Resubmissions

30/05/2024, 14:02

240530-rb96qscb49 1

30/05/2024, 13:52

240530-q6gx1abh53 4

Analysis

  • max time kernel
    118s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    30/05/2024, 14:02

General

  • Target

    https://leaks4you.org/leaks

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://leaks4you.org/leaks
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2864
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2864 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    48bc0ba84b9a3d1eebeab1b61abb0385

    SHA1

    46906aa9441b2c3476ef74ca08f63a64455c4d53

    SHA256

    ceb29c2df582c0e23674e0c707c13907facb8810b0cdb57bb7cb061c0fb79731

    SHA512

    00092d85adc8744dc415e7c59e6c042bf6fd953dcb1537a7e361e67e4788344104be07c917f4be5ef51c69594c87826d6792c635c1dcf19b3bf05b58e18dad3a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    54d4dd93deab5ac92a6b28a254a7f2e6

    SHA1

    0657e63ae6f542f2ebda4ce8c586386ac6ed7779

    SHA256

    84f5e38d8fbe8d58f310deab8547303ef78e13204378f908d586988ddf19268a

    SHA512

    a384d51e00fd81179fb484d316b1d86425880bcec0ae34283b92f877d4b35ebfca1185d39a65b8de721af51f814dbdadc981893985c55d49431a9317fab06d26

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cb91d01dce5696cf9faab8fd7db46fc7

    SHA1

    8b568beb0364d9050404ef7317c4b5dd9bc587bb

    SHA256

    257c9f104da88c235d9e36a24f8c893b008baa1cbedebcb5e6e17c8cc8efd7f6

    SHA512

    345c4fde28e99ff6b4e89ff3def169d5fc5653a8ceb2023704581fb128cd1090fe7a19494207e81870773cb41bcf732209d8868bea7ea508d669de258a6c1dae

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0ac9275721c3f0eb0f053dfada56576e

    SHA1

    81683745da2cdc1ffc49cf529d9b902081b8b7ff

    SHA256

    5b956fb7eff32d6681e90ce7e16cfcbc6933539de6e23e724c60e0acd7233b9f

    SHA512

    f11621e6e39fa04aa2d39a5d3730207bfe5b074aee7d000410dd4b3d1c03c6fcb701847ac592fed30ae37f59824794b5fce63d599aa1ead00bf22d186c11782a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    85f15163df57ecca0caa40f55bb944da

    SHA1

    ba4779e9eb37939fcbbcb0751423276724c7e33d

    SHA256

    362c9958aef393054e70fd6276968e94ec8a4fd0478c5d875cafb98c5f5f08b7

    SHA512

    0f878f004257743440e2a74f9a999d5ac29d7e09f4e9fbbbf02e9a9a80766ccd547fedc952091ff72825eacb3fe0378c78c6ade91af4b8d1be6d20268da16686

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    99ca2958e41105e08aae16ae5d1f9a77

    SHA1

    f9680009e255aaf5b3515027f0c84eef02e2f851

    SHA256

    42b74e8ddc2a346a8b0bdf8acf50c7344f581d9d5a21dbeade1962b37418f947

    SHA512

    490503b38d0d67a2c66a9f4fa5be605da53c8338491303a09251e37ef2c0cc5cc667253eef1eb2a652248305e255505e54068be1ce8579daeaccbaebb49d597b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    441f9925aa4cf76a67b34ed8363a2e3d

    SHA1

    3f6c142259df6da6053276baeeb9432ac3252b50

    SHA256

    04698ae03f3cc3d0e60876af4d050d7dfaea775562a0e4ac3728100a4df60ca7

    SHA512

    0c702299c2bab500b7feb0d4aaec1f3324ba32dccfd4708e5d17965da42a8b205e3f12fc9f766d7e92f37a64ed5e3983be9580e1373ab748685316fd583fa735

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d56b6ddb0de052e7abe04efd683e041f

    SHA1

    ef57aeed8a8f7ebba15c66c881b4724f981aca7c

    SHA256

    7df25249e5b9f7131586d349b11e4d36e6f88544795eaf19c5a52e3ea9fa60d8

    SHA512

    2430ae0a998588d43ab1dd0781aec52891810c49dd7a35495e0140892b33ba34ffea21bdd775dd0fbc217be56ad60fb8076934103794d22d40aa8107c316b0a7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e478444b30113c15c279bbd4b7c7cb1b

    SHA1

    255fdc9f05100cc562608e20c51f4cdcc9e263ef

    SHA256

    b639fa34fc835626a054543cc91e68f331dc89303c4667c224ae715619db8e53

    SHA512

    9bb4d1dac3df5ba7848e804284d849e99a959ae22291bc6b1952041528a3a01139a20ea5aaf9b14bd42e511e065a14467286e5c412abeb1cc94387e39972bcb4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4d418bd0009869c782c1bb6c41d3de85

    SHA1

    a91734d13fd8ee6dd0fd0adb5f3367b6fa49dc26

    SHA256

    2262aca7c1eae4d48c000415522fe7f3e882eba91826c7691a33f80d4af0b63d

    SHA512

    300cc0b19406f3074ff987487db65bf62604b2947849bff3e65f2698c454ccb07f6569d9740c297d269b0ad89a7f51119ee356eed8ce40cdf965d5738d0ed710

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6a2b91e87d99caad126a12628a310ec0

    SHA1

    ae0fa22ed9c6cba15dfc4a9f7a70c1c98ff46deb

    SHA256

    79576a33052cb459bd9a004ac34cd6dec55a596a2cc0e337e1b8ea8ed0a115a8

    SHA512

    87a942348cd551f52fb1eca9823c38916d4ae8bf7c1d815bfee58cf4f83012a0af6ccdc85cd4385b9b0d6018d13982fa53c8c6a60569ea13f7dc72d72cf49d60

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    28eddfdab3355da276c09c73a1d3d8cb

    SHA1

    defce51e2292b3b77aca68e5c390772abc926fd8

    SHA256

    bd4bb78b5ae9c41d6d735caa01c2c43938443e1d43b74c282094d5695f38d142

    SHA512

    a1ea2f9fd68a0068759ba06fed974bb6f5f8cfaa72aeb5cb9f3faaca28941355942e037fa9883911a2c34d5af0b4d5bcd5984bd7c9171a68fc1a33a565c9e4ae

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2a5881e8b0f38039f4296b89bd91f70c

    SHA1

    e38ca0447a49274a38c916077feaf88f6dc80604

    SHA256

    b2eed564771f10bb66749e48fc606cf9b3fd00c14137122894713f3e368d1f47

    SHA512

    90bac30d586670b9764b4f2b5c3b450b26817e4a0de6258e5acc51eaadf0791a9eac09b6e6f6d50e2d385651ff39af5b8fbb3bbb2794640d324f9f2206449ae6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    aa073a99c6efc1af26d856a21d2ea5e6

    SHA1

    879386b3086b1bf943ce6d9eb1679533db13249e

    SHA256

    11cf67c91dd2638b4131bd8b71c999ae781dffb6799d5b8005e67bdcd515c21b

    SHA512

    3738e52b15d820d86f9e9494f191b597d19bf0e8dabb97c2455bc0077765c3ec5672871a8900c493fa32b0b628b090bb9697edd10eb6f5144cf50e626e5e0d7d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b1f9c829603d541538234d56ec8fbc1f

    SHA1

    470ebea39a809dc7b1e83e8adde4be38f1c6b3c4

    SHA256

    ecab5b5af2c4f73a9c6ce6e45f5e529706557548219ae80341ed6509dc676536

    SHA512

    11f5eb652f80f5ced614990f12d6b3fb8bab86541fdb8402b04313211b0b2d22976737ab8f5603f9e7829e8e4b7c461b5225f30b5b2de867cffe30261d479258

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    38dd1063a82b5cb6f15116f158662083

    SHA1

    15ee4583a02a0c03079f0d6bb32a8bada5e773f6

    SHA256

    d6d771cedf47ecec59fc303be6dcbd5dd042799acbc89d565880618ec0049012

    SHA512

    7707445bc29755cea7345b5458476e382faa3da95c7e27505f7d5ee6f1d1573eb74dfb8158d3e9dda6e5270effae7c2cf4d50a1a240558f700cae80fddea61fb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a8a2f1cd07ca4c56e6ba64540403136a

    SHA1

    f7c012ca2bfed3d11b8e979e1fcbfb9b5bfca98a

    SHA256

    714b80de54824d7348972e7a9a6dad0f054f048c79c2a32190776cec50c9c891

    SHA512

    5f40709ee936928b4973967d7c6ad3a87b6657cbde14b3b110b8bc5b23061c5b31e3ae0d14f726792c9b7e5d2045238209c3e1c61f8fdaa7211b46d969f5de2c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6e5158c6630bff4ae861b70115aa76fd

    SHA1

    89a299288af75c05c52d86cb236d258217d9dcbc

    SHA256

    1617f79901fe81e994c4f69d04b6a693a3f0c994ee7ef54d9eabde6abfa44854

    SHA512

    a2fe148d7c6344ba858926ea4324c622d8f512bb9994582fa96d3420d0c64d19b046f4ae4dfe17aaeae21d7988e1c5dd0153c9aeb2650df4a4783279c059c7f3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c62b9cb8842160aaed9724c9c18555fe

    SHA1

    c7b95adb7cb2c68996a67976b8ae2fd3bd5d4492

    SHA256

    a2eb8c1d00414803f1e2ecefa275305f92d87779dee0d56fb445458b38fc6edf

    SHA512

    91f83881fa0c77152416d253323f15fe040d1d06326cd62e1d19a82977eaf3fd5a917cbe97f1a8ef7f60983414747005da9a191b25857faaf279d3b55ffe0653

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3b3678a0257042ad4b83c6e80e9e66e0

    SHA1

    97bae23f34d986f465e9630cac0d32934abc174a

    SHA256

    a0ac150c740b47bb687d6a76ec0726b1bd727245b808f9d481b382f2658675b0

    SHA512

    c515be713fa8d3ca42eff434f150f8fbd7cfde3a2a2c1ada43b62b49d5d7c25dbe9d325438a72e53fec6c2d4acad83c9a6f7a98658bcea81a36240a4ded03c02

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b03ac1b98fc70f7f48fc7b43d734ccdb

    SHA1

    21cbe24e45cec57e2dc5738cb434c1c8e36ce87e

    SHA256

    773b63eec8a8d3cb359520ebb549e609ae2054682d80bdc93317128dd74f56e1

    SHA512

    3ed06e9687974c1fa624e694db666fc1569d3058466a0eb832aebe4f872201a347fbb11535aeedf444814c842317db19464f70952d6edb12ce8f55397b14712e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9b7a99c2afe68b430f5d922522698d51

    SHA1

    c91e3a9080535bdde55059ea35d734aca2241f72

    SHA256

    249eb7dd930f147167c37273dc183062d6de39eac241b0466a94e68b08e7bf2a

    SHA512

    27fc8f2901df81f286d5f470b868b8b05ae14e6a0f5368060ebf563ab9b0ad3f79ce3788653f90e6aabc13e211c652949a834b08f220f04aaa93ea42f3b05cb9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    76210b5123229175466d2243d05001bd

    SHA1

    7f87080c92825651b80a9e4d5c4b1fa7d6f4ed9a

    SHA256

    e840404f55e120cb9490cb2248fc0fcf5e445011378d635311628d78eff7e8bc

    SHA512

    5ba6c458a9198eca43a0f990605f8f7961630d0700b98736f42165c6b79f48e55a27b6866c14356baad3f4c00053bbf674022d887774142c163ea8d06a1d00d3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    860951ee77fa5d3a019871df4c04f3a6

    SHA1

    72d1dfdc4a7a60ecc699b3e8ab375322fb360747

    SHA256

    73e672595ede7c991a003c045b4cb2479946f1a9fca5f76964f7a4ea951e5135

    SHA512

    78ac9bf6adcb4a0feced03f8395804794d15ab1ed042531acfa6c082f90c5ca32bed031bc73ce54108204c0de10cbd1c8116eb5b433e3ad2eb0a581ea612b0fc

  • C:\Users\Admin\AppData\Local\Temp\Cab21B6.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar2226.tmp

    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

  • C:\Users\Admin\AppData\Local\Temp\Tar22B8.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b