Analysis

  • max time kernel
    120s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03/04/2024, 18:28

General

  • Target

    $_21_/Alawar.url

  • Size

    44B

  • MD5

    530d6f2372c4e6487bc4dd0dc14841ea

  • SHA1

    86f8e5f97885906f5287c68d49f914cc976c09c7

  • SHA256

    3456e6cde68af8a36437fdd8443f79d3cc9abbae7b49d5820114eba357fd82df

  • SHA512

    8a910e06b474f09e113114eb52546003e41be260cb054b938d666d500ccdbf0247ba2d0ef25343e3fe9b89b6ea6b9be545ae47b94c5bc7871828623a4790cd51

Score
6/10

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\$_21_\Alawar.url
    1⤵
    • Checks whether UAC is enabled
    PID:2920
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2936
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2936 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2616

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

          Filesize

          68KB

          MD5

          29f65ba8e88c063813cc50a4ea544e93

          SHA1

          05a7040d5c127e68c25d81cc51271ffb8bef3568

          SHA256

          1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

          SHA512

          e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          4f457534c753cf68e7f486a7844fa2e2

          SHA1

          749a0eaea965835a0ec4d66ca740377ee00f8993

          SHA256

          d61980fc413d9c493bcbe7765e09a66a572940cde91c13d7daeb7a58e841bb56

          SHA512

          6c687f7aa3a5a3b181cd87d7ad43044d6ae32c717de046f5b188231c446dd6fbd10115d90a9a798943a94981002d5eba6af8d40ece579316d65ef1967560bb65

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          82bb198c11681d15ee07d7ed9102f783

          SHA1

          14435ed041c87a1f0b517dfda0f1fc116ae0e25b

          SHA256

          4ce11024ccb90b75bf6d9aee15b60a680efe4b585b529f7ef630b63e8657abf1

          SHA512

          37ef096c905cb3f7665c720648952d54db70f565d32fe9c9526ccefab265ebac16beddc4806bb078ad7a72a97acdf00d74fc4eaec8a2314cb6bfa2862c26ec21

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          5c0cef66d6e18429a10109023bc42708

          SHA1

          e3f50bc9ad40f91479cd72c10a952bfd7b159a4b

          SHA256

          ee7331c4c1d46aff3a86af752a688131a118b06977accb6f38bd133e06fd603e

          SHA512

          cc59884541a7f975c4c2361dfaed8c75f9db9b9f3adcb552a3fdda5ebd2fc27ba30074e2aedd64f9e727deb0a2e9496f15583a11a45b9087273cc44488938c49

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          054194a7b32dab8dbdee39b3b5d79b86

          SHA1

          dc20387f75f393bc6ab5fac25895d76931953653

          SHA256

          5c2c4eedab06e4b02fd62748490629976732e95da38043625a7c8ed06d727484

          SHA512

          a08a9dac2f3c624f24bda19aa835e8253fcc4283cd81c354a09c8c84e7ddb71a98bbdbd6e4a6215139f967647456ec527f23707bf2de6269a340035207a0ab7e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          b8eba4f9e528b2e1f1eb44094dd342c9

          SHA1

          fe66289e1d0f7f80fc9f47d7c8cf8d2a73c788ec

          SHA256

          9e146869b00c4b8e23685aaeab2f41f9be0955f420d3579535f29c3c2dc66881

          SHA512

          d2ebc8fb15098e78f04a6c6218913b33f7f4e9e27f0009816b0b3d9c06f2be97612e2cc7e66e00185ebd2e235d5993e24f719a428b41e182ce19d1c86e2fd3c3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          401e2a12d998504fced67ce3b6833df2

          SHA1

          88277530de49d56c5be89487a8e98b94ad9ca471

          SHA256

          6413bb01fa47e8631531f8e5fd120403b050f1eed98c6428ed178ac71d7f1cab

          SHA512

          00fefabf433c1123a32108a112127ac33ff4cccefcdaf68772aba4df38b72e5e7598afd0fe5eab9b350b827bd3ca735db92b88e15bbdf23cde74afb9b0ff0be8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          68b0e461f1a6cc0b1acc8b88fe40c536

          SHA1

          7f5b48ac0f3b5a3422035298edd3669f6c95df89

          SHA256

          24b7f907dde1cd3334dca6b379eb708758830bd75b6e195dd14765f3e08fa781

          SHA512

          e24d1ff6612e459f6b72e10e8057585c9d9b29180150290c62ba5b125345d687b3cad031579b203645346828d65e3b0849d3f7756b0db995f223d1330f91f8d2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          4a41851e9ef787f8a26ff8c9289b275f

          SHA1

          181f7394b9f9620c983a2d5cea15c0cd2d042e7a

          SHA256

          f7995231e2eef24aaeb7100b57aa2373cbc9d24af43ce73a0e79afb59c9b527b

          SHA512

          d078b2f7199192bddf77942f86acfb0b702b97f95bca7c463dc4ca89aa6f841107090d03d330e54bb14af230d309835642a4290c1ea246e0855c876d7562b9a7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          33bf826d219d5acc2239235bff168b4c

          SHA1

          ae33493659547755759c909cec9e6e63a6df1c47

          SHA256

          9af573d6ef2bb5839e98472cdb8b238603e3450f3f8293f26ba631213b60cfb2

          SHA512

          69a5bc510c639021f40b9b1763fa4cea48157b23797bf9646e05786d345eadc010025b5b32088381861887e7ce69f1bae2aa3beb34859f630761ecdbb9c501f3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          00da39c9056350f2b17bb63852e96df3

          SHA1

          19ef0eb340bb03a9ec982330d9a220c6d6d2d782

          SHA256

          ffef5b96fb12f9943283a33f94bdb9c91a210a296085ea3d4408fbcf073d09d6

          SHA512

          acdf1d57d20af5c13a7d1f1445241327b674fcaaad3bfc6667dad62fbc07362da4a0fba67f3ff091f1e20074c03f4d6132090d182da35bcb3f198c42a42b9202

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          0f0dfe38a42e0dac5f5ce2f03da71774

          SHA1

          b0333ad779bfd1e84b6eb7191da86d2c5d8836cd

          SHA256

          9ec123f4d0648a2369ff08d18ac475f7c8ce92d859e4f67fda600df876678c07

          SHA512

          9b8f81634ddf7f9a6d433648bbdce8ee9459cb910aa1628d4a3644cf35d3aa2697c29e296959b5d9c42861b4ecfe35c43a1d468b4d4f9618f3d40ada9604eb15

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          0b30e68a008e58f6e9ee7424af35e4fe

          SHA1

          5f5cfe58c31e15d828adb72b7481f48885266995

          SHA256

          f2f98bea57a5fff649513ed8fa3255ca3933bb3118a81ace213577cac2f5e06f

          SHA512

          0f703cfecfe1aaff114ee50796384fa17742b4a752bbd1f75cbd9542023a00878c0f804db3f297ac95f8b0586bc82e1074cd1e3b39b33c48b848133d6cc5fee5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          c57225dfe2ebe300c24daeeb101bbb7e

          SHA1

          ebec885ffa9967a58ca23e236a410dcb464146cf

          SHA256

          116951e755463678d996f60039784ec263c85c7576500cc970db969b37f4562e

          SHA512

          1e07d93973fb9f5890ecb2b9b358864e4c1f09ffc834e78e0de7e6d6f2820f7042a5b00cc273a6967df7df9819a727e455616f2500abb52687b4ffb1cd061e78

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          6fb770fc0f6dabec9874252bc3a1d002

          SHA1

          388e6d627802e850cc5e8abaf676645d3d73e8a6

          SHA256

          00c1f2f2a5346dfa1884d0388297b532eb589c5fa6fac068187448dbcd329298

          SHA512

          07a0eb21f602dfd72aef08ce23e6a6cccfa9585c34ff11143a7e0d101db8fc8443587275c6f2b558e99510c50b41d451130d868896e8686cdd2a2fa7e4ef0fec

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          0f60f122106ee3fc25bb1c6ad3353adf

          SHA1

          6876aef9f5e1cacc7ae4037528050fa303edf902

          SHA256

          ee5175a2065d931cb66989b0b57b3326a7b5bf80e90c89d506121d91b043850f

          SHA512

          1a1e6ec6bffd2a3a97c729c12f19c261861b5ede093d9b1f626f1fc9566216a332b7a4e6a502c0ec454fcae174360bf488e982bfbcb688a22152231518d04bf5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          7d80cac3f1cc25c2f54bb69dfbe5aca7

          SHA1

          254680a5f72af79e8ceb19670f693ca9c5742048

          SHA256

          9569140274547a00317d40532bc5e9e8fe225f137847f76456cca25a3dce4daa

          SHA512

          45b03e1cbfbfd4b2efeabe07c005fe6fae91e70e8020345fcb85b5a81d20ac5e05ff0b0b7f3640e81b8d3e51c399943b4a1faddb89d54dd5136c3b62c259af5c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          a9de98e51665e74108b9816dcf8505e0

          SHA1

          9bcc03e54b36c02d25fa59c975229e1e44f267c5

          SHA256

          d37422bb38497886c07ff279b16e6d31583ba51a8cee67e39b701917f4de30f2

          SHA512

          fb457d48cfe72e368f3a23107ad1c5550ed9df71191466ae03ea74d3bc05b3aa5830ef3b49569413c80b4786cb0424e56a0996bf9b3011156fe7c957efc857ef

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          f9c84ff797056eb8f61f10aa4acced06

          SHA1

          eb08c4e862cb29224480a11a00ea04487db86652

          SHA256

          f1de71b46bd93d999cb6d3c302bed945493a927e7851f012d17274522ef68db9

          SHA512

          205dec4fe2b585db4208510d303059a2f31786af6bf1b189ba04826a23cd1d690755a35310ce174735262ab2c6d20fcb8ad64584410384c3297c62d54638cf03

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          23ce733c9c6a0ef88ff3360b338e0dd4

          SHA1

          d5639157b571e09d2e2622d66d3deb79b17683fd

          SHA256

          2e9fa233c016730addb7cd5ac4f12639a796b2138c5fcc8fd463389a006a46b3

          SHA512

          b14df0bbfe610380b2d691e0b5c02f14055267214b680168fe7bba4d611c315a9c18868536b574beaf904db42370043363b7e9ded3f604fdf7f86fcaa4d3ad7a

        • C:\Users\Admin\AppData\Local\Temp\Cab3BBC.tmp

          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

        • C:\Users\Admin\AppData\Local\Temp\Tar3CAD.tmp

          Filesize

          177KB

          MD5

          435a9ac180383f9fa094131b173a2f7b

          SHA1

          76944ea657a9db94f9a4bef38f88c46ed4166983

          SHA256

          67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

          SHA512

          1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

        • memory/2920-0-0x00000000001D0000-0x00000000001E0000-memory.dmp

          Filesize

          64KB