Analysis

  • max time kernel
    119s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03/04/2024, 18:28

General

  • Target

    Alawar.url

  • Size

    44B

  • MD5

    530d6f2372c4e6487bc4dd0dc14841ea

  • SHA1

    86f8e5f97885906f5287c68d49f914cc976c09c7

  • SHA256

    3456e6cde68af8a36437fdd8443f79d3cc9abbae7b49d5820114eba357fd82df

  • SHA512

    8a910e06b474f09e113114eb52546003e41be260cb054b938d666d500ccdbf0247ba2d0ef25343e3fe9b89b6ea6b9be545ae47b94c5bc7871828623a4790cd51

Score
6/10

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\Alawar.url
    1⤵
    • Checks whether UAC is enabled
    PID:2276
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1748
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1748 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2532

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

          Filesize

          68KB

          MD5

          29f65ba8e88c063813cc50a4ea544e93

          SHA1

          05a7040d5c127e68c25d81cc51271ffb8bef3568

          SHA256

          1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

          SHA512

          e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          0725799cc1eb61ba7fafd7b6e9859fea

          SHA1

          5e0269ac18b20d3dd74ab0b507e2a5375e0cd4a0

          SHA256

          f1ecf2d19b8a0b97f7e7b88a6bbf5ba9eaaeb854ce26794d8bbf90064bc464d1

          SHA512

          f33398c2502b8e23c233372bd3e3958d47345e82f606d8a1b53bf21cd2aa09f2a63c210a8a0f5902a419305c4fdfd14efaa026449a590d0587cc4082c22a71f5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          ec2bc6792211e55273acd07170cf784e

          SHA1

          9e05c0ad09ff22b6a99c9b7a8fb05717f83369a6

          SHA256

          257b943c263571bb44753d9072e61a1e84ea13ef0d94e5a477d915e58c387646

          SHA512

          715686444230ff107ede0250fdace7b80fef033adaab958d07465c59375d3cc434b3d6d9eb0ece15934d75c2e66404515f6fff9c8a8cc1b3c85a9f1f2c7a77c5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          485fc792bf4d3e0e64686feea99ff5eb

          SHA1

          8af2f62bb37df823711ac70766cf969f39413867

          SHA256

          e3571796d3b0f815ee9f11bb4ba5fe016e289c91ea91f22dc381fb6ecad69120

          SHA512

          21f6bd61ddcd109daaadbb8fac53157a66ccfa7549307002daa63970ce7a1614f204b231e6e6277a31757fee33e06e47e4e96c233f3430cf0d4b045ce14c902e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          672f019fe9bcc6a77d50bf42075badde

          SHA1

          17052c67524543c98a58f0da15902bbcbbc4d543

          SHA256

          b72e4bd768fca904e483fd853091ffacc4795beecdd62a08117a151081da3dcf

          SHA512

          bb7f5638f17bb6318875cec1559bf200a4edb31baa9a01fc5547c63b51073146693909d46fb7db78c04139867a1ba29fb6824d29bd5adde7edc08c54f3bf013e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          77446e432d3b9e8da101d178e213eed6

          SHA1

          733b3d37f45c492ad157a4962fd316fcdd984804

          SHA256

          c4bf6a80c26c7f64504074c92c89c2cd447022f425e473b6d3c35512f54e4221

          SHA512

          f58e92bcb4329f52cf51a678061179eb420404f14ea35d5c7f46a303ac2764a623f0534985e69c47de34aef47a6d9d461db42362db9745654cec28598b7ee262

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          adb286fdfa13026f47e474a205618aea

          SHA1

          7ceb326fe7afca3c80dc63a9c0c5938f3a37edbd

          SHA256

          a5d1e199e74970842b2edae4f3a5702b2bc9f1d628752995563faf5679459ab4

          SHA512

          0ab0b33ab2b062c5ec0c48f27ac78d29ef3badac884e396e25a9b8f166c80237b0cd3315e7b647625eae23b982d30b1e94fbb0155d69a38cf5e3c859d8866f33

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          0e3205c3b138ef9f01df40427d7f49ec

          SHA1

          88af804fcdcdf8d18ddbb1dc71940a02ddfa0be0

          SHA256

          f34eebb0a4796f2abab258f52bf593289a1b0e6acefaff6dd449fb554ab9cee6

          SHA512

          b5b520415495e684bcb61e4896544628cf9ea55228f56d0e90e3c9705665eeab7337fe19ff0ca9e3b8454dc08a7cc482562b812b00de879bfe4770e1b6e00289

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          4a4c47deab25f1363db8f04e34ca0505

          SHA1

          3e874e50acbd1c21c1ecb45271e15c02a4ecd8ce

          SHA256

          24e47a8f34844e30a5dfaa67e05ba57197985e097944b83a553b2191bc3f650e

          SHA512

          a258749da481ae3e2b39c0dd3a6250a970d72016fc8041bcb949266ab731715f04426fc759fb3f8b9a8b128501d0e2d5e0ae6b1f058b24e0797e375452ffebbf

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          017aae2111e4d2b1c11d09ec4ed30aaa

          SHA1

          7baf5865196591ea9d6fc062d1bac8182c5e589b

          SHA256

          be1f040fa0f00251001b6fbe53ffea25277668cccb1d500868ae7b4a6420bcf3

          SHA512

          4786bd33c6800c8b5bb69ddb1b6c2800b7e6bddd9f2560c93ca42f460ff0e3af501c2505b7747037309f790a14f326ec425fcc846378976d638b63a5e803bcf1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          4da704f8e6d93a8bbb155813f53da5be

          SHA1

          0a38d42d07c2db108de8bcb3788f1e54699eb3e4

          SHA256

          fe058db1c119d91ad440ad129e5c45c55dbe02783638ff771b0a2d47bb1dbb2c

          SHA512

          39531079c8b6847e92d6709015e21c5402ab2322431d711e565bb12a6b8bced54987f631b3906a45794b584d2704d610e9c6359e26e46d926508372a69b9c033

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          3b872820bd2bbd1452da3db8c29be719

          SHA1

          43d6ce9f797447d2e1ef6ed39c8982cd22a7962b

          SHA256

          0458388933a66a695bb7ebc31260d09d15e7622da801856e80800c61562416db

          SHA512

          23ad40ac18bcbc32fd50c0b676d85be972e670ae352437317589a9fdf929b7dc47a9a17e3a5350306682dae492d17aacfe6819e8ff5f863772c4822fb8a47123

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          4b2fdf6c8c00680e81702c72d5f8531e

          SHA1

          d47c13c61d7440376c2087942ba287e45d4ddd8c

          SHA256

          f346badf3342a013be41027b59598ae85dce6035253c36c82c9c27711baab53f

          SHA512

          7183d81550349cb6e02100e173352d66d27bf4a695131e723a3c2094cf9c70f14d62b2a8831043ecee9df383f05484f1e770c92044d828a5828f8dc7460b562d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          65da6005cac9b59ae9094e3e7ef0e154

          SHA1

          39837f52da33e15e8ad85fa029c324cd2bd43adc

          SHA256

          122e82037032c3e41833b85b75851b81786ed33c418f95030d6b14768ce01959

          SHA512

          3852d47c192dd27b94029b0c3b12ce3bada7b0ef4acaba483c738cb6b2f10f2e8e52fbea782c615800191f3416a100dbe32b66f8973bbff063358182963ce135

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          73474e4318f291bdb045c6004fa1676a

          SHA1

          53a95c1134df47ad90aadca656322ad026ebc431

          SHA256

          874531612ce54b7a088340d36a9d21619d0649ab6ba17633055fd973c12c18f1

          SHA512

          8fea8598bd8f502505003e108c791eca8ffa0a1a7e3ffd02c4af47e2f5cc0c69a4136917656b10bb07351e49925a624b3fbb3820381a000616991ac7849089be

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          5736aceaa0849fbb93d12d47efd415d0

          SHA1

          7cf288b4a5c0110d212ec395829201d09e2240ea

          SHA256

          5e237034184298ff2614f44679eb17d16b1bbed6e75d8c106a245b6641d650b9

          SHA512

          3a5d7e39b0790fade547ccac91b103a5487c8fbbc32f8cc66f333db9acdcfcbbd765fbdcb9c64f2b7bbb5cf92f31a0e5bdd935413d45af3f7713875de7bfc253

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          43ce5e839341283e74ca388ebd63c1c7

          SHA1

          5078cb23f3f23e49cf34bcf02b6180ab8c3e6127

          SHA256

          23aaf9f40e5c1c0fdb89bc393b1e7c20f9cb81e005dbb84bc7dba6e18a40b54f

          SHA512

          873b96f47bde7e1a9a481284c0610d35a8f24fc872379d511b4b65664e2a0ed3301115615100f26fb1fcff97aad72ace339ad28ba9ca40089a0904a274f1a31e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          0ed3d1b0e7ec4b3e55567027bf01f3df

          SHA1

          50f8ba3f0dbf369acbe2d7fa80b681564e602ab4

          SHA256

          1f888d03fb55bd067f2f1a810194d26b8ea2925baf24af8def8ddd52733728ad

          SHA512

          50e9d8d3998ed88fca1d131a53833229fbff749846f5785a4268556527f601b5a4d89f7b5c74738b19e04b723305b784acef952736f78d7069866a1590505dca

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          dbd8cce1d36ee2ee901912aa04a103d9

          SHA1

          0714ae80c1ac8fbe633e208c0e1475d52dd47b3e

          SHA256

          56bf7ac1386de131d909961f254b8d41536f7e0e88e1ddd1bc5ddc23836d9ae7

          SHA512

          ec2409acd1b48959708607ce14c3bc417dbb4c1c953a60b0bb0ac7bbf73d3c9ed5bde642e7433c2e3f3a9471ac9ef85bb012b515eb48e8acd9eb021549a0e8cb

        • C:\Users\Admin\AppData\Local\Temp\Cab4396.tmp

          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

        • C:\Users\Admin\AppData\Local\Temp\Tar44C8.tmp

          Filesize

          177KB

          MD5

          435a9ac180383f9fa094131b173a2f7b

          SHA1

          76944ea657a9db94f9a4bef38f88c46ed4166983

          SHA256

          67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

          SHA512

          1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

        • memory/2276-0-0x00000000003D0000-0x00000000003E0000-memory.dmp

          Filesize

          64KB