Analysis

  • max time kernel
    133s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    28/05/2024, 00:41

General

  • Target

    $R1/script/options.html

  • Size

    40KB

  • MD5

    8edc585907d23736b1e26fc98e594ed3

  • SHA1

    5e7b30d1e1a7ed1f1c70534dba260eb9828a4292

  • SHA256

    3c0eee433877c0653bebe24c64cf463839b59598c639a60f602e5f4490c21171

  • SHA512

    3c8fb6d2d0690263442490a6f7aa782a5dc0f93ddf983c383d1ea0ba8199882bd7654ab4e8e8d49adb30cb5a2e1144f5b606e0fad7d789bcf5a751cb94e37ac7

  • SSDEEP

    384:5FfEewwN2b9hnZ+XqLwoVnDpn4LfU0oI/V2X2wrX2+5X2zdX29sX2mxX2VtTSXN8:5yhhIqUoV+eVwmOJ+

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$R1\script\options.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2144
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2144 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2356

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          fe9fe5ee12c2eae7d3acc856d3b76a43

          SHA1

          00f80392aa5e0c6975b644d6a8ee0aa8418cdeff

          SHA256

          815537a9c3265a874fa9d4f887d235b66285c71cab4cbf95438c5b3f725fde1e

          SHA512

          88dae0cee1cfb3650453ec250916586a68927e1f5f8415da98afea8eb77f83b1f09ba71fa2f8bf4887e247f6983d236478f7e46bffa4bfca4198996ed3b50c54

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          b79fc7ef0685ff6187662578cf8bb383

          SHA1

          4dbaea569dc9a4653b5ba971f506f4814f61e78a

          SHA256

          35c0ff086da76d90a44c532fc82608ede5269e4cdf85e8615f418224c2451e6b

          SHA512

          35edbd0bf65d5d0d23f4f12aeac50029736721b8e7db5a7826a97f1803b34b09fea96fcbba9b2700187f61330a3cb1c7b15277a9ea83d8dc431cdd2853c4e85a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          4a94bce20317c77d7a9638b3c15ad2ae

          SHA1

          a977b549c0b7dcada34a74f929a04d49fa2974bd

          SHA256

          c6044accf92e435147c9977f4988dc391e464ba8758a0f09dd9c153fc77cd680

          SHA512

          67aea27c1717803e4038b6f186ec95e0c9c34b11e6e09adeef4a8999bc631795339137beca431aab0be7fa03f51e48759523207b1cc7732b22110b879bef2bff

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          157aa87724650c8be672e270a6d83ba5

          SHA1

          e7e590479c7fe42d3047bf677a1f7eef98c8dffc

          SHA256

          25890ddc7f30759165df6b5272d9c0f7fa2aacb73557e37c1a257e5b9ae8cff6

          SHA512

          76fc0171d13c73384d0166ddaa902e9922fe97946796c9bff4b75f00bde29cd1c8acd0b787a78e60c8d73292a0d91eca3937b7ccd90004b516ecaffa7fc77cd5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          310bf56841b42adddeb9215eeb706b35

          SHA1

          8874a3916e9a235e6d02c9f513997f3ed988a5b2

          SHA256

          cb48027830de6fab1fabfa6713f94a9028adf75b47e80c8a7fb2534be6124944

          SHA512

          6772a1cd93d70af71324390e615e1452048418eaf781bf7c2a2c7a9a66b318c431662662b13123d9f585e9cfd848b0a321c5b98ae341d59b5b4ba1a031111515

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          ef34780222d4f0fd7b208df905ead996

          SHA1

          9150edb9426ad60ba3b7f51e3f8187ea542d1d6f

          SHA256

          91470d8f9edb188882465e741e91ec608964af9e2f76b374cce23deb714b1d22

          SHA512

          2efbce3915cfe70f6b92f6dbf2dd4e54cc05c2c3cce7fcf261a81e47b007d1316539b2df16fbb06af50e4e825422e0cf9edf40aa4053e6a27156215e67615ac8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          9877ff4504c6f93ac062584d301adde6

          SHA1

          133ab660dcbc1f2249441125c853df862c13158b

          SHA256

          c0a1677029718de70526ff5571a6f5431d6fd1dabcdac4726b35aa65811154e7

          SHA512

          1f27cee59b65e3611b595623d98848a15edba6b6385f4ed5edfb27d3121fbfe8c6472840c7774dee63670f0507bf5450771f9d137d3618c5d6b6d71aa0075b98

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          67cd6c637a61c7f6ee5be583602ade5f

          SHA1

          2f7678c057040da7ecf2adaea1b4861fb2b081f4

          SHA256

          78345e3b28c6e98079231d457b45a8e7a98a47977b239d31e607b62ee049d750

          SHA512

          00a0a66e2513cd4a1f6288310509fb951ad0fe21fea4b237d932b7d02d51e2e6dd0400b9141ae16310395e7f4fb56bfc268b40eb80f744ef3adbd787e3b3cb29

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          6579e4ed247b57fb202bbf13ca2f22f0

          SHA1

          5e88d9c8e651ce6f080cd3febb44fdfd716ddf0c

          SHA256

          d897cfd9bd6c8b968cbd0f749901478954178cd2d00a93d3c430568a614bd302

          SHA512

          eef8e685158de9ee557ab6c6f3e255db2abc0692a10de9eb31468513b037a1507c27b3024d577139769d9f4a156001c5b455767b6ca84c673542471c531e749a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          848ce5a1fbe2d0ee02999687f0cc48b8

          SHA1

          b3efdbeff5cd5aadb4ee02bd38b8c32080118ab4

          SHA256

          3141b41d91369b16ffac49e284e6f24a664811a127777b5218cafd1e14aa3746

          SHA512

          59efc717d192c06a91db5ee5463f7975583627140722a58dac5dadd88d1b43050a9571c5e6758812cf053bfb95d986dc4cd192629c2606b41c60ded9bf366f0d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          9b28323bb1a90681263155c4ebede2de

          SHA1

          c90c41d8ed6ee9a19784f9b08a8924903d0cdc0a

          SHA256

          6d3a5fea26228b0297c3d8cbb63c82a93a70f654bfbeb4808d009ff90c54b729

          SHA512

          12ab63d6620c19fe33de025644af7335b93250e5f673fecf0ec0f13f1a8995c326d61cb1a2d090d560d4c4f582457e0eb282c387afa3cdc3f25e92babc4839f9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          51ff6daec4b32384e068ab7ae64ac882

          SHA1

          b98c7f5b88870ab88def822a6bf2cca0d940c66e

          SHA256

          a2479ccd35cb5597e750d85efecb1333b6e7e48995546f113fa5c9c177dbd79f

          SHA512

          12e354f550c5339db0876335ff0a890e94df3db8e442a907203021c8a2b2fe871c21a1a5240ad462ddbbbb60fceae8a592972f1e773b57282528b365442fd409

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          fb7f78353cbc6dda55ceb0b73d37e027

          SHA1

          a31d9c5edd49ff7c1733d464dd830d58bb328adc

          SHA256

          e8420a998e32588bae9586ad215af17d7c6b1d98b59daa00033890f755f0eadc

          SHA512

          a0f452b1950f6b46e5d842fec195d1a485fcb5a04c9300186218b19852498b4e0065a73af8945236fa112da47ebf5080d0712b0f79b31f920ae68b6a4c15cab5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          d3262fb5f54faa3e032bc69ef458a00e

          SHA1

          13f4bc9bee904a54f7c9a35bcacf6412867aa818

          SHA256

          28e8954f2fbcdbba426018e08f3400658dd893a28176c204840e170c737984b0

          SHA512

          46775b0fcc48628ef8e32fdbfb7cbfe1c4b222cf1582f36394c46aa531e1953bd3314332e4da1e8028f4ad6c17963a099369cf174681c0ddc6cb24dddec560b4

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          762ec037804b820301dac3b2c0b8bb29

          SHA1

          f9acb83db3785935cfe1829b937edb0aa5a4017b

          SHA256

          037aa5717faec81c8f8024d94cbaf2818007d90f2da0967bc3efcb9379f4301b

          SHA512

          8305df09dc8d1b6eba69442be21844bacdadf8b6ddc707ac8cf2bfa285bc0f04abe13f84e3820efd97ce1017bdfb838a6ec70da6a54066cc4b08c8c7c470f8e7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          0103092dbc291a02143b6af0b0572b61

          SHA1

          76cb658c4241efef9bc86df8ab17275ae2d51034

          SHA256

          39bea20134082998ec61d4b6aea6c15d667f989026d669de0aa826c338900a83

          SHA512

          421d3910a6988b050b794847a3465915ef03de245a12fb73f77c02a62766dc3ddc926859ff4e5f797213cba3a4a5e8d5b4d1a755bcd019c374c1a8bc843e6f29

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          80c11088bfa09d02ee4f44442ce68758

          SHA1

          ec63fbd7ee4aeee241fc1803a56cfe62ec6fa1a9

          SHA256

          e3bfdd632c4dab6b621a37c1933d0758de8be8475a8ba01962205425e5245286

          SHA512

          841e9d36934d2d08e314375792a7c7a7ff053e0c2eee2493cc9fd1498bfb7ab82d7ca3b08c478d1c7b132f46d5a7c1d1bde61b20c1406b11eeb0eda8bfff0587

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          0578f581a1c2e0780f29d92050f89209

          SHA1

          6c5f79399b2f3223d9d50ac892af83ac222d419f

          SHA256

          48f4ba27a3b833ee695f10bf96754d5367698d3ff9dad28dac306eaa534d4ddb

          SHA512

          4d8f9d9c3d77a6c98b7398b5456dc01a829544e91a82af1df001881a99239ba65b0b660ff3808e97cf244444c3b6a793cae26310a8ee9f51c97964f50c668e98

        • C:\Users\Admin\AppData\Local\Temp\Cab39D8.tmp

          Filesize

          68KB

          MD5

          29f65ba8e88c063813cc50a4ea544e93

          SHA1

          05a7040d5c127e68c25d81cc51271ffb8bef3568

          SHA256

          1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

          SHA512

          e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

        • C:\Users\Admin\AppData\Local\Temp\Tar3A48.tmp

          Filesize

          177KB

          MD5

          435a9ac180383f9fa094131b173a2f7b

          SHA1

          76944ea657a9db94f9a4bef38f88c46ed4166983

          SHA256

          67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

          SHA512

          1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a