Overview

overview

1

Static

static

1

libps_plug...8.html

windows7-x64

1

libps_plug...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19/04/2024, 10:32 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    libps_plugin.dll.svn-base?id=8328c31dba7c71ee20ee32f1a735d639f9e43928.html

  • Size

    325KB

  • MD5

    b2d8de56066d75820069b9b674481e5b

  • SHA1

    872c0045605048deff01b2876e17db0e2b1b60c8

  • SHA256

    77d987e63e5124f9c1fdf6be32a076d89aacf720c050c29020f5921c40174103

  • SHA512

    f991df91e25bfff2c3be54793cf544b1f644d6450acadbfa0239a9b0d4b809c02d75373850f52985534d9239a6d7c687171e696eb55d29279e333d335fe24951

  • SSDEEP

    3072:wh/h3wHcw30OMLo03mQceX3Z/S6B6i+5svzk7xMLLRPrSe6uY:Cwlw3X3Zb6i+5svI7xMLLRPrSe6f

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\libps_plugin.dll.svn-base_id=8328c31dba7c71ee20ee32f1a735d639f9e43928.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3040

Network

  • flag-us
    GET
    http://www.google-analytics.com/ga.js
    IEXPLORE.EXE
    Remote address:
    216.239.32.178:80
    Request
    GET /ga.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.google-analytics.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Content-Encoding: gzip
    Cross-Origin-Resource-Policy: cross-origin
    Server: Golfe2
    Content-Length: 17168
    Date: Fri, 19 Apr 2024 09:16:57 GMT
    Expires: Fri, 19 Apr 2024 11:16:57 GMT
    Cache-Control: public, max-age=7200
    Age: 5031
    Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
    Content-Type: text/javascript
    Vary: Accept-Encoding
  • 216.239.32.178:80
    www.google-analytics.com
    IEXPLORE.EXE
    190 B
     92 B
     4
    2
  • 216.239.32.178:80
    http://www.google-analytics.com/ga.js
    http
    IEXPLORE.EXE
    910 B
     19.7kB
     14
    17

    HTTP Request

    GET http://www.google-analytics.com/ga.js

    HTTP Response

    200
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    799 B
     7.7kB
     10
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.6kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    779 B
     7.6kB
     9
    11
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f878b1237673cbf723a90084ed444a29

    SHA1

    387fdd473d298cfd564cdf09765d7b6e902f2ddd

    SHA256

    4ecf262d18a213da581469024b867065a3b83117bb78bc762ee740900be1b9e8

    SHA512

    f951b723e9865801429ffaf6c0988a4a899faa7568dfdd8cfbf52f2c908c36826a851ca4812e6a1d383288318827fc4abb724690143098f755a8efd7be8f7287

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    37a4e77c1e380f0b859bfe5bb016b2cf

    SHA1

    2bcc87f08f6e19281937d9cde65aa1d450ca632e

    SHA256

    8999111ad3cb239c319d8ea308917d6a0ddb5bc3981ec579d87a7362b72e2896

    SHA512

    8b875002e4b2e079344da4c835ec5ed23d83b84df117e60f7308cb7a722ab69dcaea1c474c39764438980fe930ace483055f1317c67c2ca86cc0606631be618a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0a0848bac8ccbc17735698566716120f

    SHA1

    dc540a51ce31f60265231ff9e8df66e8efc74f74

    SHA256

    db795141ec59715cc86965efd9cc667489dbbd06641f344e608019ddd44bd5fa

    SHA512

    a5effd9cc836603ba2c936ce4746e92957404647ff32fb7d8adf3f78c73b9c9338006aadd9e441d9e79a03acbc0872cfa70489c032b6755ea556f1a3229cc2ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9c9589092f2ca54ef5c853552c7632d4

    SHA1

    98a01043a55cd3aa8a807c32305bc33661031e8e

    SHA256

    f821982dd19b3e47cc1b55b30f6483fa506e25a340ef5feda5ca67d4ebb231f2

    SHA512

    7ac4f051005c4c971eff9c032ec86750737550ddc3414cc35dd48a248e295a16adaf77d787581474d83f13ed8bf35fc50091482dd3dc4a59ceeed21dbd1deff9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9fe9804dc6ea526bb813eceeb5d0f9c7

    SHA1

    5eca7bd87b54c7ed8203cb85cdf2c5151eff3db9

    SHA256

    a0ed95ed706860c7c3f5239665b0b913d9acd34be51d8073d3250b054c1e5444

    SHA512

    0604049b037073a264530289ad4c809bc21784782e4f562f3501ca6cec375a40b7bef224a279242f5e33813ffbde401156089ebcd728a5e637915dfd04810e82

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e0452e9692d7eee1c5368afcb9b49538

    SHA1

    f8a31914e21861261415eca22c2355d0e3997bd5

    SHA256

    42f06753821a0226836072c0c6ba0482ba02f9323a2db5575d03b8cc472e322c

    SHA512

    226cea3bcc5014021a1064ff33a2860dd550ac234db0b55593952b4e0e5d7e92cbd575083ae8f0f95a586cf5fa85cbf3e570150971f7ad4c41d51ddf85272e40

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8db3b05a6a0980309aad06028c9834f3

    SHA1

    bf7756c1212b261b517818946f971d9e51119d0d

    SHA256

    29908a92d5dc38d82b68c07420e6954ff4fe6d9074170f9e19a0e6ba30a509b6

    SHA512

    87872b12194be3413f8e8e74558e1be7c0100d3d10494d655c4e84874c3678edbd9f1b6ff0a7a5256fe3d2750488d9309d4f724a862ca975ed0ac276619c88d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    08f1555063dde6c909666b2af7ad4f19

    SHA1

    d6451148db892eef0f98e3cfd0de83f91515c3ba

    SHA256

    e440ea8b5c95234c10411783901226b7aca88b588060210bef9183248be88051

    SHA512

    76a2c7d1e92493f3cb6e216e1eec204870d8cdfe5766048bcef93ee38649096dc1fd0513b33c6e73a720aa3480abb4289b6ebd9b91ca7f9381fa42e34c7de01e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8bbd7d36b7e720d4bcf73eae8c3360ab

    SHA1

    58d2de77be41a80166f5e82d8f2ad465dd968e53

    SHA256

    e89c6b45b87fc2e9d90bbf257cec410a9346cd801156234881ae21fbaaae7dfa

    SHA512

    b72c779a5cbf95567430023abe67ddcd93c6f7f5466b4f3a3d2a8dc587be01d4ffcfa0d92b6b30c31cd65c58b9266b73728fef6aec2e0d58909cedadf59798b3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    86eb61a9fda44b3f7d24ae1dc1fbf581

    SHA1

    a4d2f118c7ed141e92b9a32f1f58e7d738446383

    SHA256

    e9294d2866e1d0870b01e549d65c7c6891b5711775a8011356f06684dda56d88

    SHA512

    41c83cb921912fb5564a3d9c359153f6651701097d777f9f9b5fa46c73c566723008e800b1b5777d0473de6a2ffe2cac7348997c15894b84fe69341d248f11cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9f560aa7dfaaee4a9feb52e7c8d59d47

    SHA1

    d5c59d23d1d765ba16d54ae7c0ce6635935ec6bf

    SHA256

    05084bc0f1c688067df2200448ac50d7148bc29395f4e7f753af1170b1f9b214

    SHA512

    d3462ac3d45d6e9120a9ee5cf3375786d49d88b03a558ef8dad4c337ae7374273445dad0c7e5a65ce2f1013fcb0cb4769815dcab19f6c39271b4c7e546ee2231

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    931a5fdfdc101260d3b00ea8f8b88e00

    SHA1

    0a21576cd02e1cbdff954ad7decbfe74dedfddce

    SHA256

    2d5ef8c30f1eccec80d4eda4fc3a048127903d7e2387087357e5ebd78af9fd35

    SHA512

    40377e687eb89b61bdf41321cf775eaeae30f53580fd74b4545b9b5b26acea99c4c34861ab3010adb5b7ed41031f74af15cdde7328633a166284980bf6b01243

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7e13046b81661b9fccd989720916f5cb

    SHA1

    2db83ffcb8a2a6e4c0e620655dcd1aab6ab982dd

    SHA256

    31d2085d6529143ec96f919f12fe626807f848096fa879ce81a8b14b5603f23f

    SHA512

    b0582df62a8c473195f63ff4627bc51bd9abbe19afb8401e3e0e3b721b4f3c1fb2a4017c2b6ff9f6c9fa8e873e71ab4cf1e11e3aa964ff867608b1492d12568c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    189cbeea645a812f28fbce5a50e8c850

    SHA1

    9f6b8103691201025e55981701f7c98989116ccf

    SHA256

    54410071e47ddb4e09f61694d1b9df595601cd0ee361f3f6e8f9c232fe334955

    SHA512

    c05cd66a0b42aac3093973e247328ff65f90c01bc38914fbde3dbbb1f2c871e3e04f4a97d6220cac08e04e099d65e6026a6401b213354687b01a392c2bb83662

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6a58a636708b34165a98d4604a397cac

    SHA1

    50d94a7c1a111f4570a9b14f96c854764e3d863a

    SHA256

    0f09a4627a03f39e40017436b42799d50712e118935688b11fcf89c2723f1e7f

    SHA512

    c999de4b2bab6f6e7567d433d8bd1093df3cbcb116a7775fec94142187316e46b5ee1499e5431ef745e5698baeb3bcd013610b22374ad99c8ba743348dd53d31

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d71b9ddd5c382ce14da54da8d938c6f9

    SHA1

    682d760e0fa468dd557935139b8ee2faee0147ff

    SHA256

    e52efc73093615a4f9e91627369271aae4b5cf88dae45e8f6ccd55617a8f120f

    SHA512

    610d2bbc729ae1bcc3daa1e03416eb4a9d6fe399348fa3857486bd73f0f0e0500d51d2dc770a460c13951ef5f2b446dfe1ac42fba3148456ce278538caa0dc71

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    92415ba276ebc48c4277da19b85f107e

    SHA1

    d9bff7d46797c468e9e5f815f50687678465ab9b

    SHA256

    907f658697e07ba6ab0bb28bcc6d6711c144616bedfbe1e0de8bb59668291bf5

    SHA512

    15a039a96364d98202487a2875608cef2b5c11193dba2b21c08880f6616ef0ecfc60b31ff51c1f432dfabef21a47aabd833b4ad4dadcb2c11ed02eefbe0d8844

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    796f823c10e4a70892805f45eb1a1fae

    SHA1

    d8720c02f199fc8b77c37ea0742a68b85daf0561

    SHA256

    5d4e554862bc7e1a56c7cc8cc2d2a599cdca867319dd4722734f2e1125d7cf5a

    SHA512

    e6300806b6b78a56609b37415ace0c6ca8a9ebbcfbe0da5bd0a3c0e63995fce194d76136bbe13c5307d6ef7ee81937bde4c54aa26ad3db0bb62d8cfb219f75ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4157cb7aeacbef8955dd9b4df5e7890f

    SHA1

    0b6d1e9b2cbe5521fa07d1709c20b8732afcbc8c

    SHA256

    84808cb2efba01f39248ca85a2ad44d25e8db099fcc598007e2353cde0a643a8

    SHA512

    295474f211d39f240d03481d03b1d70620b4b61484b7f212de8e76aa05ff7bc4a3dfc6024a5d38a0477280da4c02f88a8aa125335978e3ee7d7a1fea3c0bb4e7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab254F.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2630.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.