Analysis

  • max time kernel
    130s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-05-2024 08:59

General

  • Target

    Main_Satup/slavey.svg

  • Size

    1.3MB

  • MD5

    1b7febf62d31a1f8cad94b64eabe5b84

  • SHA1

    83d68132fe447bcf9e119fcda09bad643e3c87f7

  • SHA256

    85c9ae3663d136278fb37f7700bc84f56776f57e6346168c8b15bc10aa3bff22

  • SHA512

    4b1a0c43f081170f342df80d755e1c1e29527e49e9f8f629caa883561b7fe201c0132aefff71681043c352bbac5cf742704472d4ebe018fa13caee70961c9d05

  • SSDEEP

    24576:QuYOl0bMeeN4sXNxz2sqZj/ZbiaGiNufLXnPgY+LvTNILq2Q45bONk81Q/:PflAfC4sXbKhh/JvjuLbuTNNlG

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 43 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Main_Satup\slavey.svg
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2684
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2684 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2536

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    471B

    MD5

    c41ab5352ba79baac9ac093dd7eb2500

    SHA1

    1ffb0e70f86845daba211aeda43cad539d34ffd3

    SHA256

    558e13bb7aa293569457e9703d2db37e8365e2ab670b2c3484ada9336ed24895

    SHA512

    ccebe3f11039e14d39d4102652669fd372d179778bf73fae0659dd01da569bbf850b273cd3a4e13dc77b3fd4fb4d84d01525ac3a0dcb23b297c733da10bc2ff0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    404B

    MD5

    6075b09b2c204736f41be7f029948035

    SHA1

    77fcedac2ab08b6597371a2704b39686a84945f3

    SHA256

    1922826046f3d16d53beda78f98bc4782861da18fca7efcbdf9e7b0d6c4c6af1

    SHA512

    17957a37984e7969f4c0c80bb438fa24c2762dd7bc183c6f653d1c24090df0cd8be31af960c12493953bb2c4503215e2aedc1ba33e7dc4a3fd0d14a1432ca08c

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verAFB8.tmp

    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\I3C6LG3F\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee