Resubmissions

30/03/2024, 14:33

240330-rxab8shb28 8

01/05/2023, 11:52

230501-n15e1ahb8s 10

21/03/2023, 09:18

230321-k9l38she38 1

Analysis

  • max time kernel
    101s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    21/03/2023, 09:18

General

  • Target

    .local/.threat_dragon/app/layout/shell.html

  • Size

    193B

  • MD5

    51df812cd87b65be49f3081d37e88199

  • SHA1

    58627c9c1ee86a6da557a2bea2e6487c5be2702d

  • SHA256

    d4be4992f8f388b4ce9d8014190f442c445831e4130aa83bb858f879660cc9d3

  • SHA512

    f9409b21f395099fc9fa41e56f01616f83d0aafcf9b56ffbf9f2ba5101ce7a476b9d79ab2e0e17f23cc633cd34df980fb07bdb27702f8bdee76c608947658cf8

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\.local\.threat_dragon\app\layout\shell.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2008
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2008 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1876

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

          Filesize

          61KB

          MD5

          e71c8443ae0bc2e282c73faead0a6dd3

          SHA1

          0c110c1b01e68edfacaeae64781a37b1995fa94b

          SHA256

          95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

          SHA512

          b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2a5f487ee260a6bd6bae621aa969ad15

          SHA1

          7f5f153d5812580ffd032f786855a7db2f5b96aa

          SHA256

          ae96884e79a41b1a8e9cc6cc3422636724aff157018b19e978a7dc7558cb52a2

          SHA512

          08e4b40a6c8b807532287c896167435880d6a8010d7d02b1636885f4ec1c1442213e63215d1350ef204b7dbcb0f9bdd5962794fb144af40ebbf761c4f4c59f5c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1c8926d35735936cb4b13eb64d026dee

          SHA1

          758a783722ed72cb84d714d1e5358cf02c540d84

          SHA256

          25e866d89a9ed0dcdb7b64f5bfab7cd296c2856f370de36f4fdf2ba266068c22

          SHA512

          fe82c6f51ffee62b4f1b8fcc537539e22b50d0dc26bc4938cf449d6bcf7a3443b9ce694ce26058d58c1053c0f45422232b1af1043333c8719f79aa3fe4a1fc7f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          8f85433f90c4f72767e60d456e00b2aa

          SHA1

          c9ab27f85edbc3dfc2da62238ec09c94f6904f92

          SHA256

          f41fdcc9fab75cc0e49a148542302f73bacc21c6526e95d1caca5794f5729e3a

          SHA512

          608e90db68f72b2e11e8635a66d7b9531b3f57d6c18643d29172898bb77ec366a04ec4aa3941042fe9474c7b6afc2d90eec40eb47b9843c7b67568c25adfdd96

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          ee1dba775ff214f4d88246df0a7db8fa

          SHA1

          8a4941d252c7daff1462b48e0ba2eaf73a34f656

          SHA256

          131968f9083dec8791e5ed9d482bcb4c5c0388ab5cb4103cf71dae33a336f216

          SHA512

          b46ff4f7167776b2e30ad1bd740be523eb36ee7bca7ed737b7e5db1b3a1501b4d1b9576a45ec5c0e6495b5c4676a4b00fb23307582ca980ed1feae9e8a146a20

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          cc0fd0f53c5132bec2b4cdc6eb3cffb0

          SHA1

          7de11597b19a19be329e4d99477bae4058933723

          SHA256

          4ef1a841a7c60e2d821629ba2ab2d4a63c09458c7a26dbfda8ee8bb642769c00

          SHA512

          ef4899f4e3cb3fbf7733f54685f376cbe70a97b7234c3770c24360281d3b9f36381e43f9a43decad16748bb98123af828b522b4104380fb655e293db0c31a3e4

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          9c8b48927c12a32ac6d8e3dc60c7ccad

          SHA1

          19c2f65205be0301c401684e1637071726007e0e

          SHA256

          1813ef7cb96eff73adb876ce00ee274cba419d35343477c98f2210bc4e4708f1

          SHA512

          e95a2f3e910899b819adfe70eb26ea6e5c42778fdcefb7697deb778a541db20436e24bfe9556d0d90b850bbb9828ba62a566f001d0a7b449aacbbd0ce2e625bc

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          3b5ecd93ae03d9d6ae297f0472216b53

          SHA1

          e4cdd81257aaac26d20d6cbfe22b85724fcdee41

          SHA256

          086a2463375baf6dbbedaa851291140a2897ade17f8ffea4603bbce9708ab1ac

          SHA512

          dfaf33d71e487a953930f0358ac8c9713580525f2fc05efd10bbd9356a7b73ffd770a836113e0fbc4756370fc73488cd0077adf27edf2a1d9f555a640ceba881

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          47be2491e165854af775da3e8220d2b5

          SHA1

          f1ce1ba03092527171f293aec8406e79dddcbfb5

          SHA256

          9cd7a7f445f78a9856b00dc9ee25b874508277e0b11b5927c26d5e62b47734d6

          SHA512

          bcb790121e08d4b29817db5fed91a2d8b42f84a56bbb5900fd78e5a07e147929a3da799aee5bd614b352b59ce9fd8a13ff6f69ec2485778ef2fa55aad39ca661

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7FIT0B8\suggestions[1].en-US

          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        • C:\Users\Admin\AppData\Local\Temp\Cab5795.tmp

          Filesize

          61KB

          MD5

          fc4666cbca561e864e7fdf883a9e6661

          SHA1

          2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

          SHA256

          10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

          SHA512

          c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

        • C:\Users\Admin\AppData\Local\Temp\Tar5D38.tmp

          Filesize

          161KB

          MD5

          be2bec6e8c5653136d3e72fe53c98aa3

          SHA1

          a8182d6db17c14671c3d5766c72e58d87c0810de

          SHA256

          1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

          SHA512

          0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\2IU1YO9U.txt

          Filesize

          606B

          MD5

          10cd83d77b55388e185dd9b4f08e3d9f

          SHA1

          dc934c49cc696104c18b013cc6a361851685036b

          SHA256

          38e60154c38dfdf8e752449acc60b24026fdd47e1cfa04fcda1234cc68d5ac27

          SHA512

          9bd13b89c3643591134364bd1fc3c4dcd73755b570640bc742dcfd0d7a4926c0a06e3e19f6cabb8967f99e4de6f62084092c7cda115aa131166288de84f126c7