Overview

overview

7

Static

static

7

Data/Astatix.url

windows7-x64

6

Data/Astatix.url

windows10-2004-x64

3

Data/CrazyTet.exe

windows7-x64

1

Data/CrazyTet.exe

windows10-2004-x64

1

Data/DGO.url

windows7-x64

6

Data/DGO.url

windows10-2004-x64

3

Data/Games.url

windows7-x64

6

Data/Games.url

windows10-2004-x64

3

Data/Help/...ng.chm

windows7-x64

1

Data/Help/...ng.chm

windows10-2004-x64

1

Data/Homepage.url

windows7-x64

6

Data/Homepage.url

windows10-2004-x64

3

Data/Regis...g.html

windows7-x64

1

Data/Regis...g.html

windows10-2004-x64

1

Data/Regis...s.html

windows7-x64

1

Data/Regis...s.html

windows10-2004-x64

1

Data/Top100.url

windows7-x64

6

Data/Top100.url

windows10-2004-x64

3

Presetup/Ungins.exe

windows7-x64

7

Presetup/Ungins.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 20:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Data/Top100.url

  • Size

    89B

  • MD5

    69c38f286df818b3143262368d2defac

  • SHA1

    217fdf3e16aedc6bd7c34fc65f841c032763a3e3

  • SHA256

    25e1f4f403c488473499ddd83212d5944fb959accb2593ad2f614ff0d4421eba

  • SHA512

    5349c894ad2125c4e8dc6b61697261974e46e9de7b8d8c4bfa29bf7c4ab00351f18260395901117e5aa3281794461aa2efd0c74ef187bc42e59350e42f0eb1f2

Score
6/10
evasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2012
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2484
  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\Data\Top100.url
    1⤵
    • Checks whether UAC is enabled
    PID:3036

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    515d5c419d48720f0051de589af16c08

    SHA1

    b85f27b517f1e90843c3c90f96dae41368aea5a1

    SHA256

    e91f618a3dbc5683ed57a95ca806b468c79dd93b261efa919538d8e708e72ec9

    SHA512

    979fea51d0362a00a0675c280cb7d7fcde9d78a7300d623312ff4386b396ee2681f4126b6dc846a65ca8aff4b3963eeb7f8a009cb9591f32a1937c9528a4044e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    08327fe452d9ad524cc35ddc1034d8a0

    SHA1

    61ffe073d602ca4530624186823a91b71765e24d

    SHA256

    74a6f7630b55caa19ec48c9fad74972a7e4f91310dc00f751ad0adee22c99e2a

    SHA512

    a6efbbef1bed630b6edf163088f2a909a7160069787911f14c2272face37c0b2d56afe0c5c16c50fba90a1d9e304a2db07ee720fbfa21133821fd4e6bde64f29

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    77acb33089a9645b28fa5b73a9610079

    SHA1

    3f8e9f81a4b329e0995ef04c8de1e45b995b96f2

    SHA256

    04a0fd8668b428f33124def9ced320a393079fc0e0939fa1a696d7008688aaf3

    SHA512

    3ab609e502bdd5dde74e58c7e0afc2e4aeb0b556aa4e39da1755be060b33f7d368fad685d6fe6ad23fc59cf60d71217b23c5ef3e57eb51c3a95cc18e97fb3318

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f803ae94635e1c0be74a80989f663468

    SHA1

    5addd46353c02da46a590d1b5b58e8bf0cc01a40

    SHA256

    5b6f9601ffe9f8b0f2fa7062f357ee35684273f59f8b2bdbeb2491cb64c82da8

    SHA512

    56f4455f637ee00caaf379854ecd89f0c2dea54d9aa04475b96e40cf2550d26b557f36eb9c23cef54b78ae87fda7bb92738e1f61231e172977294fc7bcc4b49a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0c37a304b8daba8eb3fc7669d830f6c9

    SHA1

    09aebecdb1e19fd0906c9079c59765024aa2b496

    SHA256

    b3362c9795176e598c277459ebc95b83af02d5dc1a7d4e37fba9bcd9824190a1

    SHA512

    35f34be22710bc2b3d9f6ff96f30a81e2932958d67bb14adfe863be977f503da162a32fd21df1ad10df483eb46242a92e8cd4507221d3629961489fa274e752a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c3118c72f7d35b578649095652b5674f

    SHA1

    07aacc267d86fad8c4a3eaa451a84af3e372aba0

    SHA256

    d94df639a6ce8e55b94b9c27127b5c0eb21541222f98082792d0e44702d1583b

    SHA512

    a06de119c164f117f222f005bc46c791961526afe075f5cfd9094011eb37015bb04d8b968aeeffe2645b1a7ebc51117e42343aa5f7c65f3c384e6f016da48bc7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    575600e9fbcc2816269f6f069159654b

    SHA1

    998439ea6db609c5a281f3efee0432af1ae003e8

    SHA256

    6eb31c080bac8efb5e37bdc8e1aa6af63c0ad3af08b2588a6d95427f056d240c

    SHA512

    193521eff93642bf6ccf99e12718e81f2145f4ba83895a5c12e1b9900f837a15daafd32a5509c6834a30fad72199727c68195180335d59fa2cbffa9790196af5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    da816120bc94cc6d5828db94a9626380

    SHA1

    6c36d36eee0a8f41493e3289079846fff41ce57a

    SHA256

    b144ed71faacc73d15e6aa3cadf707ac3168faac0e13e9b2b2625dab2f03c32a

    SHA512

    ccaa27df598ed10b07ba6daf47149a81b8f1ac06793fd134c073bdefc1c38f714e0e3634d97f43fcff52d1bde12ac8e981c35e19e6f8ecd7f39284db8dddd613

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    676710e0e8fd27382bb70a3dec79be82

    SHA1

    7329dddd23b67fa800246e0a1daf4acc334326e8

    SHA256

    70f630403a4b14901b848a74afbebb84a0a2af54b82dabd6f39dcbd133164e20

    SHA512

    3989fd45d9001209a4bb185b5000b8cd6829125b33facd618054a50f7698feb9c18826fb6c6b36b52dca38cf1af82ceb8f3b3eb1307c6d98a24bfa3c7370c5d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ad2e07c2bba8e98036b180a1dcf08ced

    SHA1

    3c4a25436cb211d166eea510a89f669a11e7c384

    SHA256

    1f869660abbc9a8066399d4d25db1b3bdb2f103234a6114afecdefc5179f5220

    SHA512

    7f84669038521c1dcd0e01fe49d1c955cea8658ad7dbdc86441c2ebecccbd13e743835a1c07bb9b0362eff5857c34217f41d244036db7e230b330afb3e3ee75f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat
    Filesize

    837B

    MD5

    28270b81890f88b6ca30ad30651d3cf8

    SHA1

    b916f02e7bcde9aff518e8d18c1a1edad7cae75e

    SHA256

    7fd5e30fe4e8e563e8db1242f048f4a38a6de09b2c34669cdaeb569ce6f61081

    SHA512

    c7887573ffc318ec2af99ee88a1702f24e651d34f238b8f0cb1dece220b80de302107fd50c4739d29926a38f678cea95146e0d2c8a44f73148a0b1a6ab8aa38d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFLWQ602\favicon-16x16[1].png
    Filesize

    657B

    MD5

    0bca3069a605b7170c9858c3def69645

    SHA1

    56f92560a46d03162956ab37306801e977ce6865

    SHA256

    a3528c6e28329af32a13751c1799d8f8abbd325c4e654f910a3e52f158afc5bc

    SHA512

    6944a6a818edb76dbc1d53cb173cf4fd8c8383f8bdc8be9083a259f3e3190747637a3d91987a5f8f70e717ec33c951498a1e90c5424e460c84268f76423c4eae

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7AAC.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9311.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/3036-0-0x0000000001D30000-0x0000000001D40000-memory.dmp

    Filesize

    64KB

    Download