Overview

overview

10

Static

static

1

redirect.html

windows7-x64

3

redirect.html

windows10-2004-x64

10

Analysis

  • max time kernel
    12s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    19-01-2025 02:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    redirect.html

  • Size

    6KB

  • MD5

    cd2b0782169a3c92e2f48c05535a8de4

  • SHA1

    27029c8a95f449a0477171f2789083853f9c462b

  • SHA256

    ef51be8fa647abaae636b11cad45df1f5a8207b8aece2f39a031a72b730fe149

  • SHA512

    958584561a4a2bdbd4d07bea1310aea61c3d109a67ad935784ff9bebd260d5c4eebe56185826730c26bedec8492d551e35ab09258a02f518b55faf41b70bdbbf

  • SSDEEP

    192:dMHLxX7777/77QF7JKyrq0Lod4BYCIka6OvXXEK:dMr5HYDG0+CIka6OvXXEK

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 35 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\redirect.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2324
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2324 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2192
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2852
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7d59758,0x7fef7d59768,0x7fef7d59778
      2⤵
        PID:2884
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1208,i,15976938437506131242,12639271668481054462,131072 /prefetch:2
        2⤵
          PID:2252
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1208,i,15976938437506131242,12639271668481054462,131072 /prefetch:8
          2⤵
            PID:2264
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1544 --field-trial-handle=1208,i,15976938437506131242,12639271668481054462,131072 /prefetch:8
            2⤵
              PID:2444
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2292 --field-trial-handle=1208,i,15976938437506131242,12639271668481054462,131072 /prefetch:1
              2⤵
                PID:1920
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2304 --field-trial-handle=1208,i,15976938437506131242,12639271668481054462,131072 /prefetch:1
                2⤵
                  PID:1312
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1256 --field-trial-handle=1208,i,15976938437506131242,12639271668481054462,131072 /prefetch:2
                  2⤵
                    PID:1080
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1268 --field-trial-handle=1208,i,15976938437506131242,12639271668481054462,131072 /prefetch:1
                    2⤵
                      PID:2736
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 --field-trial-handle=1208,i,15976938437506131242,12639271668481054462,131072 /prefetch:8
                      2⤵
                        PID:2740
                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                      1⤵
                        PID:1960

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                        Filesize

                        342B

                        MD5

                        97f892d2c376fd86134af6854ba3ba43

                        SHA1

                        71209e399b38a0446a19942f32a5dc5cad166df0

                        SHA256

                        5ee0ed621859f2f9533c0db69b6059957127384b87281f4730213629bebc039a

                        SHA512

                        a4ba70e066e285332ef41f260d22c427348b0e1c87f599ba8316afd42e3dff5b8496fbe81189ab4383d955637168e2a48ede184aac05498c3225ac22540dd707

                        Download Submit

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                        Filesize

                        342B

                        MD5

                        f3d5037b40ccce81aa6afa3f81b4d08c

                        SHA1

                        f1b5a33261edd8ac52da37a95c3f12b7bf21c43e

                        SHA256

                        5cae086701159dae541060dbe87224b122e3df97ae878f4fd580d39a70f1234d

                        SHA512

                        8adde08b01f19ea9867c803daf815bb10ee25f59a1716c6f15e63967b605adbe0e6dff53d7bacb9f070a959a0321227938deb96349a208ba9e0950e6fe984f52

                        Download Submit

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                        Filesize

                        342B

                        MD5

                        79ae445964e9ef88954079bc9009354e

                        SHA1

                        176d6bea869be382d7ca9b64271c3b45857e6e41

                        SHA256

                        d44140b58f84b73e9269d5b043173719ef9646418ed646c0fc1f17f9bd8b1baf

                        SHA512

                        48babcfd925d91bf331a6758b9bccefdbd7e45a4c61001d7d3f290418704d660bd9a59aef74924bb44834ec5e44badef3b0831abe2f5ec020c9597d5f4c28147

                        Download Submit

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                        Filesize

                        342B

                        MD5

                        29c3a01c257fd38dc7cfd646c2c54d88

                        SHA1

                        795270764abab2dad2091423550b4c1da40d25cb

                        SHA256

                        5661efaa43f610d922e3b786012fc9a1df852ec0558d999bff29b28e784b75ef

                        SHA512

                        feaf3bfe90909079c37fa246c6054662e9ba81a9391ebfb1fc38b55bbefd9f9a06b31dd71106a7a7fc488c04b23e1dd93cfd3d1217fda5cfa2b267365479a798

                        Download Submit

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                        Filesize

                        342B

                        MD5

                        243e9e5a5e97b039cd1602da344fb254

                        SHA1

                        b25bc00c1063fac7e954db0a74d6af7406af21af

                        SHA256

                        3c946391315ffdf62b2cc864ef2a4e9ab618625e9497b95928208ae594a945a7

                        SHA512

                        f5e0b2ae1e8b186088dfd9e5361ccce5829600f61025b2e7a694ff4735e5b83eab1ea737713f48917b12057ff15d95c589b76dea7eebba1ebd76603760de55c3

                        Download Submit

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                        Filesize

                        342B

                        MD5

                        92c64c472dc24890db9cb670b5196655

                        SHA1

                        8029313ee910b973c6bb4d27c0ffa82c7fa0e8b4

                        SHA256

                        8a40777b84ae120b5b1513d2567415c0a69f08456bc3f6ab13436a88cdadc43c

                        SHA512

                        5d0b7c600b08687d8ea1ddd26d1849da258fb96b5885aea57ad6b1709dd373fe52ccc86bca7c6cddc2f80f092fd464803fb1119b97769e2b54ed229e00fa1a0a

                        Download Submit

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                        Filesize

                        342B

                        MD5

                        a9a6023650364301fd63ea4d972e3aa3

                        SHA1

                        8c208d3e7d43a2d3331257ed07e7813619199b97

                        SHA256

                        1c3b1098f225cb66398c689c3543143138819cd239dadab82800d80484925b34

                        SHA512

                        22d512acf2f8312c3d1e79e6a9eb11375e46c5d9e0836c9e9fe39c39f010f1ec0ae8a6d64efcf6a1d5f7a58a33fcab4afdb7de31dbb021275d5760a636948566

                        Download Submit

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                        Filesize

                        342B

                        MD5

                        61ed7cc3044555e03d125fb61761af5d

                        SHA1

                        f87d711037c554b6df6267ac01da69d91c6ee3b1

                        SHA256

                        188c9559570f61a774eaf82d57220e212e5c0588a29758dfcf915bc59948269a

                        SHA512

                        3bfcc8a4f95aa1dc638ba1a8a8289b5485a3fcf199bc67bb7da1271878564f019365fb9ee71e33ff04f510bceb61aeed0aeae6128e991195edf38fda185747b7

                        Download Submit

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                        Filesize

                        342B

                        MD5

                        11a3d2c0709e7a58e1caeafed5f0eb62

                        SHA1

                        dc045295076bd4de417183a1a1c5fa73e56cad36

                        SHA256

                        c81738533dcf058a559b4a76b40570aa3ff51c458985c77402d8de0e01818cdc

                        SHA512

                        d11e5fca52b6cf04d4c6f13d77da642f78be9117f63373056b0db2b97247499f31c78d0bb2e60c48cb4edad77cdfc0b6ab7c668cb8ec1f1c21e3727b6ddc7637

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
                        Filesize

                        16B

                        MD5

                        aefd77f47fb84fae5ea194496b44c67a

                        SHA1

                        dcfbb6a5b8d05662c4858664f81693bb7f803b82

                        SHA256

                        4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

                        SHA512

                        b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
                        Filesize

                        16B

                        MD5

                        18e723571b00fb1694a3bad6c78e4054

                        SHA1

                        afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                        SHA256

                        8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                        SHA512

                        43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
                        Filesize

                        264KB

                        MD5

                        f50f89a0a91564d0b8a211f8921aa7de

                        SHA1

                        112403a17dd69d5b9018b8cede023cb3b54eab7d

                        SHA256

                        b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                        SHA512

                        bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\Cab4C4F.tmp
                        Filesize

                        70KB

                        MD5

                        49aebf8cbd62d92ac215b2923fb1b9f5

                        SHA1

                        1723be06719828dda65ad804298d0431f6aff976

                        SHA256

                        b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                        SHA512

                        bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\Tar4CB0.tmp
                        Filesize

                        181KB

                        MD5

                        4ea6026cf93ec6338144661bf1202cd1

                        SHA1

                        a1dec9044f750ad887935a01430bf49322fbdcb7

                        SHA256

                        8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                        SHA512

                        6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                        Download Submit