Analysis

  • max time kernel
    118s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 17:27

General

  • Target

    kolebot/website/GameCrea.url

  • Size

    123B

  • MD5

    5ecf0d60f61bdc342b3364a0343bdf9e

  • SHA1

    81e3d0759ba45684979fe651af13bd27c3821105

  • SHA256

    96f98a15195898d95ff46ebd9cfa350f27c5002d7f128e2dc89d21289a183b06

  • SHA512

    d90a63ec245eb4a8ed5db93467160be3a2dbe4f073606934c036567ebc677d1f16e49397d23a6b0cd463e29b52de454ed267818d16c919cb974f28e4b26be930

Score
6/10

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\kolebot\website\GameCrea.url
    1⤵
    • Checks whether UAC is enabled
    PID:2060
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2148 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2812

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    370e97cbe0288bdb69e1cc070f4ceb21

    SHA1

    f9ec6df44e7a35be71e2411d6cdff311c65f01fc

    SHA256

    cd825b76ad98a2541457b03fc907f9338cec86d7ff7e98c35bdbc376944589b3

    SHA512

    e0cfb3bb3018204931cc9d0f2ba834c5abfb3ce65bb0189fce6b13eb61a3e14df41842ad8bba54daf5f165e711818cd24dba5112996cd1767e45531c65d8da03

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9b92a4559ec58a0d7a17649d5b0cf208

    SHA1

    e3299c1da63941e464e8b407e77d34564f2a2019

    SHA256

    79a84336c69ab51a38b5db069b13885e4578858caf32ae65d75857caf96987c0

    SHA512

    6c24f311dad8037f2118803e1e2681ddce42e43b2a48e201e2602cb564ca836ea1f6809675cb238caa83f9afa16eb22a4b08a5e7043352e9e599e48ca7527c85

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    51d4977b6d7767969dc5e49a1dff6951

    SHA1

    ec1c403542f48f5bfb4362660e7cc679ad42d0e6

    SHA256

    49264b4ba6c98350193d935b218c402bdfc7098a1447eef7e0279ffa84b95073

    SHA512

    2ac19031e1598cc681140d9cc5caf10c81ae3971ae5af8a00fd2e556d4f180bbd5ea744448e4a33409b237b1d2facd40a9a503ff4334be5994306388951b94b9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    88d538a89bfd9b967d7a8131e61eee0a

    SHA1

    6abcb71f5ece24ff16972e6f2fd7473c7e335119

    SHA256

    c147abdbfa0a1bb5d19fc2f51b8cf80bebd32d6b42d31f74c2ff1a094ce442ef

    SHA512

    a0db7956310508989d6f7e5d57592549af264a7916a68646ccf6735e94482a551804be4d6733a69c8f8070d66ed81e337f1404e6caa533800ff42ea035a0d7ff

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    09695234d2f8967342f496caecf5161c

    SHA1

    c7db1dcbffe738950771b19234d7721df3b43a81

    SHA256

    95c679eafd1f1bcbc0d0db468a518ce357c199c9ac2eaacefc90951ff8586d18

    SHA512

    93426ad8fc6bf99528cc5810a4db00348dc72d4ec3040d852d192e41cdf7f14dd8f158862d12b8e2ea545c9022ed56985b190aa1aa0b04504557807c4ab58595

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5ee250052ef12b4f07702fce0a48e353

    SHA1

    02f267de539763f6c2e607be86725953ad2a5d3a

    SHA256

    745115702393d534af8e9e395b071fb48145671d09b43e08996e11059952ce40

    SHA512

    a51a8104f2bae9835454826a9af17ba0ad3b5c0d5556f8e7039a1e1d90efd2e66b678ad5a40b5d3f06a9cb86a26b38245befa8b27927d334d5f20cdf3be145fc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1fd3be01cb3ea9e28b354f4f18b12428

    SHA1

    8ddfa730ff88550eec9b425e15521892c548231b

    SHA256

    d1fb40a934db113856e12055636d2593ae161676482da8dbafe46a73770a92db

    SHA512

    55c316ff351c18b8f75a5b4e7a23b610ea5fbcbfaf590cebd2ac02e76900ae7ce8d9ae536695892507c2bc3812e679f383a2bf3e17c62a367eaa53b1d5682d15

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    036f383655e368ffb04763b858b41939

    SHA1

    d71afd54c7e513afc5285f5f9ce6e9d92ddadb3d

    SHA256

    afd3b9e3e0c3d8676757187dc3ba41eee18dc5daf2a64f73f08d355846298066

    SHA512

    b21df8aa5201c70ad40f80fcfe3796a28710ca509f48700586af959b948a72a7bbb235408edef78804ea7e5852e433405867af68a1d3704b8441dd48fcf85bbc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    175b98d1a91cc002ecb62d694a6e077e

    SHA1

    873ec65dba07540e935c30a7fef74eb394604846

    SHA256

    843c356743eb578285383201d7713fcb284b5ef3f7818d18d4fe672d0b90168c

    SHA512

    4fef289fb4fcd1d5aa9d4dac69ca70584f2de22925f6371388208fa163240c14bc0082245a84434c3f93de72a9eeb0557d61150969f0d6a5719ef7b6a1bfdc61

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a63a3aaa1dbc58f3f964dc8b7a65ac0d

    SHA1

    5d3e9ea1baab5e9943c65d7bd4848c6d03764b77

    SHA256

    7123e95f5cb5a0cccd49b81b72f4926c26563a543e38300072987d25f38b69a0

    SHA512

    a5e1c748700bd0cfb460cc5a0bb104c459c5e90eb55d430ae3f16702c1a092a2d5cce89b2f93645ee5deef31a59c93af78911f60d8d892bff6dc25d714eb1396

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    498d5608544ca3cdc85d6cc8c6c05848

    SHA1

    1e91f3c38f9ae0f4f7edf01b8303be05a587c5ef

    SHA256

    a85e900a4ff8cf6b6ee083f2e05ded88dc1792028cbca500eefe2c29925c2f2a

    SHA512

    fe6912638388ffc0744808172229bc7bb8a90caf4d5db9b0257135c735814c4c28902b98dba412ff37207598758781ebcfa45496e5af83e8d88abff21aad3147

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7c5af3c33ceff0cb9809ee4c178b7ff5

    SHA1

    0dbba6f72355552083edbdbbdee137ad828b8b19

    SHA256

    a44e2f177d1fd373cf6dfcc44f045926b99e699a613b28e0171fa78088cd8b00

    SHA512

    aebaae40b9394878e79f1c1bb105b0c52c43826f0d2912ebc0b8f8440414120642963cbef246c6bb8554e788e9caa0c842a46ff189c67ab9e38c23acecdf2ab6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e994db0eefc60d565211bb3b67630330

    SHA1

    52b40c7c072ed228660d1841a3759ad319f93219

    SHA256

    05f482596594314fa1496ba2aea99c8b1a3dc0dbc2d650665d79e820b6303e00

    SHA512

    615636f7e8272af01c5ea8b008aef151161450402693236536c517cfbae3e7eda701c1cebb154015903ba79dff27bd5bdc86ccad04d6684c71ea5731c93ac199

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    da7f34bada71ad58876cfcdb5992e924

    SHA1

    3c99849f036081ae9850b2d7886f9a3777aff0db

    SHA256

    6f7ed56b00c3db1e93f02f9aa74cfeb764c1f0564c0fb4ebc532c374e5b34a33

    SHA512

    5508bafed9dd8665692cd95f5591a86a3f4ec58be8a875c4294ee7e528c8b2d3c14aa57ea5c8ab370fafbae8978091c2228a742c3c157a9303dcc84f43ee87d0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    29b115fdb7e0d44a4801cd3b0b963520

    SHA1

    4f42358e456300274edd07b0baf77926db1cf80d

    SHA256

    8a55a024935a28a99ca93c8e1cdf34a9c7d4e4a4e4b32706501761aa23ec4da9

    SHA512

    980f1d35c5b13bb4118d82c0b0e7d657048f11cfc628cfda0e50e85793f345cc8280259b90b2fc9d3d63fb4a480eec222fb9cba36131876caea3d5e780d953be

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ea7f603ac9e181ccc9ba34479de9a56c

    SHA1

    bbed883ce1c2b10bc75c37f28a187e4a5e1ce162

    SHA256

    4fb3e975965af3816f980f2650aabb8472976568c0d952fd2216d0c6633d50e4

    SHA512

    fe03c31abd0040d2f66e89a910a8b390ba77d08a9c6342bbd92abf97f2d311137d3f20d4930ceefc3f915d87627b74ef3e72ea03012be1f4c7bb35e72c123d1f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8246b9edafaddd311b9fdbc066aa85fd

    SHA1

    5a7d80d70911e79b90ce07e3899e27847f263033

    SHA256

    82430603360adce75ce9c4ed8f0534b0fa12e7c968ccfb4e01288bf47b8798ba

    SHA512

    f2b3224a6f4c7e8eafa447f02fbfe8eadd130a40384e58ed7f41444e81a30126892aeb7c75f95a9258760fd5ccfc2d957601b6a55b6fc639b19ed34b33e8b4d5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b97d9e5499f167f06e2478b340214f16

    SHA1

    cc2252f71fd1f5002bc222a324111bc26a172772

    SHA256

    46f13e0cef41bda4c260cb666c3d84ed11c69cb0e61c8cea505bedf6064f68da

    SHA512

    1b81a0400c880a72c1a6d5f296014654b1a7dfb3619c483a44e9dcb91c8890f0856ea1762796f87920dd3a1f8a71d071f10bc898ae57a9f826ee385fea288a58

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    11ab7a6fce4bcbcb802ec5691c182a44

    SHA1

    fd39ad798bba4e69ea44328ab2e0c3d079d88077

    SHA256

    5f9dc59b1a94a8002618a17e0dea680becb833f77faf87913a39437d3165bf55

    SHA512

    0e1cfb6d45b59c49ead132e9429ef90c68e7de0c78518b9129f24d18c4797d883187f3f955e57d8f05fe495f7045100b3a87b2c566d8e1040ee4a82b70ed5d5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6307e052eaf52d000faeb292f9ad6f0c

    SHA1

    684432faf618c67f651e21012dc42cd59229af8f

    SHA256

    a9a2f8ce6011d034f23771ff58b95dc64e4bb44d847ea7f2649dbe5c3dc6bf24

    SHA512

    d0bfb610a9abce777cab665d926ed467679659585acdf8e077e1e11eb63f5a7051c91bb7b26835984a9952aac4e0cab8ea5124bd56da3c502faa2941754f7a4a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3f961ebcd8afcf2279c2d2706d3fd143

    SHA1

    31558454c174e2fc8ee2e0a142689853fb9b7817

    SHA256

    e67a1d868aace75a6806dd16331dcdc88733ffc9fcbadf149d07b1fe14c74713

    SHA512

    15318c69df536f1fb292bcb1914a3ed6dd7f3722fe08aebd58f09547af465defc38f8ff855e594bee60ec31ffc88ee2d27ff12293e3a5db7d2f9218ae4b0b0ba

  • C:\Users\Admin\AppData\Local\Temp\Cab3120.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar31C0.tmp

    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

  • memory/2060-0-0x00000000002D0000-0x00000000002E0000-memory.dmp

    Filesize

    64KB