Overview

overview

3

Static

static

3

Act I - Ve...da.exe

windows7-x64

1

Act I - Ve...da.exe

windows10-2004-x64

1

Act I - Ve...m.html

windows7-x64

1

Act I - Ve...m.html

windows10-2004-x64

1

Act I - Ve...47.dll

windows7-x64

3

Act I - Ve...47.dll

windows10-2004-x64

1

Act I - Ve...eg.dll

windows7-x64

1

Act I - Ve...eg.dll

windows10-2004-x64

1

Act I - Ve...GL.dll

windows7-x64

1

Act I - Ve...GL.dll

windows10-2004-x64

1

Act I - Ve...v2.dll

windows7-x64

3

Act I - Ve...v2.dll

windows10-2004-x64

3

Act I - Ve...lob.js

windows7-x64

1

Act I - Ve...lob.js

windows10-2004-x64

1

Act I - Ve...ron.js

windows7-x64

1

Act I - Ve...ron.js

windows10-2004-x64

1

Act I - Ve...GL.dll

windows7-x64

1

Act I - Ve...GL.dll

windows10-2004-x64

1

Act I - Ve...v2.dll

windows7-x64

1

Act I - Ve...v2.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    135s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    21-07-2023 06:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Act I - Veda/LICENSES.chromium.html

  • Size

    2.0MB

  • MD5

    2c3a756b58bf9b9d235fc48ed41bf6d6

  • SHA1

    14e7d34e1f372de62a9047620c056085c570f1e0

  • SHA256

    c82c4f6f822bd059e5b0dc98fdafc53de9394bac81766bbd27fc22af88f488c5

  • SHA512

    b8fdeb41c6dae90d1bfe81813f77d754593664562d682bc375d3a61ba98261557d724fc2d32fedcb829af2c52f920c05e2e80fdbe30a727de4cd3b29ce0aab37

  • SSDEEP

    24576:TKwBmmnLiLCkjrmr9KPocjjkUSuw6/Q0ku0:mImmLATnUs9j+04

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Act I - Veda\LICENSES.chromium.html"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2332
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2332 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2940

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f581d6b0e5a2fa39d5c758694e43827d

    SHA1

    90e8bc2a79bb02a9bc036448d21a64ffad61ab0a

    SHA256

    1166e78fe4a71bb482ef62f85117464b85a64215f380bce90cf1a95ab0eae8a1

    SHA512

    0609ad9c22aa17d1855aa27beae3d7a36cb78677ccc851b1242a74dda429a5c137d66322043d5e0a572242073619d516b21400b8b5200361139d84b96c32af70

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7a195defc2e44e934cc7e9e804a64468

    SHA1

    3fcd207f82d38a4631dbe7142bf483933e7aa2ee

    SHA256

    52105f5b3b9cf3512be9d53b2ceefd98f574f8265b266ecd613317d1a0803b78

    SHA512

    98ffbd9e1f5ff197b2146f7eac19d40a6bb558a2e92e1d19c549b09142e55ead95aa8773cee10effa98ea8e310566bf3ce0c0bf2b6e793bbff933d8988af0550

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5a0283510b3e9563d830d02df7448ffb

    SHA1

    295a1434d0dfdb136da8228c3700b08d3417058f

    SHA256

    8fcd8dad808ffbf9d80986a1371853ac686d442c0f2afdf6d572c8816c4dddaf

    SHA512

    7de6dd1becd644fdfc7ca09b0cf468d5538587937f9b579b43dc52ada92604dd4645fd4ec4f8a274aa98a59ba1e44d03409f3d8f93cd426b1357191e4ccdfaea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    29bda22b12375c115274200fdc2edde1

    SHA1

    637a4ba9eb2a2da804da24943cb4a4b89016dd42

    SHA256

    c8b632f431e8f6dde85d2ffe82bd0b4d2bac22ac38ff407847ba82959449e588

    SHA512

    ca9e698ff71de7e428be60b406369bca5402bd9ffd50de11bf2506d8aa1a39c8ccbd70fcba0eacad6c28526bca0596194271bd6b2e1a229fc797d6c9c4ca9fd7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cf4178b84bd90f9546225c7466cea8c9

    SHA1

    68ee8c3c135ac942ee3600b4b888068a92c41103

    SHA256

    b80eadff114681a23b143a1d4e43976477bb1825cbef8e7be6b8d7ed45d93df1

    SHA512

    0c3afee84cb77ec8ba4514092e50974ce6c7e066fb6d5eda7950836099075daff5cd10fd69990be9482dc6e95dc64d433962bead352fc724e913982db8e93938

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    900f81480d2b85c191ee99b37571dc68

    SHA1

    fb8066c1adc3c958385a0601ff241f45d59d1a75

    SHA256

    ef4e03b49c949f817641ceeadc1cffa182b56a7ededb6cf2402f62202aaf370c

    SHA512

    fccdd80b5801d327a501d141eb7d0ed2eb5b34f1f721714f73352242bc9ce23f0ae8a0aa5e7e12cad83e8d4d3adb372aa4ceeaee803f66f0433755c4e2fef571

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9a9c5754f67d2f4cee3ee832ab5e3221

    SHA1

    7a52839fc7754e3335cab03fd823764ca9191d73

    SHA256

    689ae4ee5361359d740bff786f16ecf2568f81f1a02023cbb4f5638d73abe75d

    SHA512

    e5f9e1f0aac53707fa0f8853730347a3638bc70bec708eee445e2cd117b9711e879876d81847eac86a5d2fa627a4856c9c5f55c24d6432a4122a2fcae2122857

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7499d223e333632d910768435fcc8712

    SHA1

    32b8bd7454bbf5d7cb3008641c5132b956c4896c

    SHA256

    6a99fb31c294eb849b3de957d97684444d01a0aec5cf62dc06ee614f2ea7057c

    SHA512

    db5468be16e2512666df6bcf6d611f32c4ffb6be83bc19654214b4768ce8a4ff7b6432a30608738a44216865c152a72b13cc2e6f814f86edca93c15113b52802

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\64WRFCMO\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabCBC9.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarCE5D.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\RHCXMU5Q.txt
    Filesize

    601B

    MD5

    b055259a75f5805d2510b81a46a554f1

    SHA1

    6def85ac02fe6c5b996ae7f2d4cbf50778f6f87e

    SHA256

    90d77d4794d6d1cf8c6a3de02bf6bf3a7a9fbd10af340f7198f70ef6af7eba83

    SHA512

    28809966584474170828ec917bb71990649461977462efd553600dcec1d2825bf24c314f7231ea25e4eb9a3e945d17892e6e09f5801c93ecd6f7d40b18a1aeae

    Download Submit