Analysis

  • max time kernel
    133s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    28/05/2024, 00:41

General

  • Target

    $R1/script/dialog.html

  • Size

    1KB

  • MD5

    d800fdd62461179fd537c8c4669dd5e8

  • SHA1

    d44bcee9d9e63d50e8ed42be2ce1a3964870a5aa

  • SHA256

    4af54a319e8be177e2d48f4effcce3ca98c3bc564e3f46b4b7e14471fdfba1c9

  • SHA512

    e0670d9dee7e15520085d269224a4188f09fe753bf3041a9c1f0246771b1928c4fc644e17633a2e08fa02e4064518945afaaa6bdc098ee41288dda42854f5083

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$R1\script\dialog.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2660
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2520

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

          Filesize

          68KB

          MD5

          29f65ba8e88c063813cc50a4ea544e93

          SHA1

          05a7040d5c127e68c25d81cc51271ffb8bef3568

          SHA256

          1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

          SHA512

          e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          f0a225027e175bf50761e16cb3476f82

          SHA1

          ba7435fd01b550887fc10181615aaca90b75aa00

          SHA256

          0c558f688e28f7e93c571bd885d4deda8a2dce08af70fb36f31ca28b547d115e

          SHA512

          3e7076e328ae6e2d5f3c1b3abce59d1668e97099c9f23305dda12af3048f2fe1cbb4a16e2703fd0c7a9eebb28ff2a83f0c0c04e1ed97e978ec7ea2f0e2802f8d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          6c502336a2af88d1c72cdf7b6a0009ed

          SHA1

          a8663fcd6b982fdec332158f2a6b732f14a0179f

          SHA256

          ff68b9b73829a7724969099033b15755ca7f8a96d2c4f17c99310a74898fe722

          SHA512

          ff7e88b30ff36f4d45278b3ed72bdc26c0bc456650d15f10330513b6a2932a0176920f1da8afd8f01a9367b257247c45813dfc8eae3e1b61208feae99bf5f030

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          3a569a12c79e83de3b9f51e59c3632e4

          SHA1

          ed6fca534b7a421ff398f51f5f0a22157aecf013

          SHA256

          4990fb2ec19c870dc2c40d92eedfa2cf363e4d4b419110be1344cf333628d90a

          SHA512

          0d362aaf121ab8d460eb20091db15f29920333fc01c6ebc1d378ac6bfe1337fce0e351e7e2b160b8a14358b5504ab1abac9de2f7e6d8e05ce5459a5ce88b95fa

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          687db9ab3ee4411b8da2efcc2ab55e96

          SHA1

          bff3b8a5a86b670fed84aab6a87da4db0fe6ee3b

          SHA256

          730d83fb07012ab08e8261e9056be0f3ba9fc46c6d8042315c6e9028fdd95f33

          SHA512

          ab07127fa5ddf004296f356ba1eda8fbfd962638dceb393749662bb8e5dc475f38d6842be2ef5b49b8c2bf303d5d591cc72355e9e4b6e513d0ab1d9e44425c06

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          a35278a21987ba02c96fd9168095e8d1

          SHA1

          d86765a4803df88400ee2cd8e244e994016a32e7

          SHA256

          4489333c3672932747dcb9d56e5570830d1518a57b0449123cee991e84621979

          SHA512

          ba9798dfdf5435e9d30abb4801baae74390cecae7234398b0910b61e13e9b93c82ecbb3a8b81ee1551ccb9d567ffba24f9a78f6c671dc3ba6218ead112f33f47

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          a31f2d263aecc4b7f213bcbe4f1e601b

          SHA1

          d4975c49aea355d7df3d16365edd799a3f307350

          SHA256

          48d3aa7cc2414052d4311f49331569e76b9ba3fa1f1a55678e2c0fd67b29b84c

          SHA512

          aa0cc188e83badb662a4d1373328b9561a5d23ed4e762a385e25eeb7e218ad7efe4fd393d854ac37f62caf624563b6552c045760a4ee819efa12043a44e62c7b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          ad41e13c5c6276047eaccb67e55d7657

          SHA1

          73f00a0c3cacb98c7efc4f4796cbfdd77e8d8768

          SHA256

          138624cfcda45b4030890a152456766003fe2bb6d1d0ae177c572d8cecd1d66a

          SHA512

          f6f39d52e82d85118c6ffe4173de1b6aededab1bc004f0396786ae7eaec6189229579e5873892fe53b10f4e89e09e52ca1c1d47b1ea847e2503fff53dd37bea7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          b036cb79b79eeb430bf1db7dc708e81f

          SHA1

          531fe13d5c2e278ee373f92dad1d44f0cd5e8731

          SHA256

          3c4dc545bc672d413740145bb097151cebedc834e1f37f8dbd70472e1d27714a

          SHA512

          9c72ac6f0d1069e7347fcc39006230e1d08949440228e20593cbce952082f6b32abda7e6f7b2230970e413e6978b59dfc2de1e15a8ac28881f3848d789ee3743

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          2002cbfb575f38907dbba120c2c1182d

          SHA1

          f640528005785db1200fa56ff1ba45276432c766

          SHA256

          bf11cba998672784fb1aea8a8bc6c537aca43feba5d2915a31cf2f2d5358a321

          SHA512

          db9ec234ad7a19c9045201a5d1f045a27f9bf01fdb167643a6c454441fb590099b64126e13e93bed29b4907bea7f5d48c1612ecc7442bdf04690308e86d25718

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          94c239b57b39938257520454c75327b7

          SHA1

          f82c681457d7d8583ba0dd59bbdf0cd4bf34c127

          SHA256

          402fe1137850c65a4c171b2e2798eb50f47b21a1788b85a8a3962e465558c760

          SHA512

          fa013ba7660f0a4db10e29473334748076bca5b10d5b0ac5f2ab3fcd9ed9c141e08dc10e67d228f1f9555aaead5b1a5fb993878a346a29b649552ae710710c0d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          5f0482d681f15ed31b81a5475a9b145a

          SHA1

          27970448832285658781f55518add007b8773b7c

          SHA256

          73406799ff2531cf68c632c4797283b5b0c6d8d23aadd575916e0de419d3c207

          SHA512

          f3d52f5e0205e23638ac3a5644aa1da9f428d67710e5329245cc804ab44a09734c7c240f3ac68a8fa8d9609fa91e733a8724cb2df6e0ff271c8fe9c535ca2ea3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          1c2f61aa27137069f3d6616b338c75c6

          SHA1

          711ca70c962faf635b82e00ddf5113e1b96e10a3

          SHA256

          1b098c0789c031295c92c228bba6343577bc79c1259f4910786fee5c5f4045ef

          SHA512

          2fc63e08582e2dd1761990a5db7a0818eba1f27e50ac33fd9e14b5385b6799ee71f75f6119ba3c43562cdc295ab1f4a21bc9cd3ff00d9f29b119374edc14ccc3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          dae2df3e31926a5b5a2165585f5dd5bc

          SHA1

          0e920df454e9a86d452aedfce8f5bee589db61a7

          SHA256

          5b2cb5d8c5774c90fafe94d6e9ad0a1ce9bb74584cdb3869b8962be4ddad4574

          SHA512

          bc44dfbbc083ea35c61d6bb9148b3a63d4b8e1eeb1718fe6fef8566c66e519d98a3ec596a52d92eb37c9cd23b0668dc98469912722f110ebbb029a762ddaf331

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          91ab2ff775a0ed6c95249f4f7238d46b

          SHA1

          7c1fbd56a4d18769d962453be278ff4247c17c54

          SHA256

          671d4eed032ac6ab6d12ced556601df7c8331b02906f7728ccb982475c8b5af1

          SHA512

          9767fcd77a0c35a2715bc0388831c3fc9db039ac65fa824c8bee231f6c28fab4ec5f6e37eae9c00e9f28005c700ae9fbe4a7c9004bb869febbf200ff1d4c92e4

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          332c3c379688f280b9f3f27c58d204c7

          SHA1

          59f37ddcedb05e91b7eb988c936d25d7aa86352a

          SHA256

          2fb33f6ea963f5d9a0d2b1646176eb5935ec7e9fa4cf58942e27a48b32741120

          SHA512

          586ba62463a1e5bec0e7b949088f251726efd9e1f47239f36bcd8bedf4485c422f5712a760241a7124050c40008b18e5cca54d9b5693a68311750bedd78a7f7a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          06ae2dcc14f8e46999f1ea2e53fc0b3d

          SHA1

          fcca7900c973f3ae474e1f3735ed9f7ed713313b

          SHA256

          db88dca2ef6322aa3e8e37938326fa08e471b7333de363b3be55b93b830eccce

          SHA512

          1080da9d35a606842347cd96856166902f7559cec83b597754c0a7b2a1ed98dd255cb9d3e56624d8bd8bf7110da59fcbf5d945a841240275307ee54a88d3e5f9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          0df87a249311e4bb9d12fb076fc0eee2

          SHA1

          ade1c7e82959e5d1f20445c63d6afe76e405f411

          SHA256

          4d4431c12a4d9e4597ee0cb2cd24b1bf70e5761809a7ab09e53b5607447a25a5

          SHA512

          4edf9daff143a7179fdec6403ef4c53f095602db33c508b5992f959b0121830aec5d118eed259221bbd124c4458decb3f4b5fa01a97e79974e56ca072af1b6e0

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          4deea09768596d0f2268dcd4e87b040d

          SHA1

          0c9c2723c55726204776542b6857258906d5bd42

          SHA256

          4d2aa0d457534e4e2c5ad1e6795d71a26a5838467ba71f50ec2a1a46510ac711

          SHA512

          ea76cd72e72a6ad569fc4c59c5dcee5b0970ef3a9a3e8f0b8b9f899be53dab3a01a3fb3155cde201dc6d3ec08d96aa1eb34ab47239f1390ef86a1bbfa52c2412

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          6dc9ed6e872e2a872b517169cf041931

          SHA1

          30b3c73500a766c206ddc92c3a4c49af3ad53f18

          SHA256

          94f7ee6d0bacd926628b27ba9a74ffb645bcf91e5aa9259828aed3f8fddbce1c

          SHA512

          a1f7cc3a1c30205387b48e36ff5aaa8f75c00d08da32462a56912f9f00b4b12236c0afd1f7cbe8a283f1689f980111c62a1a6108178fad4f909833c588706e47

        • C:\Users\Admin\AppData\Local\Temp\Cab2187.tmp

          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

        • C:\Users\Admin\AppData\Local\Temp\Tar2269.tmp

          Filesize

          177KB

          MD5

          435a9ac180383f9fa094131b173a2f7b

          SHA1

          76944ea657a9db94f9a4bef38f88c46ed4166983

          SHA256

          67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

          SHA512

          1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a