Analysis

  • max time kernel
    133s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    28/05/2024, 00:41

General

  • Target

    $R1/script/location.html

  • Size

    16KB

  • MD5

    427ec659eedeb7cfce01a01eb7538c5c

  • SHA1

    84ae225f6b5703f0c6ade09079f2c90bcd7f888d

  • SHA256

    15234b2b8b11dae32c5bb3690daea94e77f2df9c12d5836cae7db8de211bd91b

  • SHA512

    3b3ab172ddce2ec434a92961ace48dac949ae1d975fcde39fc750da3c7df3c4ca1cd1bfd70f43f2a82568b30328c72f05a75d8046c2f1cba21f296bafcedbfe5

  • SSDEEP

    96:/28XzXAXZXyXALX1LXFXTX2XfFgLAi9QO5Ah2pvAJf/035y37okwWUK9yrv+1DhZ:IpOri9Qjh2pSf8E7o1PK9yaJe8OL6

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$R1\script\location.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:992
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:992 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2252

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          08a18a1f757ee8c4506c1e4614052317

          SHA1

          000cbbe011e8baa019ca061aa5748f3762c65580

          SHA256

          2ecb111e3c43fd123b116e55d6429e7895b2310b984b38c3ad961cd776493589

          SHA512

          db5e6fde626f84df020f5f38dc4d3e6fff27a94f851f276adaf6997cc17f26537544e8b766867262422a01b92dee3dab84f57116de85b98fc1864a26fbcd3ead

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          35fe1c916869505c76de31d28ede396a

          SHA1

          2438bd0a22290d667c7ee5f13b8dc5f9e9072a62

          SHA256

          97119c4a93d1be2d12806c857884221125714a195ce92be64c168c62e73e41aa

          SHA512

          e9b4a9535031a3f6cc1d3224af3d1cd18d2f25782c6bfadd9e786bf479fad010af4595dbd783d21b4fe8b70800a8877e3fd8c990c910b438b4e091079802408e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          d700773d56f2080bcba7f8384d871d55

          SHA1

          6f974956f93e62c54f1a1bfd6ee35ac98cc3486c

          SHA256

          92219271c6a90e484815dcf10ce80c17e24a648fdf13c1c2b619c9a995af8f6c

          SHA512

          32d08696256ce555696b4b7ba7e2227fecbc25294edf52858b8a2f1ebe9e8c242449b9fdeb597d942c5566c1da4b36028f17133842b3ec843a2fcf54afac52f5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          328d8ba4600b5faf8a2508ef6b4fe618

          SHA1

          6ec58d4860d2f52239a160b09334775bfda5b759

          SHA256

          c9e4bd0cf0439e9ef21a144728b6ffe2772dbe5832b6c598cc27ec43ea1a507f

          SHA512

          7a1992441807ad51ce283379f13446fbc4aa09928d1189fb81b3f6d3662df7178baf250be7044a8623134a7834fa2e0fdb01289cfe45a7f1e171bfcb3d9b8431

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          00820fbcb89f090324bf5b7cb8d5e965

          SHA1

          43965228b9e7cbae40df61cc16b0a99441d08b54

          SHA256

          20ccd5fd8383c0d022b375845c37932eca2634349b5f16d8c8dc832850889a40

          SHA512

          d27d19998d3eb6730c157111ee23357a99060fa4ad28763c3b315c02217816f0c54d32da4f5278dfdbf22300cfd516a32315d6285d7c0a34eab02b8243987055

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          d0a8d262a9b29e088ed06f9fa7c0bae2

          SHA1

          5da9d0a9b8eda898a20c666b7b3aa5a4f1146c74

          SHA256

          e495fa571c1844ccd11626811384247d950eac1778505221e0c9d188c7281f2b

          SHA512

          133f76fc418f7d1b688e184d0e9b44564ba851cb8efae718863feb77b0f592bbe7a53af80eb15ea2e94d2cb06fc1d7e30fa96def9a27a2c9722c38cdc82cab3d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          032918ef15aa28536fba7c06f8e3a067

          SHA1

          76dbc8e9f44cc97ae1bca977f055fe1249953b6b

          SHA256

          009440663e498cfd1cec3e11d5132934f2ad1168036ac2fe3e387bf506c2603e

          SHA512

          e8854b84a9ffd2f6a6faf7a7af2ea52282ccf3e67104a29c2c43cbeb8d3dbfcd649dbb22e90f6413e1c360bbbea3e7053de03309404760d035a6019bcf984b62

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          28078cb0fb714017fb26d3110c6de108

          SHA1

          3803fb166bc394c9d8631abb3c8724db73cc4b8a

          SHA256

          8b5f4e093025191b1f24a0fc43a1ef74d6f6ad5b0634f12ac29de6d6941becbf

          SHA512

          82d41ea8d058ee997f3d4777726acc160c624acbd12f1b0fa62ff3410463bc82c823afdc067fe4fcaeb266adbc0da6e6f737d2dfcea557ae70b7de834f40b953

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          cba3eb3a188b900d56362ed65071b867

          SHA1

          20488929e5d8e96c408168cf779b65c876ef01a1

          SHA256

          ed0eaea80d9a6961e74baf09bdad18f1b4e0fc4659b326b599e79598a105dd1d

          SHA512

          54df8a91604534e239ff1c823ba791b952079dac0e864303eee0dbb41741657e97b61a46da54e1252e2ffb14f7e43686c68bbb4d0fedea48cfe5c3973b161cd7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          63a245f6dfa65a8d1da2a3b54e4aca3b

          SHA1

          994c3dfad83f15284f568b0dfbf1bcac9e114074

          SHA256

          75d53bcb274817b4645621ea1a37c22e9ebfedb9193d4f6fb53110d0bcdafd41

          SHA512

          8fea67240cff6f5db5938c158b19523d719cfe8931e2936de2091992ab016d9757371acd8a9708d3e4cb71aa902fca0e38c4b39e5372e55744468685dc704413

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          ebe3a0f319ab2d247b5c25ca468588eb

          SHA1

          a54fa1c9fe88fd1206002a9c821f115ffb4e03fa

          SHA256

          d427fc9d078d244f9aec29c62b411ac9fa16c6b8a93f42db4cb4f48e276155d2

          SHA512

          a05b1ba74251417329eda5d129486df79010850b52ea82e8c5d92d46450a23d9200d4e40043e202b9f98837c1943a31962a7808081b3cb9ac865631f09696293

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          6e1c5df9f4f8c59277df89d12f93535f

          SHA1

          b85407e3855a5e7768895cde2a650543bd598a1b

          SHA256

          300974588d16dcc12a59a834911cc5a800fb4b209e64415e2dd57c34cf2f095e

          SHA512

          56be1774baceffe98fde48fe2efab1e9d736c26d63bd5a2926d495f17d7c0e7e318a57628126604311bcf98ec06b44cfdc60bc67223cf7e13755dafaf5c141d9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          f3cc9af68a7a25a0efbeff0f09b09902

          SHA1

          390e97af15c12604594c929980e1a64ff337ce2b

          SHA256

          3c03ebba41416c4e0955ace574bb60bb07c5427e14448fdd508d361e6ae02b59

          SHA512

          8bc0e945b5f5871a5cb3d73e6aa893dc37327b206cfcb99c3f535c25e1c812d279552273715eb662c86ea8adeb211988c48fad291f6a4197607f0c598b0bf86e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          94a299cd143fa2e4f84d5731d0a7505e

          SHA1

          4cdd5015b57ee8e73ee26f82019f5e2aa9bb8574

          SHA256

          6f86ed6e0fc192070c3222066c4a8b9a9e488d693b9437bf9b9e35f9ab2ceb09

          SHA512

          da4e69ba6fa33a3544ad45d8b97c588f3c084b28f640b9a9011ab072d95abcf36646e2dfbccd58da6653a3d1c6283d8ee68866627235f42eec661f7d03954101

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          52676a49f09dbac7b972db7f872d8e46

          SHA1

          ee79482f08c3369c4f271158a8b3e5d4d3aa9ecd

          SHA256

          4628ac1092c9b7e97f70c6f21d99691303d6545ba521d763083b6ddf4d20558f

          SHA512

          3f577bac06c795e098ad7b4ff6dcacf23fc3e87368da287173d52c269761b5740769a8bc8b5f9d974f5ccc086aa87227ac23bf8d506c513c7fa2578604fdd34b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          5abc1c9ef91f86b69269ffb350c7c0dd

          SHA1

          ab390a497e06b970e514cb898b736d0dd305fb6f

          SHA256

          47c1079ce7cbb3857ff0d2abf79d5689d40dd57e011e30294efec81a9b2436bc

          SHA512

          57f7eab77d7bf17e6d34a44f23b5d057231003f18bf3438c123f3d36a905e97d0f0fa9e7d9bc9faa84cae9725e02fa766062b81df3504cfc2f84581b87fd991f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          cb54e6be81844368fcaa926c1d8d77e1

          SHA1

          ac89db97b4b3497182ffc3757898088a4fec062f

          SHA256

          12ee3e636806450d79788ec2a2cffa3477a70c5066b5b2204e4446d34a3b3584

          SHA512

          adf9d55a97a8e4a7658a1f26d4e903ee2e5db07c4f64e6a6599667c2539d8590cf6f58c35f1a705711da54165eea2babe4f680fd06b4493a6dcc99fe471be5df

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          eab98038d773013d629ea81824379331

          SHA1

          c600374b620b340d92182b21e3987be30872812b

          SHA256

          a22654ef9ded8ce663b72ef501de93726d59d2a0067d59060eeedd3fe544b185

          SHA512

          70b6673aa7023d26db98b38633e35165ca2bda57e056e44cf9d1f42707a5fb2ccac2900eb2188492ac1ea27c075e9d66556fb360dd84888c2d451480fa473b69

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          71c7f17d6dee4f2ecb8be07107b58f7d

          SHA1

          4af387ef22bd25f74fcd229f368aaef8cca065a9

          SHA256

          817aafac7948e0d02bb077a3464376a265831395eabf8b8c8d5f0625b134ecf2

          SHA512

          f2400a4527fd51009d97b8dcabe37ea63cc5bf3b74bb70aec9aba2c035b29d026f5ec8249228a2de11e790ee9e681636f11fc4335408d3af94232e9502929a35

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          7cb3a2639c67a71d896b33a8d535dc58

          SHA1

          7fbeacf2c0fafa3f30b2a8919e839984ba52b373

          SHA256

          75dae5d72191bb3800c4b4b8b7b41bddeed1516c9f4ebe1699ff3ac674ab56e9

          SHA512

          b33000cbd9bdc84c93f92f6b3e834fb508f548bcbfa89dad6bf869ccb1a2d92a286289f4e2bd1216f5c48effe74de3f3c21eb805922710512d8f0225136341a2

        • C:\Users\Admin\AppData\Local\Temp\Cab3324.tmp

          Filesize

          68KB

          MD5

          29f65ba8e88c063813cc50a4ea544e93

          SHA1

          05a7040d5c127e68c25d81cc51271ffb8bef3568

          SHA256

          1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

          SHA512

          e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

        • C:\Users\Admin\AppData\Local\Temp\Tar3375.tmp

          Filesize

          177KB

          MD5

          435a9ac180383f9fa094131b173a2f7b

          SHA1

          76944ea657a9db94f9a4bef38f88c46ed4166983

          SHA256

          67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

          SHA512

          1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a