Analysis

  • max time kernel
    74s
  • max time network
    75s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2024 00:03

General

  • Target

    https://disk.yandex.ru/d/myj542RouD_tfQ

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 63 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://disk.yandex.ru/d/myj542RouD_tfQ
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1904
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1904 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2868

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8e5cb0993f75e304da630c564b5255cd

    SHA1

    413e257b9d1796d1f5fed26e956edb954a019742

    SHA256

    2d51b0a59cd68a779c614b8eef173ebb003ffc4863875bfc66f87137dd7135ba

    SHA512

    98f1dd7e5b6d50b7c46150dee93cc9059dc16c57e9f795c8e538683c21761a27bced20fe14e5ec954894dc1edb6fd29812a0a8cbadd62f871d0b743bb993eedc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a1a4d43a710eb78395c966b429d667dc

    SHA1

    f67b28c07cca99b0d31aae496a2df35889d89194

    SHA256

    d1b1e0f143435f0836698f1a18baf8ecf32b8ff3c9bdcea7208dff383a99c098

    SHA512

    2dd3a73dfe8c5f0a0b999ee0556b0f161fe92385f38beaa224fe063bb10eb34ad141a06c850abdfd58df6740522e0068079258c3cf18c14646b829570a2f1787

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6b6a2561b105b1df14778484b9fbbc98

    SHA1

    8a85a207dbecd1e2b7731dbb6bb048b0fcffbc08

    SHA256

    f002ff0065afa4c1d71e3b13e6184d7285055a8609c980a63335ce94c55f4544

    SHA512

    b85a655fc6da4d6ce67cffbf7ca75441883a7c52c1e2b9914d60c1e00570be05ea3c8e2ed588084dbe24fe652b033908ec72e51cb392cec55bf95e9dd79f7873

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    14a2f82a2e1f7a9a2c36c5a84cc32da4

    SHA1

    303a4146fa1239b2d36efd464e5559cb0c22aa52

    SHA256

    2f447f8eef9a93a5a19d9cd3bd6467e7b1e3d09b9e7c61ee05c3bbc16fc91511

    SHA512

    67fdb3f6147de948a229b1d3cd649c137dff65f5d040877f07b7043f820474578d0011df5fafb6206432c4598a04bef99b7013bbf69046f9dd0f27ee3e55ac8b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c4d01f5bb872fcc57b5d27bcb61752b6

    SHA1

    454d2081756a5bf254e8af66d1e540ea51835476

    SHA256

    7c639cd350af42351bd725ed6083836222555d92a652a7f366d4ec927ef879f3

    SHA512

    704bab3e011da4e3daae4257b2a5be1b56409d46d1d725fdc1c6a8183f99992e4e1324b1fd06d8494d62cef9e29954c35402e86277f2b75058f673dd672fb089

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bc285b8e1974091143eb9a22d3cc26ad

    SHA1

    fd2f8b62d4b0176d3e9f78b98086c0552293aeca

    SHA256

    43793bb66bda616f3288bb245663c7722c28d1ea83a95d96d7935dc291aa27f0

    SHA512

    84185bf65cd6fefe67cdaafad3ff5eb063aee42438e7e6be6bc180a079558c9ac3a55bada1c2f5f552b50f1a9e959d26d8d8604f684478a458a13960fead1c08

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2f420ee3c39f1f756b54e590f49795e1

    SHA1

    67e972036a05873bc0ae83fd3ccf749162cfd109

    SHA256

    ff776c2a2bf92c107b327e9c449616491d32b77b0a81e9907115e45add71cc2c

    SHA512

    a60905c5ffb96c6782dee552dd65e060885f8ea05d276a2b56922e520ba71dceff3b7db3b4dd51d17451682bb5ff65e0867a9c9f1fa025c92ec4ad25132cb188

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b632b4c0aed4f2be10d652fa002c6e21

    SHA1

    1c5555fa57b95e7199541ba6e0121845dd807dd0

    SHA256

    98d55da6a837fa9433a63cb17c2d44c4e411602569cb7e3af65d9d19cff05683

    SHA512

    1cc2565ddfe838658c204ba6c9a3e568f289cc46e96acb92de30435900ebed53d87c6e6a62b00d8e3716c5c58c15aba80845141d4cce62045ea70c0d04c0f795

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6f5079ce44ffc03dea5f16e80f836c69

    SHA1

    a9f652a1058728fee94b7c26fc3821238d9ac2e9

    SHA256

    13ebe4ead02ef3e922d8f6e6f918ab6462f2454b99e712e16c0148b02789437a

    SHA512

    e0a4b30872040fdd13c26371b57a652e9d92144fde11de4573d0e93776631392e23769de52516db0aacf7dbf4a1456072279136e71cd8eb856f966a6f23edb79

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d55ee8c34d2648f120d6deed800088ab

    SHA1

    d6b0394dcc608e7d4b79b4f4ea0256709c9c0dff

    SHA256

    a76eaffae927c0168b95da0ecef1a978771a47f81062c2d8993218d4928d4e75

    SHA512

    93ec42c93638d726e22b423a2b564e8675bed467298b6ce3170e3adb8763ba65a34ff4d1a90137887c4f95d5e3cac39761c5dea35efdcbfb5f61446ec97b5bcd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e3ffb25e00b8f1d54d286ef20dc93728

    SHA1

    2e1aee8f067c5b98e1dfc7bf715fa26193b3af27

    SHA256

    be788cd0f20003c18d52703857cb85000c835cdf5e94fc9b9fc58e82bc842142

    SHA512

    8ef84c572ebb79b181c2544120441ec2ddbfac4cab3ae20ede3a1519ee54d44230e24519bdb48f2df878fde2d245190462b46da9426ee410cc3e3d4cdfe8e384

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    e05f85199070bb9ab438c1009067348a

    SHA1

    9a686aeb1d97a59c995494c7266f6fc14016db41

    SHA256

    6839052cf14a44098bec708c5e6bdd3b127c6e6118829a62c22878e6a7cbc676

    SHA512

    a405d1cbbbcf3a52f4b656856eb02a6bc50741e56f2204a74569863a2ae14ed125c867e2ece5ca6efc12fa029bcc2be43cce9d21590cad7c7995a764f29950a7

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\W0DG7UJI\disk.yandex[1].xml

    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\W0DG7UJI\disk.yandex[1].xml

    Filesize

    86B

    MD5

    a57056e7e27633e90dc38e0ef629f646

    SHA1

    23b6075fbe14470556a890f246a9b14eade8753e

    SHA256

    b45170d1df9a9c13b02e0ec253e2177d4a8948e06ff5212b35291c2888a1961d

    SHA512

    a018994c3e7de097028f45d449eeded3a4e4ad799f162d990066c2f6efb3959c1491ff7d22da2ebbc3bedee532216e2684d14bf4138ac0fb0a4286b9e913cd95

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\W0DG7UJI\disk.yandex[1].xml

    Filesize

    419B

    MD5

    0c9452be63fc305e0ed57209c587cc8d

    SHA1

    6dd52218b3ee1051dd5c9db808301ba4def0fb68

    SHA256

    00efd3d78a738253e66669de814112aa53a17ad57252f5efc868c5f10b029b6d

    SHA512

    d28c0e0d70467c90b70e435296bf22d12bb75c83fee0c1a806d90eb8bcb88ad5c8c93a72b33894ec965586e3e6ea5885d365d79fd98f4dd416eead4b61387182

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\sxsuh4u\imagestore.dat

    Filesize

    23KB

    MD5

    612733445bde349990f324356dbfa471

    SHA1

    d0e923f57c658f3cb4973a91062801f8665a272f

    SHA256

    4b9b396bd2864d8afb79d9b7dc8342094593b68d896ba20f2920a258fd9c1644

    SHA512

    b930a885fa1da39289fca9dc4fd1f5ecb2204570b682c3c5d279de01ebcb16e6fd383914510c85f3eeee05c7ad32b437092fdcd93cf59bea2205fcb46b4e7ad7

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\favicon[1].ico

    Filesize

    32KB

    MD5

    bb797e3d12d7c484b76b807efa2cf3b3

    SHA1

    5ef5e20be499b7b92abb8881633425a4188aff17

    SHA256

    44b11bc4be4a9c3f47ca27011c460707a9355deceaae1db98d166caad8d5f527

    SHA512

    b67f34caff4fc24c1543a284b0bd36a31a7a9ebed84c95ef3d953312de3898aeff1754587d3c372e8cc528e4a1d3516a7ba27fee7cb16d3591a86a4eb393b017

  • C:\Users\Admin\AppData\Local\Temp\Cab2A5C.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar2BAA.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b