Analysis

  • max time kernel
    67s
  • max time network
    70s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    26-05-2024 08:59

General

  • Target

    Main_Satup/slavey.svg

  • Size

    1.3MB

  • MD5

    1b7febf62d31a1f8cad94b64eabe5b84

  • SHA1

    83d68132fe447bcf9e119fcda09bad643e3c87f7

  • SHA256

    85c9ae3663d136278fb37f7700bc84f56776f57e6346168c8b15bc10aa3bff22

  • SHA512

    4b1a0c43f081170f342df80d755e1c1e29527e49e9f8f629caa883561b7fe201c0132aefff71681043c352bbac5cf742704472d4ebe018fa13caee70961c9d05

  • SSDEEP

    24576:QuYOl0bMeeN4sXNxz2sqZj/ZbiaGiNufLXnPgY+LvTNILq2Q45bONk81Q/:PflAfC4sXbKhh/JvjuLbuTNNlG

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Main_Satup\slavey.svg
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1736 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2112

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6589ce92518e6792017aa9fbdd4cec73

    SHA1

    95b833d26cd5b11952e003d5b3e6a64267c9783a

    SHA256

    8a5d2bd150c04d11542b07769ead1b9c3633ee5bd1d9de1ddd0deedf94551b00

    SHA512

    51e91a4f0eedf3bbee50ca410d65b2b637ae6f68784192adc260bc1f5461b1e5ff312d2089e0ad3530ced555a410ea5650aa8e5e1b7d963db0911cf5b9bb59bd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    bf759e69740181974c5cdd82ae77bddb

    SHA1

    11b6e1f2b888fb85f1c927c031313f126f7f2971

    SHA256

    e3d31452a0ce63348161065cc7286d60f15399b2fdad99de28fd45add0f6389f

    SHA512

    f3791c60209b6b6506c8468fa6b5731ecb6c35a6f73d6b8e7fb21e1ca164dfc091e6a741d7c842f327f4bc18127003dab4cc77a339e1b02cfb2f91be7b19d3e8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c444371401e5bf882615a3e9a83c5568

    SHA1

    59bfc1689b01ad5b2ca97548b8363a99966dafa9

    SHA256

    2e431312d1f64e23178df35fd9e852d97ff70dbeab8a41b8c9abe59571314d8f

    SHA512

    6298fe3a507c1a97ce1c22fab1038ebbdfefec7af003ceee1ae10620b2f30e2330972d82b8c58a41a1eee992d77159b9ff174cb56e2916335ee8dde8f412cd1a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4cf546372b96586af7947a0ab9bed95f

    SHA1

    810673d779d3df2e3d4dec534cc033056a52851f

    SHA256

    0fe2bf3e0def03b48b3e1773ab526c78b949ac9f50f07ee233b17364ef9e2427

    SHA512

    8bbd4c9e4f503ea8869fbc2fa71db82ba3dba141f4daeaa7d87c55c7625ec12f51fa414826db08eec34ee92fa77fe88739e9aa53997b8b76f2808b6dbe9271c8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    cb5f6fef8dea5c9001d2138e21b52f71

    SHA1

    5fb4d5946201a832e9cd66aa0cdc8e4efe063253

    SHA256

    85d9df7d56a25c6a182057d39bdcc4337205c7aba8fa8c6b24045b147a1a4d61

    SHA512

    9fe49a3958a7a65551b6eabac111035fb6d0d64f129e8153d613b45d82ed9522eb8ba72c53e43612d69e1fc6e8423b364e7b824df690246b6c1755beb41f7c17

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    03be86ed61102a3d9d0e132f48147d0e

    SHA1

    a0ae6e20d9560c0b7b5dcb00a7bc81e04f7feee8

    SHA256

    66a65a533ac651704383774d4d1ab19d04548b6ed5808b25810dc3488f8c3bcd

    SHA512

    0ef1be44e08b3b578abd0e42937c079f6e4cb097203001284662e421920fd466cf3e88f88188abd54e10148a3bba11b8d35057858f230d47ce3d3d3cb5c1964c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f514283e1eedccc0f7bbecd7d0554509

    SHA1

    46a812619bb9307382fdede627c697e847a4a544

    SHA256

    2eb178c1c57fa8a8eb8cb2552305351609b3dc94d4cc0c531f2bd8ef805f9051

    SHA512

    9d99deb281c263054656e4f6eed8a37ef2ddc0e2431a97774db9c0d57355205c32046fd3928b3cf719f4af57b44a55a97e91274c940d9fd109af95c0e5866489

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    dc19a17adc1cccb4b3d0dd4b5547d972

    SHA1

    0bf736ba227f6827607c1cc0421162f937b3acae

    SHA256

    b7ffcf376a55ecf4df5767ecf994e01f0ad291a17503c6c409d16b6364a65621

    SHA512

    c28ecee76d0cf6851ef32099892740d31dc81acb5406a444e15467fa2ff09fff4682b6be56ca3a74e2a22102fc813ff2018c29d9088cbe9d9b0f7398a97d4005

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    30ef36821abd1146a7073bc199d6c030

    SHA1

    7f021e5c20460dfa4ff6447864465f5d4631537b

    SHA256

    772b00b26c6bad171574ad2243c80ebc5dd366efa805841f1ce5c657640e0d47

    SHA512

    3bb8f0f9e1074eb347796b505041c7d1dbef94c12d66ff78b246301402d174150ed7d589c3eab63e47a6c6fde4ea6cef255a9d47ac3783b2ca93e1370b59e5cf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    de9412a221d251d9762dc9ae2c34cc16

    SHA1

    3402ff4c3c6251ff82cab1fe4aaf49c6c2b9b825

    SHA256

    c76bc22b73183e2f99cdc03d5dd5697a696837fd2a7a6add118153a842b03e15

    SHA512

    b31c0202442f6f9fd9cae76c949cc1645f6ef249078383c9fd91c6fb897eaab49da98b248234fe9d2e05f17df53527976b7aeec6639bd612a867d385fa956c5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3be48a1b8780ca1e158f1bd9dbafe6ed

    SHA1

    8eee0464515ce866d10009d296dfd8d79f958812

    SHA256

    74f04202a275fa3390f6ea9b1e3608e1183fc93ebffbb8c2fad0c2123ee2f7ef

    SHA512

    b999137b0791741071f34c23e5f07068f7d92c9a4979cedd340fcfa4c0b5c12043661252e8e482bf292430da35310ca706ae9d958b487fe4e61550e02578f4c6

  • C:\Users\Admin\AppData\Local\Temp\Cab4405.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar4476.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a