Resubmissions

08/06/2024, 09:05

240608-k194psaf4s 1

08/06/2024, 09:01

240608-ky6cqsaf3s 8

08/06/2024, 08:58

240608-kw6kqabe45 7

Analysis

  • max time kernel
    18s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/06/2024, 09:05

General

  • Target

    https://shinolocker.com

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://shinolocker.com
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1888
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1888 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1988
      • C:\Windows\SysWOW64\msdt.exe
        -modal 393500 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\Admin\AppData\Local\Temp\NDF5570.tmp -ep NetworkDiagnosticsWeb
        3⤵
        • Suspicious use of FindShellTrayWindow
        PID:2756
  • C:\Windows\SysWOW64\sdiagnhost.exe
    C:\Windows\SysWOW64\sdiagnhost.exe -Embedding
    1⤵
      PID:2924

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            1f5fe0b01f4d0be6ae529d89a017e2cb

            SHA1

            85bf99802a0b3d26cf862d5670d6b99d55bd67a1

            SHA256

            1ca957a2030f2247168504b1ed596186c7dabbb07dd2588d2492071593695a69

            SHA512

            9eccf3a69d1bc5c4a4081b5f0ea31546aa806c90370faf9eff69b22b82d62d008ab6ec56744fc82831782eb75b09459c3e471881fe01b6b1653a046a52e5088f

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            9ae93837f8573fd57161be6baf6c061c

            SHA1

            232486527fb418723b9f9a773379ae5d9b417511

            SHA256

            5507608659923228dbab32cadb92602919bcc8bff7b22245f37e53589e1a760b

            SHA512

            dad670813b0277c62615bb1420c79cd4893261993233946f1d4cca0bee7975ea6b02e6745e90016524771e1c41224356f7895c7132ea1a80e6be9b8a9d2d24d9

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            cc65d5877d58cb844c6ce9c33862c58e

            SHA1

            cdcbeec19355a3795898832b33ab733afcab1db3

            SHA256

            adebee9a138e913f58ae81d182fd4ee7658438121f4ed02467307a6225036626

            SHA512

            374b327916558372ec92075974bda4928e0c11c3b32c2eaf3cc0b8ba77cd16a35030368ec85f3f556efd4f1bc65004b246f3acea480631306102c1eae5657c87

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            d2a94fdcc0fb37176633ea4136e8a704

            SHA1

            00f878ef37c71501d02724ea1d2ca7f67ff2bb27

            SHA256

            5e1fbfc28a9eb7b06f171375f8e4009fdb7b0518219fcae90183953dc103b593

            SHA512

            555645566c0f6822db919eda704c09be1eda53f56e9b12942a74f934ba1d012a61b633bcd64c2b97c154ebc776c2d9355af0ce3f0ac62dc9e8bb9b7e61d52412

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            b82bf0fc0ec3a1cf467219fde094bc1f

            SHA1

            60f4a82c8fa8181c7df1562be841543d98d640cd

            SHA256

            6ec3a9c90895c5fe88dd37573ad10ce74420a683131b28e535686d93b59ff2bb

            SHA512

            1f41d9f14b9e688c8b2ec740db22be4eb37f1c5d35e3ad02619ba882d17f85849a70f4d0ecc34e3b05add5dc86065c28601637af82b9436a325506e8a0c2fdb5

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            ec4c9a14b2ae88336a1ac7cb90b70b19

            SHA1

            98ca025db4748ff2bd7026048ce5ca2c5485923e

            SHA256

            61db6adf442b2719e073bbc21d52a57a253be667a46feeea98622e4a9f83e019

            SHA512

            83825c7e034aa700ccbf0b74c47574f2188a88244bb795d88410b624832347743bf0694b6070cc41521b927b04ecd6f6ec5f14063887cddd36278388707a8bab

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            b2956b05a91460545324d61dec122d89

            SHA1

            e77eb1662f5ca16d2f68c47c9201abcb9604c1eb

            SHA256

            37cd0abffc5c4c410a5d7e814a16be874cb7ebb3eeb924e096773cb275e02e06

            SHA512

            121111fca7fc4d7aa47814f6e8bbbcb20d86a29583d869edb6754b7e0c2e258601775d043e50f3492e3f0c4aea484d674f71a1c27b4a3747bbf0ae5f8841b56d

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            bd933ee7338c1fd727b1eabfeefec363

            SHA1

            6f2df2d6d8004c7b297d616d8d9043feb6c35b23

            SHA256

            4f18109467585ade921ed0502b27677fafcede87315b332965d82fca4f6e5c2b

            SHA512

            4b476f9ff6f3c100e2790b58fc3ceab17e62ca834f1523fa800835c50836d93c1cb20ed837f0344a705ef82c522e78036201f899523d1ed4cf063c2c91c7b4a7

          • C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024060809.000\NetworkDiagnostics.0.debugreport.xml

            Filesize

            65KB

            MD5

            7be519a69a03120d95f6680751baed3e

            SHA1

            034bca991261e73df2852e9d41fb239afed9fec4

            SHA256

            c3e85585841121cda75a87b14de09c910d6777b14253251dfd4c17cdccf62e64

            SHA512

            fa86ab058d8c61f47e9c81037bb4427ad8225248c7c1dbc7314c0973c228e5b3ff35548c1b2dd3b3b8b277be5caf9d0b91a8251d29246364e400ad931877d0f9

          • C:\Users\Admin\AppData\Local\Temp\Cab511F.tmp

            Filesize

            65KB

            MD5

            ac05d27423a85adc1622c714f2cb6184

            SHA1

            b0fe2b1abddb97837ea0195be70ab2ff14d43198

            SHA256

            c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

            SHA512

            6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          • C:\Users\Admin\AppData\Local\Temp\NDF5570.tmp

            Filesize

            3KB

            MD5

            e2dfe101e2a4c442757c4263acca2414

            SHA1

            426decf0dff075bcb9287c5f807d252e73a4d961

            SHA256

            01c4d5528e224020d5e9759cd504969e0de1f16ef323ee88d9155e384aea26f7

            SHA512

            d10f821cdbaa43584980c1e96610ac334d44ee4c1c689e545ad2f9cdcf2136baab5f318bc165972bdcafe9d4d06e05eb275f1ebcdacdcf441daed7d930225918

          • C:\Users\Admin\AppData\Local\Temp\Tar5201.tmp

            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          • C:\Windows\TEMP\SDIAG_9e0cee55-f30d-43be-99a8-f7454701790a\NetworkDiagnosticsTroubleshoot.ps1

            Filesize

            23KB

            MD5

            1d192ce36953dbb7dc7ee0d04c57ad8d

            SHA1

            7008e759cb47bf74a4ea4cd911de158ef00ace84

            SHA256

            935a231924ae5d4a017b0c99d4a5f3904ef280cea4b3f727d365283e26e8a756

            SHA512

            e864ac74e9425a6c7f1be2bbc87df9423408e16429cb61fa1de8875356226293aa07558b2fafdd5d0597254474204f5ba181f4e96c2bc754f1f414748f80a129

          • C:\Windows\TEMP\SDIAG_9e0cee55-f30d-43be-99a8-f7454701790a\UtilityFunctions.ps1

            Filesize

            52KB

            MD5

            2f7c3db0c268cf1cf506fe6e8aecb8a0

            SHA1

            fb35af6b329d60b0ec92e24230eafc8e12b0a9f9

            SHA256

            886a625f71e0c35e5722423ed3aa0f5bff8d120356578ab81a64de2ab73d47f3

            SHA512

            322f2b1404a59ee86c492b58d56b8a6ed6ebc9b844a8c38b7bb0b0675234a3d5cfc9f1d08c38c218070e60ce949aa5322de7a2f87f952e8e653d0ca34ff0de45

          • C:\Windows\TEMP\SDIAG_9e0cee55-f30d-43be-99a8-f7454701790a\UtilitySetConstants.ps1

            Filesize

            2KB

            MD5

            0c75ae5e75c3e181d13768909c8240ba

            SHA1

            288403fc4bedaacebccf4f74d3073f082ef70eb9

            SHA256

            de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

            SHA512

            8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

          • C:\Windows\TEMP\SDIAG_9e0cee55-f30d-43be-99a8-f7454701790a\en-US\LocalizationData.psd1

            Filesize

            5KB

            MD5

            dc9be0fdf9a4e01693cfb7d8a0d49054

            SHA1

            74730fd9c9bd4537fd9a353fe4eafce9fcc105e6

            SHA256

            944186cd57d6adc23a9c28fc271ed92dd56efd6f3bb7c9826f7208ea1a1db440

            SHA512

            92ad96fa6b221882a481b36ff2b7114539eb65be46ee9e3139e45b72da80aac49174155483cba6254b10fff31f0119f07cbc529b1b69c45234c7bb61766aad66

          • C:\Windows\Temp\SDIAG_9e0cee55-f30d-43be-99a8-f7454701790a\DiagPackage.dll

            Filesize

            478KB

            MD5

            4dae3266ab0bdb38766836008bf2c408

            SHA1

            1748737e777752491b2a147b7e5360eda4276364

            SHA256

            d2ff079b3f9a577f22856d1be0217376f140fcf156e3adf27ebe6149c9fd225a

            SHA512

            91fb8abd1832d785cd5a20da42c5143cd87a8ef49196c06cfb57a7a8de607f39543e8a36be9207842a992769b1c3c55d557519e59063f1f263b499f01887b01b

          • C:\Windows\Temp\SDIAG_9e0cee55-f30d-43be-99a8-f7454701790a\en-US\DiagPackage.dll.mui

            Filesize

            13KB

            MD5

            1ccc67c44ae56a3b45cc256374e75ee1

            SHA1

            bbfc04c4b0220ae38fa3f3e2ea52b7370436ed1f

            SHA256

            030191d10ffb98cecd3f09ebdc606c768aaf566872f718303592fff06ba51367

            SHA512

            b67241f4ad582e50a32f0ecf53c11796aef9e5b125c4be02511e310b85bdfa3796579bbf3f0c8fe5f106a5591ec85e66d89e062b792ea38ca29cb3b03802f6c6

          • memory/2756-834-0x00000000001F0000-0x00000000001F1000-memory.dmp

            Filesize

            4KB

          • memory/2924-835-0x000000006FEE1000-0x000000006FEE2000-memory.dmp

            Filesize

            4KB

          • memory/2924-836-0x000000006FEE0000-0x000000007048B000-memory.dmp

            Filesize

            5.7MB

          • memory/2924-837-0x000000006FEE0000-0x000000007048B000-memory.dmp

            Filesize

            5.7MB

          • memory/2924-881-0x000000006FEE0000-0x000000007048B000-memory.dmp

            Filesize

            5.7MB