Overview

overview

7

Static

static

7

2944a5f345...18.exe

windows7-x64

7

2944a5f345...18.exe

windows10-2004-x64

7

$COMMONFIL...og.dll

windows7-x64

4

$COMMONFIL...og.dll

windows10-2004-x64

4

$COMMONFIL...m.html

windows7-x64

1

$COMMONFIL...m.html

windows10-2004-x64

1

$COMMONFIL...an.dll

windows7-x64

1

$COMMONFIL...an.dll

windows10-2004-x64

1

$COMMONFIL...fe.dll

windows7-x64

1

$COMMONFIL...fe.dll

windows10-2004-x64

1

$COMMONFIL...an.dll

windows7-x64

1

$COMMONFIL...an.dll

windows10-2004-x64

3

$COMMONFIL...fa.exe

windows7-x64

1

$COMMONFIL...fa.exe

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...Ex.dll

windows7-x64

3

$PLUGINSDI...Ex.dll

windows10-2004-x64

3

$TEMP/updatesafe.exe

windows7-x64

1

$TEMP/updatesafe.exe

windows10-2004-x64

1

IEProt/IEProt2.exe

windows7-x64

6

IEProt/IEProt2.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    121s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    06/07/2024, 18:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $COMMONFILES/Angels/IEHelp.htm.html

  • Size

    932B

  • MD5

    4e72a0d4ecf37f91b9fc9fd2e27a6661

  • SHA1

    c3e9117731947e1a3e2f9aaea9356cedf5fe53da

  • SHA256

    609471ce7403a914ef23d91082242c876e1b2ffcfcc6a70ab1309f45b387d1d4

  • SHA512

    ffc517b819c9e995f0aadef0583b099b16bff262315a9f27ba1c6306d0e0fde30c32ecaac19fdaf9584f182b64677699b42d40606f4038637485b2b5601d79bb

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$COMMONFILES\Angels\IEHelp.htm.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2336
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2336 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2092

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2dd96f9cd3bec688a467f036b3c25b7d

    SHA1

    67749f7df011e2c6204c670c8558d7e63a84f5a1

    SHA256

    46b44e882c51a305a31e6b72add8b5b2099eb778330107429c5c760d16de1c2c

    SHA512

    c0edbd0250cd851792f5c5b368b34e89e8d902b7523061b5138be4212a9ccedf5bd5a058dfd6428a07d40db1bee8cefede789648be1bda1747a54d58c2652f9c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    06a68f3b7717a76c0d6f23b909602541

    SHA1

    1ed287db29343575ba6729e5a89538fadd381f45

    SHA256

    60f3a18af8c7712d8a6b2e0ba7362a5478717a22187459e1bee81896ea592478

    SHA512

    525d9a5b5fdd1ee0788f7860aab954c23f137e1ae45dba99d2ddb1f760bc09b2b11b9cb75e9980bfc3696a6abb5e84b6454b8ec53ad72d999194dddb1e7f342c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b8c5fb53bf8c5ad043a5ec168b6b071b

    SHA1

    d809ee8720b4c02d2b2f622da049ec9e589f01d6

    SHA256

    22f541c29fa9c29fb6270aceeef845f0d981f8c5da1a52f01cf1b0e33a55dd95

    SHA512

    bc1d51aaaece4245af6ff182ece0149ea0f0a8b0fc6ab424b7d6f3bb60238b426b1321050eea4049f1718a462c97d7403679a2003a1f0983359d2d8eeb87f9de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ff331a6478898fb0ae8f0e8a7472390f

    SHA1

    04ad85aef6acec26a7de2e104995aba3a7b601f5

    SHA256

    454298f6324162affe69774d05ce461fb68dbf8f668ae8609db2331bbb7428f0

    SHA512

    61c9593ef7d745af67a004a803106cdeed3a45e15efb180b04e48e0bbffe9c02c61744fa825be6734be3dfceaaf82703b18fe3ffca854310033612c664e87205

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    433ea85d9612ca3989450b4bfa7009c8

    SHA1

    94c904e2d6f2501d48e979e07b9f97a1cd74e9cb

    SHA256

    fbd7a8acd25e78523cd882517c3b6c132c1e3e9e9e9c935dac163621faed136e

    SHA512

    8da215be8aa53da0a713ebc7972554028bce15004ed2807f84e441b958aaae5de177105c553b2f8b878291edbbcb21dbadffe01bb79b2b01826710c618b8ba0b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e5603a0db644bd832f2c7085bcf8428e

    SHA1

    a8aa5e409b8458190f385c4c808d31231acdb96c

    SHA256

    7e1eac59f8b6a79fd64cc4eca922a16d723ea6bd76ef1de2af78c5b057bd519f

    SHA512

    74819d8f13cbfe1242a0a1517f868eaf91f915f0b4d48cfb426da98a20fc76b24af5079d2a415f22d0c7c0b7f2252ba9bfb690e3bd7b24011bf0bf68da612378

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f9df7e7031caa9ed6f322ecbc94add92

    SHA1

    bb5e7fde5ce5fa717be82b068077d0880979d50e

    SHA256

    840eb950bc19d6606afdd44815815326c49e5ac464cebd481c95e4cc2694171d

    SHA512

    b35fb3a577595be2493b27e79fec8a6ab47014400518ac3a7eb7a08e25a1d875ffce35771df01d59f50df0653f005d8fc5d70fae6693e9a4aec4557eb88efdab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    441ad817c21a69dd08c9482752492034

    SHA1

    059458dda9c3cd89644f57bcdf12a4fe78d04c79

    SHA256

    2160bb1bacec24d6a650486ade65c06e582a948f56ab27d6e7f26ba5f4cc285f

    SHA512

    95605833d31d465dcc165b65939c31f430dfde5562e0cc5f1b8f155b40b4577865b72e1fc426d447e32819af3cc5f40887a23e66c7c21e5b294afdf5d5c9174e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e7fa5987b127512e84b74ee95636e9bf

    SHA1

    c05bc809dd6dc1d1959f09fec9fb861734526df7

    SHA256

    afec761a52378ab2e12c4cbb1a25b820e87c9840edfd6f5e93afbcd9e9f3f29b

    SHA512

    fad24765df577638cb81a55880d5da859d8a171e03ce6fadce7eeb76409fb107c68d93ca363337f0ec50b8dac31d06957bc86616454f72211c0a72f5889154e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0e583d4a2af922e6da1135197739ec5b

    SHA1

    ab1939ad7121bd01872ac0ee099ad1c80346510f

    SHA256

    1f57bee01b95a00b766d8ab4873f11640e386754ed320816eb92936b7dbf08e3

    SHA512

    d126304db928f87f3b26a85b7586fa7a970214f553597e97616f22a8817fa841966587d665ada339afc967ce5a1825550abe4d8a640572b604369fbdb50ee903

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    89c299d5589207bdb8dbcb1956746591

    SHA1

    ba34726a42953b7baf95792398686391b3eb856b

    SHA256

    a62f3e7657e87b3670fa4b32f0e7843360f4fc4f1c09f651ba7a8d0f52dceceb

    SHA512

    a0f2c1779a8a778e87811ac12475a23226f9940ea546e1e4f1b23249764cd615dc54400b2fd9a97f0f8bf8072365788fe67704e2f7b801fa3ec64406c7e7821c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8e426211cd069c4aaa0ccbbfbe8809e8

    SHA1

    372d7066ded0820d23e55e316fc7a019e10c1253

    SHA256

    fc35a62c6051b2be665f5777ffeaf9c5483d0ba48d7e5232511ad8920e7fac74

    SHA512

    c419395e08213d3e29d07dc99895772dbbad278359202a7f966f5b01b556813e8f629ce55645340af70ae70d03fcd7ed6732cb6d0dea8bb83a39d96ab9910ef9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    15bdd7b7864a6c05808d809fd6f9033c

    SHA1

    7935c8bc7ca6a2ceacf30754356024785620d8c0

    SHA256

    7ff971587f644fe5a7167d378a9925923145f537fe614b36eb70321dd4b0790f

    SHA512

    a143037373a4a7793e61180867a4241ed49a0ea2682c7a399a15b6c3907fb0a25b68ac864a770b4ad5208ec045682dd2fc500d4f2c8c99673bce13fc01bf72de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3060bc225398b01240289ac85e72c0e9

    SHA1

    f5190e11ab2b93c169fd16fe6b54010f04a1c1e9

    SHA256

    747c6ea83263f3e12500efa70599c529a735c497c0afdd44a19254a4c1e992a3

    SHA512

    726776f472124c54ce1fe56ac1cebbbaf0be0418348c80bcba312535a6334e683a7a0d93d566ea24a1101797cbe9e197e2e745370ff67b222eab95e5a610b9fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6eacd641147f5ae59b3d7a3221675e91

    SHA1

    15ca3541d4ec0f289058ad1cb04c16b819de0b8f

    SHA256

    ef643693f3d30b040dd4961a0d4c4ee72528b51edada7f6d00731a035ffa83fe

    SHA512

    dfc2a1604b1e7f32cb94f88810b9954cedabeafde1c06b8c23b7c4060ad69ad9225d410ca7cc0092aaac62eb2fbeee2cde862f234db4a63e9f7660190426bfa6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB359.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB438.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit