          SHA1

          115e47e57675825e42dc21bad0ba01273f5ca5ac

          SHA256

          292ee7720bf160d5bf024bd1f750bd3a2c86e811b32b5728fd44159a075b73c1

          SHA512

          ac475c5a360a2863bc2cd03619e02a9a44f9f028745739926f2cfa96b572a817127b980e7c541cad96730e2bf342c44c940d52d027123aeb07f0481d76dea0b0

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          9d816528b9855d8c57810fe83af48990

          SHA1

          1a09ae01a72e2bb88a0077697af6c01fb6694892

          SHA256

          bf49cb97065d09a0340e1dcb9b9e85467aa460968f64194a8f76473d818349fc

          SHA512

          c5cb05f3d9a29948f1859c9ac666413e90abc9a36b63f47ef7a4052e1780e7db64f7233d6a71713b349c993258d1e45672937039250f52e4691dfb0148d64f6f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1d016b0d9feee5e96142e1b1a4531d52

          SHA1

          f7d8057b32d983320384aa4f94ab70092e09b981

          SHA256

          33dd79de1abdd118c4341a9ebdcdf1ebf77d3df7d423efe4703f2796af0e4c3d

          SHA512

          07e4aca63d7d97c2e70da629a5443bac8849c16a62ba9d7f43cdedb37a61cdaccfa08e2bc4dd8499ca3d2c7d293249e3597fd624f6c2d574906c8f5da873ac6c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          03c2c7d736e88a107ed3e99b31401531

          SHA1

          4aabf6970c2ad3ee931f6a1efe1c0ea96e4218ba

          SHA256

          4afee4b690807eb6837aef2ba9261e1abc1a62be7b9eb7d87c4c1ad94e852441

          SHA512

          67e6fa55080088d1d47798f908efcc794506eb42672ab77c5a3286938a32bf3142acbc14f2d03ba28f4b58d8ce19288aa027f7bc6d85af0f6f404b4b4f3cdade

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          fdf4f121f33de561d39643615b1600e8

          SHA1

          27ad0d1b69dc75592b85aae4bc7655aaecb0e8a9

          SHA256

          f85a562568179f022c7c70bfdb3de16a28f70b9dc822b97b581eb1be2a43753f

          SHA512

          eda95df64a25c68fa1936846107f1cafab2e7866767e54973256b6d562db6f972776ca9c90237b5118647602465516f8e8b653b4a3cd07385fd9ff980472487c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          16e2ef8baa4bdc88bc551179e1cd2e5d

          SHA1

          ec52b44054123c44945f43cf28a80f2cdf7761c8

          SHA256

          53a1fcd4701834dac5dfe71e782a7757540026c86fcb80ab7eb9502e9d18b4d8

          SHA512

          9da0f4a2c40a35831f4806d9e311e559fbefb1a73445706a09612d9709d8ca70288581e9eba5cc784603e011195b108f4ead77dd64da264a4e28899b4f68405f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6d5fc34d6f4274953d95b769a9cb3844

          SHA1

          7f85a9b53b29cb49d025b560e0f7763f503fb6b2

          SHA256

          2279ef7b90fd13c627571cc5e975cd5dc270c5901273c7ec809a547ab006fd60

          SHA512

          9fc48eee00cf93750de40b86e7ac0c08e73fdd416056c73e365f32d72a5231f421f1907205a8c4136e698ebe1cb89323521783df2a7862c473454a9266f6f78f

        • C:\Users\Admin\AppData\Local\Temp\Cab1F36.tmp

          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

        • C:\Users\Admin\AppData\Local\Temp\Tar2027.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • memory/3036-0-0x00000000001E0000-0x00000000001F0000-memory.dmp

          Filesize

          64KB