Overview

overview

3

Static

static

1

file.html

windows7-x64

file.html

windows10-2004-x64

3

Resubmissions

29/08/2024, 18:31

240829-w54y2axbkj 7

29/08/2024, 18:28

240829-w4dqfsxall 3

Analysis

  • max time kernel
    43s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    29/08/2024, 18:28

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    file.html

  • Size

    312KB

  • MD5

    d3b37b8cde0ca99880cd98abf176f6fa

  • SHA1

    aba092ff43aecc100cc3f6444da5400ddd677809

  • SHA256

    c1c0cb0f19f88d190d6c20699e17df99aed41c8dda30fc147f691ca02d459e9a

  • SHA512

    80349f5aca27a5cc409ca6063acba6146d6c12955ed1c1d4b2d4bf0235af6c50883c91356e7a4f2392b5e5dfbda2a7c405006226d076c3623fb56469f1f6a3d5

  • SSDEEP

    3072:Ri0gAkHnjPIQ6KSfc/QHLPaW+LN7DxRLlzglK8ViZk:XgAkHnjPIQBSftrPCN7jB8ViZk

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\file.html
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1328
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1328 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:320
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:1652
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x0
      1⤵
        PID:1976
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x164
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1572
      • C:\Windows\system32\LogonUI.exe
        "LogonUI.exe" /flags:0x1
        1⤵
          PID:2772

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CD
          Filesize

          1KB

          MD5

          285ec909c4ab0d2d57f5086b225799aa

          SHA1

          d89e3bd43d5d909b47a18977aa9d5ce36cee184c

          SHA256

          68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b

          SHA512

          4cf305b95f94c7a9504c53c7f2dc8068e647a326d95976b7f4d80433b2284506fc5e3bb9a80a4e9a9889540bbf92908dd39ee4eb25f2566fe9ab37b4dc9a7c09

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9426bace7f84c64222586737bea5034e

          SHA1

          730b03158b69162cdce9acadf71c6a29edf305c5

          SHA256

          e72de7affd1709f4351359f1be4bbce303ab361a72a0526a3413e16ac5fc6ec6

          SHA512

          7223fe8570d13710a8aad66ed9d6949d69b813236cd2f2913b94b09f11066fb0c8b6e91fed8fda4dea34986941d7277537b01a13d60c2262971ea325563d7088

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          88295d21cda51788fa19590ca71dc28f

          SHA1

          0e2bef9657e1caf2cdac972afede7aeb30018bab

          SHA256

          25d5a5232f58522532209cbfebbc62c37b9810773c0fa169152231866444045b

          SHA512

          6182cd6d2335838c684010597051014f6c2a927a3182a0a1b08a3067246053feb8c867ba5bdeb373cbd62cf8b3be1f8d91a332439e2e64da9d8160e7c1df0442

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          2638e75ae76b2c24336dc1119fd93159

          SHA1

          b43eced12dba0dcddc800bcd83c37c791b874dbf

          SHA256

          817b728bdf1c7b766a69c1161d68f38cb8b1de09ed5c23fdbc8e785ead47df39

          SHA512

          a4c3a4803bc5456ac874c654a49fe81582b9cee33b88c9c5bf094ac96ac1e8c927ea81d1fb6ecefda6452ba45f3721945e7dc9cef6f7ca6142897acb6da28e29

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f59ddc14bc93d7f0c03a16f5e6978d46

          SHA1

          035052b75874699badce7667e42cf6ad381b1ed0

          SHA256

          88c2f3e27dfde624af98c52850dcb7289682169f0b72df551933ad0ceb2e333f

          SHA512

          083fe124a0dde125ab912acf7eee399b4ae21ef0c548b943a1396786eea9aaf5b93d6277d331d2f2c1115bc09e14f78e5988bf926080d340bfad889b8a5939a7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          20e7da6bfa47dade3f68ef7a0c228f66

          SHA1

          69a871d85635aa3c4d40b1907f018d2e8f660fcf

          SHA256

          6e4028d1ea7dc8609d87e0b6d7d1f4f98be5f88d516a29e514ccd79d2de2c8e8

          SHA512

          341f2850c3604e2b5c63b6a30bf055e04a51967181aca5620de2357630e3964761b2e7acf6792035bb045b7ff8481fbe2194506d212a36fad6231c3758fa63d2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          eead97e05bf01321bcc8e724e73b17b4

          SHA1

          655d6e41f62bad2f818b4f40faa01d9a2f1358f8

          SHA256

          e8c7d1cacc087993d056356401b7c58b5265fbfe596f3b8a2273d825234a9140

          SHA512

          f49e67dbcc5444312698bab0a61ca71fd54806e75201e2e9428677c1ea62b17b9408aa8350001e46d662662bbe18c0f65bd9bdc18ec96dda553adbd88dc46c94

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3c519105304d74cd2d208a9e77fe323c

          SHA1

          1e0f7612a6744a72df216dfdc9ff3bae847ade7f

          SHA256

          6f964b3e969e2e3bf65df60950f00177ccf706879f3e941f3b4f2b137a898619

          SHA512

          0191cefcd5c56428d8a3f18248962990fe4185827985e902f98076290a988903345df23be0e5bd7aa24a840178925f20c509af6b4633c7aa904bd3af1c3a34b8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d4f7b9c498b01d0ee26e138f3f973b4a

          SHA1

          98d9fcbfd25b24c13f6c1558138d185cc232e14e

          SHA256

          724a5dcf679d2e5ecb67001ff9b97cfd16a379c629e235079d77f2288ec18e1d

          SHA512

          6875673d94fd986163e99bb114889f6ff471eb601ecd397e411e181d1c2f0b079878c951232011d7d8c96b9d150cd4e3af387ad36dc537044833a4bc4bff08a6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f3a5228452dc84ccacc9cfd8bd3f6404

          SHA1

          258d66711521e602c7964550198297cd598fc3b4

          SHA256

          f14e1f5a3abef266f17c4fa299de8aea6d34a2176828ccd603f16f84a0eb805d

          SHA512

          a464de84b6ce2b28b385aeb87b43b5dd32b038ab0865a23f357a7db6ee93f533dafcaed329a6c470cdb2e7ec77db0cb9713842eb6312460e93ff15575209e660

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          494c682e6a7a2a52f3c32e3f469195c0

          SHA1

          bddeb7216a3a78b62b16e841e1b905f48b4ca2ed

          SHA256

          f6c790424ecddd6f524a4fdfbbba9e70b8353a08f7ac35dbac86b2a350b6664b

          SHA512

          0745d4fb0fe0ded61a23ad694a90ae4a9148d1fa66ef912e6505ab64ede53cb826c16bc061bf0b8ca4fdde7b333c6e422a74f193ddd77935ee402e5d75114042

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a74cd3f0be0402a4b2c80ef2f9fbcbb1

          SHA1

          0929149bd4b9d7f962f8b5a9f1d05543cff96ba8

          SHA256

          57777e05d3f639771c6a38a79156ebb3b8b7c58095388d6779a49b6bfcec5d0c

          SHA512

          712c36ff99206bc46bd1554789820f653d92dff7f1fa44e73e4849dac4b5f1af3deeb28221dfe3913bab12c5459c2e950dadeec2c5ac5cfd9d0fe06cc0fbf065

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          29b66274c339bda79619fd326812669c

          SHA1

          d882cbf47de79b7b5b14578fe74c17e3793d6f05

          SHA256

          b9a048fc923ed286f55df1099b6c55b48d3e2e72cd0ba62045ce8e62ac75a3c4

          SHA512

          e9efab019a82df8f75cb5ff071f4baeb4567a6eec73846d1121f9ab76048a113307d78858863e15b24e27c6bb7dac843194db46970398a7bc98371894b634b78

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          220321b61b3760fe76b0422c47a09b11

          SHA1

          c21391e594bd549d9aba16374dd8b84359991998

          SHA256

          94e9c34846ce1551df336cc99df068ed871070497f801844bd8c4808b6f2b432

          SHA512

          b4800a7ef1e6b12562f8dc2c1b6b980b1be465f2efc83230ac72e1e0ef102219efbbe98fdfeb5130c9415036d574cdc017fe4b5bac262ea377ca0ebae3ee7e78

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          39613d10486834a317823cc8a13d01f7

          SHA1

          5305c7101d62eb61101b500053bcf731d2ff8b45

          SHA256

          594a073aa9203b1456c030f1161996b4a3406396ba0ba2255d7d3b7f2bbe04a1

          SHA512

          6b393a0230b71e6ed7013900e63fe8f53bcedc477fff75ba5ebd0453702331c055f468b4c680d9ff8d83a2cde829e2b6626dff897cf66ae8d58690bef00ebe2e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0968A1E3A40D2582E7FD463BAEB59CD
          Filesize

          306B

          MD5

          279c59c1f864bcd5cb0f962e0cb862d8

          SHA1

          d76a97079a3ab203b516eb604be109eec1c49716

          SHA256

          e4ffc260cb0238c180f54490a4d76d9c78024566c8c8e4e271bba672d1b8af38

          SHA512

          0b710b04c5841fe4089a8ea9ade7bf59c0d0143683ede23d4c6ef9f9807daa662bdcccef72d06c6d9d789742b49d5ee93feb984de49c5deaeceab130592f5a7d

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YW15VCHK\fix[1].zip
          Filesize

          10.1MB

          MD5

          be1fc693d353a7fe6793c606ce481f12

          SHA1

          07264ba02b31542585e6d1b0602259a588f51d6f

          SHA256

          4aa08cacec7cc72bd77d161acab53342444608249c662f5a0d35949eda94f1a1

          SHA512

          1b1fe3105179ce2af37e688bc648912b8a1eaa90a5e212dbc35f62507dd6cef3b57851696b3127a0385ba3fff2e8f671955c8984ad916ed84863f496414c4154

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabA47B.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarA47D.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • memory/1976-781-0x0000000002D90000-0x0000000002D91000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2772-782-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

          Filesize

          4KB

          Download