Resubmissions

30/03/2024, 14:33

240330-rxab8shb28 8

01/05/2023, 11:52

230501-n15e1ahb8s 10

21/03/2023, 09:18

230321-k9l38she38 1

Analysis

  • max time kernel
    100s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    21/03/2023, 09:18

General

  • Target

    .local/.threat_dragon/app/layout/update.html

  • Size

    592B

  • MD5

    00a54bc25a7681b257f82a69578b21a8

  • SHA1

    a71a6f56c45212ec86c460b5783124207d6c31a5

  • SHA256

    4c682fcb5653310f0c13ecc877b15da4ecd63c340b9725b089ec07e53eaa8518

  • SHA512

    3af4ff978db5b900797cf609a1c78c196caf4cacf0d4de037a911e9a93de08844f42bfdd82db7bcc25aa1127916c288ea3c62beb8f6559852c5966044e8a42f7

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\.local\.threat_dragon\app\layout\update.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1120
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1120 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1716

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          85b11765d1a1671823dc6aeb82b21ddd

          SHA1

          f24c1333fb9000f0dc10589de769d4e66bd7de07

          SHA256

          81f6e57e40eefac5e73739a14023bcccff5d9ed81b2ee78f861c2b57215e4a1d

          SHA512

          d64ab2425898432e309396e219b3d3b34b422d3cfcb9eba76925d5f99fb319020fa9b24fff5e78b661e334be79cd283f55f90ffb68d0e17e529a45fac17fd60e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a4ddf84fae2055585751057698aeb793

          SHA1

          7df8929261a2f59e64cce4228a37bcf881fffb52

          SHA256

          8d138633ce0d084b0eb58eb22dab000516b8dac70f429ffb6c68f1188c4171b7

          SHA512

          a8569717b05754c309184a7f62dfeadc9fb596afe188dda8f18aa4e82f45285785cdd2ef798d963f1c9801eb8d53040af34606bac261e762167792a9595f08d9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          94893fb2bb89e3fd03a3e3f7344ed2d4

          SHA1

          00fe896d2e9879d24cfa723b6bdb91ee9a38cc34

          SHA256

          c0df35eda071b72c0661af8a481b4810bde976dee2f200c92c0f9b77b600dd68

          SHA512

          c5d6e420dacf58e5bba589a57e9028792ee624bf6fb7ee9608d0ae76e4f95ef95d22068be63ee535ae50f30d93b8e9abe8184456e506ebfa6ce8219028911263

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          133f5e3b7821b35f81edd72aee06054e

          SHA1

          6eda1990b3d6c001a3fccbaf8f6275c0eab3a33c

          SHA256

          f7825a2fe43977f2cd7c32584f3c54e4334ab99d86eceb2d316209f0d7807a71

          SHA512

          13b46d15641f4779ff9212f54ae8c0c418ce21078ed57ca5bea84b9b1a7f9f9766f079280979a3ba404648176f7c68ac5120c2491c028eb40009c4e40fde7839

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          f1d8746e738855d1943780449be0afc6

          SHA1

          bc389339369e010a8d04371d49ad7d839c1776e7

          SHA256

          c231637d7e07a2a931edc587b37c88094221f4ef51f1d2c987d705c30ac5ce6e

          SHA512

          f26427bb4233421a8d9706ea4ea4db815b457e68c9bc718759040acec0e2ef1434afaaa994e7a05f677fb2b7f9fe8aea454d554bdb9c2090339fdf5502e907f3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5b6c11474678a2df2661b35946df36d6

          SHA1

          e3faf43fb60930fe7e1bcac65ca9109d11e7e064

          SHA256

          144f984b92a8b5a7e71382313319aa9d498ce170f3f042c73cebd7874bce263b

          SHA512

          415b27a59e5ca5a59490f653939610ef04552dbd50fbecc27370703d221024aa25f05f7f7b2440046b6cfc7b0b37d1c4401df40315ff387f0d28051c14e31d09

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6abdca37d95f8876be4804f6f2cb8405

          SHA1

          210df95e5508e237e5fd55d79e6d8ae46506c678

          SHA256

          4f922f70b9058a7a2e546ca22f45b00a9b3e031caef28be86b9fb84c5bc7bb1f

          SHA512

          b0dc3da22610727264c38701c2603cc5b5e138440673d7a1b77d0bcfba36f5f40c90732567baf93312847aeec9474e39e967d12eabe1ff54376316a5246ac04f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          0c268cc9cd0e348243ecee478a026c6c

          SHA1

          c8999ec63b078030d9fd4b9b369b417c4fb5984c

          SHA256

          8c09931ed404b4ce3d97303eadbe9afb3978b838c62d1dc33788c024111979b1

          SHA512

          27226b0720b45d6bcbb8d02dd5c802286e3e039ab77ea4d294f6fa94f57df66b6339cbd9ed2693274f56204bc72e904441a164a57c78edff24e56fc95e83e039

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          fc7a04721cc3f6947e89ad0428fc4f84

          SHA1

          e11f021b5112028fc2385d5b0d2e41066e34ad90

          SHA256

          623206fb6d5222341db4b02d70f0dd6a28efec3223bf5851f065ffc7ff2c4907

          SHA512

          399b681e5f6949ffceed0aad1ccd2ea2740d8b6836d52e02a376a96726a6f1eb3ddca6de24c0af6249934de60eda74daa645ba312dcf26a5e8e2f26e20519cec

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d71c7065b4dfed6b47d06fd691518ac5

          SHA1

          9355a2f2e6c558ee5bc34312d758e7260efff429

          SHA256

          2f41e90ab11d06d4313ceaf5dc6602f5e0752ce8ff409f1ac6e03fcd3fa8dd01

          SHA512

          44159525c99d9931762ad7c4c30699a754919810e1f2d206ac4af9d3e964cf553dbc23b8e666c22e466dd8197854e07a97bc532f59cdba369762499ac850ab20

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          30c165ee4cdee43eb743bf11b7d36568

          SHA1

          e1de96d04f69393f8fdaab31ca7a4b5e0a3d77cc

          SHA256

          f78cae5807855a272234ad76faf6ad63035ea90c9ede4ed893f03b8ced916515

          SHA512

          b4758c3b542de69e991959fcd6f020403c39a33d01d444d1a07c84498256685b596dd2ee9637e835f027a1305ad47c33a299486bc61e3637f7059886594fe44b

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQ77JNZF\suggestions[1].en-US

          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        • C:\Users\Admin\AppData\Local\Temp\Cab84AD.tmp

          Filesize

          61KB

          MD5

          fc4666cbca561e864e7fdf883a9e6661

          SHA1

          2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

          SHA256

          10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

          SHA512

          c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

        • C:\Users\Admin\AppData\Local\Temp\Cab8710.tmp

          Filesize

          61KB

          MD5

          e71c8443ae0bc2e282c73faead0a6dd3

          SHA1

          0c110c1b01e68edfacaeae64781a37b1995fa94b

          SHA256

          95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

          SHA512

          b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

        • C:\Users\Admin\AppData\Local\Temp\Tar8773.tmp

          Filesize

          161KB

          MD5

          be2bec6e8c5653136d3e72fe53c98aa3

          SHA1

          a8182d6db17c14671c3d5766c72e58d87c0810de

          SHA256

          1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

          SHA512

          0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\53FJ9F6G.txt

          Filesize

          608B

          MD5

          5129aef936d54f423527b7deb9f7aa1e

          SHA1

          5133df83d147fee361b868aabd98a21788796343

          SHA256

          15eebce2ea11bfd2e405bced05b51a80b1e5c7606dcb4c163a812a4a27d49916

          SHA512

          4c91080fee0aa40f65b02cb4df2a3cc0559412b0e04fb447099570a0617866b70556d121ea960898a66b422e3c5e30957a2ba29968af9b9274b0b6b56ab3b644