Analysis

  • max time kernel
    118s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    09/06/2024, 07:53

General

  • Target

    https://www.google.com/search?q=ringheads&rlz=1C1VDKB_enDE1113DE1113&oq=ringheads&gs_lcrp=EgZjaHJvbWUyBggAEEUYOTIGCAEQIxgnMgkIAhAAGAoYgAQyBggDEEUYPDIGCAQQRRg8MgYIBRBFGDwyBggGEEUYPDIGCAcQRRg80gEINTA2MmowajeoAgCwAgA&sourceid=chrome&ie=UTF-8

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/search?q=ringheads&rlz=1C1VDKB_enDE1113DE1113&oq=ringheads&gs_lcrp=EgZjaHJvbWUyBggAEEUYOTIGCAEQIxgnMgkIAhAAGAoYgAQyBggDEEUYPDIGCAQQRRg8MgYIBRBFGDwyBggGEEUYPDIGCAcQRRg80gEINTA2MmowajeoAgCwAgA&sourceid=chrome&ie=UTF-8
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2060 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    df80e17b55e6ce1b330b1be204844868

    SHA1

    3867c7f5051b6a9afffd51d3187f4246f4c59f13

    SHA256

    159ac2c17db0552320edc9e034eedc9df386fd01b59076545ccd97cafef3a3e1

    SHA512

    f442fbb50a99fe593f36e93dadf97f5368542fd8451ea122b0c7994389c6d508adbc7894f741704c5e382f37a1e7bd98fee4f1d68eb58b8fba8487cb6ed401ec

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5c211b17d1acde6a81a88dd6d88d9f34

    SHA1

    3c8c58f6d944bca5ea631e2d021e009cd7b22292

    SHA256

    dcb8b3a61a4ca96a9ff83ab589be000102029d494b61e66af230e3ee96095912

    SHA512

    2d2e4cd4b4b3544d84cd16e6e5e05a67752e18120b1696fa4b58722ddd8e8d1f70bb0419be6afd9d1e8a33aa9d1e8e84adcfb84eeaeaca11180731c21773e704

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7dc964f364b93f17f0330257750c50c8

    SHA1

    8ad1d4af5388ac3c1104a14d01d961377f423098

    SHA256

    ecc28cfa0c5d7402d6f296795a4a419d51e192d8a7532cc3acd32b41e79035b4

    SHA512

    c52748e824f4224e3c3fc1cb80f03bc80325a7a479ab4fe157207ada314bf81b1afd479ddb77420e08d9710cc3abf16863c5640d3930674c19de42c04fcf4548

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f9b79b2c774faca1669d76094bb4fdfc

    SHA1

    569ae26550c725cffd24bd03aa81c5233849e299

    SHA256

    90ab2000fede6d4f107e16aff442cb4a844c5aa850cd065e8221da2c3fb2b35c

    SHA512

    6706a9ee555fb41ce81ee367a6b715ae84994dffdb13542ab0e831c3f5c06d79d668a8f035a08e693ac9114b75bd4c4c4ff489fb71ebbde896f6e68f83b9ed84

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    04ebfc8e273e392da3bf522c8e765d63

    SHA1

    1dd4e6b47c4c7099ad99cc7079595302a9b7aee0

    SHA256

    9e6cf1aa2ee9cb1dd293c83d954c6bae3df0babad6044bfda2afa7e726e8c985

    SHA512

    ef9a508f4425b825b50887b0d226a9e4aad94db5213f3fc15ed3d60d0e55dc7c54b5349c3fae2cc2bcf06d1819d096b92178f672b811461af711f0a78fd1d62c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0b3711cf739191e81d545b8c9e38dfc1

    SHA1

    076b803cb3115a3beaf84f1d325ff5ac1d6668b4

    SHA256

    9ed0c5927bbc8812c97d8064bce6bd623e219f9092c3a7f8aa1b04cb60e89232

    SHA512

    cc310da827a4ae1c08d874628267d5d7cdebc44e3cf9d1b4fbfcd607b7b131c99c4defb4953a6a600407ac48a7253f1169fc41d03137f1944a4cebb102c68164

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    77a3cc8c4049c69a9f13d8a24fcd938c

    SHA1

    b3e95e9c03424142fb535736eff153dbd2b70b60

    SHA256

    a83274311bc9028602e2cedb734af81581e6bb1c579195766ac923a96d1c76b3

    SHA512

    f5c27385089655ffce27a235fd782305603e7954811e7b4ab081c5582a6f47e95d6a393aa72760fad538307f00848fe8a0afce06e0eccc57c238f4399048efa4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    22dd32cd3410e753a111128a6723404d

    SHA1

    66a9c3084629adc6b0b7953a07e7d7ed1ddfa839

    SHA256

    5376544bd43bf2ccc89bf51516f70ce481178c9122fb6934c3505b2c81fd9c45

    SHA512

    c9cb743bc671c5e4a232754552df2ea61b27f699f29163f226c8e6cd590966c862efbbec33a1c9a07b80b3f7b97f289a9f585cccf637c600a6c3fc284fa9d77a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b2e19e109829e6601fcb784578c2ac25

    SHA1

    3ed6f999369284e3476b014803a7575952de74cf

    SHA256

    236b8b3751adb569951b8bc122d7032a6ab34b44b68eaac8eeb82662589a754c

    SHA512

    eed6d8d241ad11838d630b927f111325a4b53a3406486c539a6a22dbda59e137f544a09fec65c3ebe3b68d8e18e1b430fbdff795b0ccad3f8103071cd3a79306

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4ccdf4cb9160494c07fb4e78cc15d4fa

    SHA1

    a328655e374266498f4316d4e9320ba0bf3c06f6

    SHA256

    efea24003aa59207ba6000e1ac9dd301f8031ba5432896b389d2de1a655bddf2

    SHA512

    928874aea43706dcdc3bc77b00bd151c93e1d42d5ae66c06d4ad9eb8cc73721b5cf911967e17eea7674c485e346323f62fc7008a35b40680bd4dda81f938e547

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5ae35a2d16249b635b5232003258562f

    SHA1

    c04584d1d933878efd4ef758749a46e2ca828bfe

    SHA256

    658b9d5125f6f4450f3ff9e4b6796ec686d93ccdf87d66d5d8aec818bad480a3

    SHA512

    a88acfd9673d342ef2e0ffe788565ca4d654dc33d2d7c4470eae6724ad2a459aae20ea9c7d2f8445d04e3d519583729a13039c3c63d7d9953c81c93a747e20a0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ba705e4f810fc6bbc2e3bf072ac12608

    SHA1

    2e6a0999136785efdd8ba5e1e848a835f3e4e8b5

    SHA256

    db3903ef09d9d48598d6e72f10cef679b093a64ac815870880e0411231818113

    SHA512

    1d7423d33cd8c513696079d0867015427d00e12508e2eef0e01828678d3b7b2bedc19e00d8250f788d030dabadaa7dc19ae7739fd381f1ee577333ceaff77d97

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b438338435927ac85f17a4ce0d72946c

    SHA1

    a274757e98c46046524908f2882084bd56bd2967

    SHA256

    c4cd451a859aa43f586911e216e2d892d7a6bf3a6361e04d692d0effcef5e9ff

    SHA512

    d36015ea740d2e8a67ed52f1be42cedca39c23d0f2bef0cb66ce6657095212b04b3c1007a0a0f50a084d28c3038fb485428b1dc17b478bb5183c1174acefc7df

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3ec10692e98fb7fd350a603d4a4fcd65

    SHA1

    c47db1094355d0bcb346bd4803c023ca184c8f96

    SHA256

    7c8855dfd8b238cd5827be3eb4f0f6aacb577da7f81b7a4964f000860519c134

    SHA512

    2268455753b3e3f1ccb8f2bcbaacf5d34848eb7b73cf7345fccef61556b97b4e02891b537a17e2a3ed01edee9b4ac14ac852b8c989c1a908437aa486fd38972c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f5f6afa3106d4f5f275e285f31576fcc

    SHA1

    e030ac03760a5978b9329119768e65e8b99413a2

    SHA256

    ff17c7f93ad2dd701a1557c7f7306776b10f6a6c1c92aa0395574e982d48cbe2

    SHA512

    2ee559256a8c2b51d676d0b9d5dbae3bac594bade1cf18e2c328e76da3ae182b0f6f31ad707261d07464e6bae8f3e3ffa217e058b7899295fdcfe6734be3511a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dea77e4246fc52120705e6732b6120a2

    SHA1

    69da0b4fbfdf477eef210157e11bc86c367d2a30

    SHA256

    ef09d50f2d3888dfae55bab5a55a7c9b2ec55955a60552f334273c26807da512

    SHA512

    9ccff7db04cdd5f5a37460822765af622c7e6e3049e904d434bcd5148ed926f6697f32ac6ee2a86e0d8c9c3ba279f347e51611f9cb5530119032e75874622dc8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d6fbd5419ecbb37e52a9c69568d07da0

    SHA1

    180455c3957f22d50fc40738814601ef630e3190

    SHA256

    48751855dfe49ec4c6e4661695976449f1539a3e36bd9a482a9f3b2b57e77a93

    SHA512

    6245e7c42de636fb8a397856121e41d06056ba3e94c52dfb06ad97140dd30d85ec502a8b15c5e7c275e23182b6dacf54931eeb621815f9bdb69cf216e10fbab8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a24e7eba16e9e732bbdd70e80b46b955

    SHA1

    e5ce9eb0aaa4af0dd5592f2ff317bc9721e41258

    SHA256

    8696b35935017e8505b9e094af1cbde3beb14fd0982bb7b474c3dd90cbf87649

    SHA512

    b650a99d7d6390649378f45514ddbefdf36c4227ddcdd393d488f6162d255e39ba5c225826b57862954c9f8284c73444ef33657e31fc34b30605e11c440c1a79

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0e4d9d99bb56ab9b3759513ee2c607b8

    SHA1

    a9578fa7fffb75c2c250d9167d567f238478af4b

    SHA256

    4bd2f472da452655cadbd6535846c1d2fffececccdeb832d2afc8e8b48a403b6

    SHA512

    8335c42df1a776fc217966f1c5981c01304a65ab2bb718e87a1698c19d2f9fcca217e54bdd87715ce182f2984e9e081c3a7e51c0034bd9a5c6600fbf6e993715

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0885dc721c9c4fd2cf9bc500631f9b1a

    SHA1

    92b716d4d604270c34493e68eb2c7c2da4a506af

    SHA256

    15ccc510880728c7cd423b8b1937bceaaa955681e2695f829874db54fd56b885

    SHA512

    a6faaa2ddc1ff43bd6b96b527e14f483c28813734e74202ac11d2bad715ffa67e0d0a95b0a689dd0b6c5c90fdd391c42cbed8d1470033e99c5aa27f809d1fab3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    e29635c5b04cb4382d3123cbcd8ff994

    SHA1

    79ad5e26571ab4845c34bb21b5a74ec8f154a8dd

    SHA256

    b3df7538b504cd5c51ae62c710e7a82dfa8bcf24bca668fd6d63f6b45292b8e5

    SHA512

    fb7cf0c2d2ce337ad8eba6bc911d155c911fcd777917b7960d284410283beae0665506060370929f6a1fbbe7815ba281d12e8725e7087e3179086440d6a524d8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat

    Filesize

    5KB

    MD5

    5cc2a37a80f21e08666c4befb33f367a

    SHA1

    a5635f80eb48d3ffb7aeb076db9470f31f230709

    SHA256

    ac92152f1cbb17e2381115fb0105c41391f42d52f94186fa71749f82b164696b

    SHA512

    5329c9d5bf2676df859514ddbd0fbfb277752239bed7b773f157c3ca85529eaedc492ba33f13a87d0c5d200a86332e3304f93374811e419425a8ef6c1a91019d

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKZCJB0O\favicon[1].ico

    Filesize

    5KB

    MD5

    f3418a443e7d841097c714d69ec4bcb8

    SHA1

    49263695f6b0cdd72f45cf1b775e660fdc36c606

    SHA256

    6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

    SHA512

    82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

  • C:\Users\Admin\AppData\Local\Temp\Tar1D55.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b