Analysis

  • max time kernel
    134s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    12/06/2024, 23:44

General

  • Target

    Methanol windows client remote1.html

  • Size

    56KB

  • MD5

    3dcf50b9787963b279a1c319274cb6c2

  • SHA1

    04f420d3b5f7b9d3e7e86dc0cd4ceafcc10ec537

  • SHA256

    dc2f45cca462adb58c69e10367df8e82373edebaf7582649bb63924230b66877

  • SHA512

    4439ed459205222547614ea419f3a70e05c7f100716341ad015726902f0b3b1c66825e7ac30497fd1df66dcc7e3cce18af006d8f888e36981a1d09c75ea233fb

  • SSDEEP

    768:gKjUxC8iR+VxbtXfA69vx5Q+A5QekbnXvM0+Z6xeg1PuVw:zjCCp+VxbxfVx5DWlkbXx+Exn12Vw

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Methanol windows client remote1.html"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2268
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2268 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2616
      • C:\Windows\SysWOW64\msdt.exe
        -modal 393502 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\Admin\AppData\Local\Temp\NDF3390.tmp -ep NetworkDiagnosticsWeb
        3⤵
        • Suspicious use of FindShellTrayWindow
        PID:1820
  • C:\Windows\SysWOW64\sdiagnhost.exe
    C:\Windows\SysWOW64\sdiagnhost.exe -Embedding
    1⤵
      PID:1916

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

      Filesize

      914B

      MD5

      e4a68ac854ac5242460afd72481b2a44

      SHA1

      df3c24f9bfd666761b268073fe06d1cc8d4f82a4

      SHA256

      cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

      SHA512

      5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

      Filesize

      252B

      MD5

      d6b642cc7782d93993f8a2e1f53bebc5

      SHA1

      f61bd8b81d00ffcc18eb33a159e9b136314b72cf

      SHA256

      f3461b6f2b0b4de147c79b55ad212feee1460e05e84e2ce01e6d105b649f2703

      SHA512

      af627466ad48bf1721b9486bdc3aa92d0862db77e95b54bf8bcfe9fc43056ed50ae5da9854e77020ae7c196ada16e458462d87e0f6b48847337c1f584bb0e109

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      45f6b96cf96c42b05644cbc58e30cf6a

      SHA1

      5e610e249298ffa7b8867afdbb99f01861be45a8

      SHA256

      de5399d80baba3cfa7ed84272d0abd7e72d514494b18317016416b64000a3c78

      SHA512

      86509e5157a0fdb89ac0e52bf80eca264b279eaf072267e92e3e583d3a2eff7ebce79b644ce054a1f1d9ce5edbf42615e2b9dbf8a4c3203e2022e38968a5e710

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6d2f604911d8a5a93306292bb1b295b4

      SHA1

      f32bb4734c4f1d264da91efe83aaca3f2d6a7d9d

      SHA256

      7505bfb868d754107033c9bae0e0edeb7f48d5233f1d0b2a5bec284cf2119301

      SHA512

      4706a01d03b6f7852b718e82a4c68e3ee2451051df69208f6f8d78bea7d246ff348d04ed5dba04a89a4c5c5a7abef9143fcd9b902ef75cbc3c331eaf2fb487ba

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2e2ed50b9c860ae563f5f2d276dc6cfb

      SHA1

      42d052aac08e0cafd8a931be3c4d5a588106bd8f

      SHA256

      44f15762a5f6d4b8f9714b3c5de7e799b61181a5a10327132f613a646340b350

      SHA512

      75e15aebc58e7024cfba68bbcd4728d3a55d64884be40e6a0686f9e5d206a814c37d4f9eb6a951299572faf2b36f9a5ab68daa8dab0ca9187fd827ca31398532

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e791b2e0b354a0f92110790636874a3b

      SHA1

      60c4a0213dc2e69913c8c959415230e2afe890d6

      SHA256

      3b88947f4127fbab619357eb277649020a83df254a2db52f76a19ba47a689393

      SHA512

      af793b9135a62e04c1d8011330121296f92e5145a04c49456c2a9d25ea64fe25e2d313379ff77854f7e9b85289f937241cb2c29e84e0b7430d3430da45da6240

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c9e0dfd32796c9277f381ece1de4bb40

      SHA1

      28da1756d866f47eba1d50d40d17a85a749d33d7

      SHA256

      cb956deca6d04858816ac8e7851c89631f1bce345fe051e49ce48dfd6a230add

      SHA512

      4464f5d04db44ae53174fb283cb0fa2372323316ae49c311d77572b80dfd4ff4e34a708e6e7f40e4a10053fbf8bc151d613f77e714d0f121eb7a44bdddfdebbc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      25c5b66f4c88cc6002a02ec545a72747

      SHA1

      e9f39467b5416b656e5cd0e540ccbf4dc4b2ee45

      SHA256

      09e9f7debd735979ab1f43a804f49b8641433cd9065154fec41e93b8abb1fcff

      SHA512

      df77d1318b359527b7c3de230057b5893fd990c85b33993014447b68ea32082d70e79e01859eae123287a99d3ccd9af2d2aca6a62f73b4dc70107ce9aa3b777e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      93b4593462e73da5c94856594b7651d2

      SHA1

      174bf0e1c0c4ead1e69af93cd4e6b01860ddb71a

      SHA256

      4ba2227eea05c4a5e545a4f15f17c288de256e4a639f2d94946071becdee9ab3

      SHA512

      13fdc63ba6bca4997726b06b0d37007a58d14acf09e4b58faddbfe83e1f427d59a8ad4a18d6409ba5b1e5456225a91c8be9416323f9792fc0aa53a378e765fdc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d54fe4f9a05d8cdfb6f11bcc436f02b9

      SHA1

      418e00dc10d395dc042cbf31aa2beffa782a8f2b

      SHA256

      ae57b439eb55fc6b0ddd447ffc9f48885b8bd1475861436bbdc320fef2957371

      SHA512

      3677bf68e2b34b05bb39f49f7f435efae0fcf09aa9dfd80f4eaaa7e05e058ef393bba2d92a3631ace0ed01c12bb07a129c71f935a30ebc19bed1c61ba85b74d6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ce715fc08809e67036ae3539a19ca69f

      SHA1

      d38b9be7c931969df9f2ccfd37068677034d5b23

      SHA256

      89ba8755e7cb24e6ad7411e620917716987e8984c3a246c361264c2ebcb2c64b

      SHA512

      0b1fa6a81653180eb367f97aedcc2d629920a69a215d0397fa3bf946a7d90482ad5c78c1d01d2f1756bf416d640be19dad563944a5d6877f81279ffee29ee860

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c615061977f2863a83b9edd7753cfd2a

      SHA1

      d02344e8db3d5357f432208664a1163aa01d5b81

      SHA256

      73eeaa9fae48445e641dbf3eb2258dcf29261f938bb1117696fba65bade32aa5

      SHA512

      e80cb41ba06ebd36c053e2fb3703f6ac4362da3d67705cd62263add1553e1c5fbeef040c61484114d0091e754b226b8097b3ee3936914a0d450ee40f8571ea5c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      97c50eb6b4d971a9d64670330b7c44b3

      SHA1

      e98065e37ff2a08f3772c4e48df5b39b85bbc300

      SHA256

      d9ec41932c9053c74e3f5a1b93ac3b694ff55c8c46c35f3fe30e71569682d6ac

      SHA512

      dec14a0597b06602a7349f765438735d85cebdf7959df075abc6a6b037f29ae9952ed2006345334eeaac5f70ed308930c535624429c043c323ed40b4963f7162

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d9875859a0833bd24bcb583f7a56f806

      SHA1

      6ef0c6f2ed7ba61d4030304e05a06b9a5b774088

      SHA256

      6a022df323367e7f04c78e0c7708eaea7031603d336ac0592335e865ff65f70c

      SHA512

      2ff938457ba585bfa007e392c9bc21c1474e3e2a4a90b4a2b7d846ad9446216adfff052787d10bbd9536cccbd062e7a11d5397a89ecd6f3ba40a3ba4dbccb11a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      167d689e2b9e7b5b9d926787a7348e0b

      SHA1

      b1a0edb2c3c711884bb868c72223ca627d081287

      SHA256

      3c71e42e6b5cd5354449ad785fbfc3c63ff0d96c46b931dfa54b01ebe8bb9625

      SHA512

      3ea1f1f5c9d581e1c26403a1bd263d991aba001f0f203b09a852f230213c5cf15db33dc887f1d271000e1da82c0d818d7c14a316a9a667678e0fff47f4d3724c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0f2d9b3f57ab85b9fbfce6921b672b59

      SHA1

      7b069e0c75afc34df3782f7ce4a89fa6aa88ee68

      SHA256

      28db27e13447ade0bf83cf135a3a9cdebf712b5c1355c9458865969f8f68033a

      SHA512

      2c8f090ac46e6664f91fbf432d53b2784826652c918ec4032d9cc2d7939b25693db9b8a05155bb4c17efb7f9a41f0fe7ddac58a6a684242528f99044ab740f7c

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ae397261b8f492b30c31837d7eba9185

      SHA1

      4a105db927d3a541116e7fbabe4e21ebcab84c8a

      SHA256

      dcc2a040f114ec96d88c7ddd34932596b86de9783ced1fe3e173a68ebbb76ead

      SHA512

      0c23b3a16b8c2a2833950bb81596bfca01dad2519336f4312d4df8ec3d613127c16d2b2772a6d5c210ceaf1636315515cd2367f80fe80c096d8a325ecb8189ad

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e1a92a26439eb6acb2dbb2cd7ed82d52

      SHA1

      804d7f223b662d22c8d09d9d3088774e0b1e4d2d

      SHA256

      317f95f99445e331ce219d37b2ec7db701d3839e610e3e1158d296136fe52f22

      SHA512

      ea18f806583c0be0fcc99151f9fd584283dfa84cff6ea188174e05bf41b59fba8bbcaef6c4c715ecc17db4cf54d58f156ae53d6efa8576be91d9590ec1166375

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

      Filesize

      242B

      MD5

      835b65ca42729f57da1023150c658bff

      SHA1

      5100cbb0eb0d7c4bea6a0945ad2b53a7c78fdcc5

      SHA256

      249db4160fb636a343435df8d7ba90ff49426d3ffe4debb0d3085fba99000451

      SHA512

      965183eaeed3224dac488dc97db3b105f77ef693404938e51d47bbfa58dffec625755a3dffe616dcaf8f78cc29a9888abc6c725871856151e5ca3f566bdd853f

    • C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024061223.000\NetworkDiagnostics.0.debugreport.xml

      Filesize

      65KB

      MD5

      a49bf0499cefa018c4956c7b2b3c053c

      SHA1

      d45566457049c73d1809b9f3026bca185dca291c

      SHA256

      b8cf57bb2ff7d41f827424018cff1ffd531a0c0befad1e1cf31e3595a8fd5d20

      SHA512

      6d1320c2fdef710249d4e9c9057b9ef51a0be004a0a994b79e10b599648604bcdbd8af3a73caad4787a7cfbea15701b38a0f226c9ae41b10df3d58fddfb5c1cd

    • C:\Users\Admin\AppData\Local\Temp\Cab2FD8.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\NDF3390.tmp

      Filesize

      3KB

      MD5

      24d330a13cdc5de7e2422a1a1fbb9d47

      SHA1

      d6a387a1745a8cc9d9c783e5ce05d5fbff2942c2

      SHA256

      ab3d4a3332321d54dde84178d2f50e0a2ec3163450bfb340d765bf5ad9990476

      SHA512

      df24654e80e23f8c7e3f49ca6c43f09eabfebd7605febbb36b1b29ea4364a7142609e31f5f0d04a11c6010eef42ba067fa97a79fcaa9cd405eac1fde4be9a536

    • C:\Users\Admin\AppData\Local\Temp\Tar2FEA.tmp

      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    • C:\Users\Admin\AppData\Local\Temp\Tar30CB.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • C:\Windows\TEMP\SDIAG_57bc87c5-fb28-4505-875e-3aaf38580091\NetworkDiagnosticsTroubleshoot.ps1

      Filesize

      23KB

      MD5

      1d192ce36953dbb7dc7ee0d04c57ad8d

      SHA1

      7008e759cb47bf74a4ea4cd911de158ef00ace84

      SHA256

      935a231924ae5d4a017b0c99d4a5f3904ef280cea4b3f727d365283e26e8a756

      SHA512

      e864ac74e9425a6c7f1be2bbc87df9423408e16429cb61fa1de8875356226293aa07558b2fafdd5d0597254474204f5ba181f4e96c2bc754f1f414748f80a129

    • C:\Windows\TEMP\SDIAG_57bc87c5-fb28-4505-875e-3aaf38580091\UtilityFunctions.ps1

      Filesize

      52KB

      MD5

      2f7c3db0c268cf1cf506fe6e8aecb8a0

      SHA1

      fb35af6b329d60b0ec92e24230eafc8e12b0a9f9

      SHA256

      886a625f71e0c35e5722423ed3aa0f5bff8d120356578ab81a64de2ab73d47f3

      SHA512

      322f2b1404a59ee86c492b58d56b8a6ed6ebc9b844a8c38b7bb0b0675234a3d5cfc9f1d08c38c218070e60ce949aa5322de7a2f87f952e8e653d0ca34ff0de45

    • C:\Windows\TEMP\SDIAG_57bc87c5-fb28-4505-875e-3aaf38580091\UtilitySetConstants.ps1

      Filesize

      2KB

      MD5

      0c75ae5e75c3e181d13768909c8240ba

      SHA1

      288403fc4bedaacebccf4f74d3073f082ef70eb9

      SHA256

      de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

      SHA512

      8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

    • C:\Windows\TEMP\SDIAG_57bc87c5-fb28-4505-875e-3aaf38580091\en-US\LocalizationData.psd1

      Filesize

      5KB

      MD5

      dc9be0fdf9a4e01693cfb7d8a0d49054

      SHA1

      74730fd9c9bd4537fd9a353fe4eafce9fcc105e6

      SHA256

      944186cd57d6adc23a9c28fc271ed92dd56efd6f3bb7c9826f7208ea1a1db440

      SHA512

      92ad96fa6b221882a481b36ff2b7114539eb65be46ee9e3139e45b72da80aac49174155483cba6254b10fff31f0119f07cbc529b1b69c45234c7bb61766aad66

    • C:\Windows\Temp\SDIAG_57bc87c5-fb28-4505-875e-3aaf38580091\DiagPackage.dll

      Filesize

      478KB

      MD5

      4dae3266ab0bdb38766836008bf2c408

      SHA1

      1748737e777752491b2a147b7e5360eda4276364

      SHA256

      d2ff079b3f9a577f22856d1be0217376f140fcf156e3adf27ebe6149c9fd225a

      SHA512

      91fb8abd1832d785cd5a20da42c5143cd87a8ef49196c06cfb57a7a8de607f39543e8a36be9207842a992769b1c3c55d557519e59063f1f263b499f01887b01b

    • C:\Windows\Temp\SDIAG_57bc87c5-fb28-4505-875e-3aaf38580091\en-US\DiagPackage.dll.mui

      Filesize

      13KB

      MD5

      1ccc67c44ae56a3b45cc256374e75ee1

      SHA1

      bbfc04c4b0220ae38fa3f3e2ea52b7370436ed1f

      SHA256

      030191d10ffb98cecd3f09ebdc606c768aaf566872f718303592fff06ba51367

      SHA512

      b67241f4ad582e50a32f0ecf53c11796aef9e5b125c4be02511e310b85bdfa3796579bbf3f0c8fe5f106a5591ec85e66d89e062b792ea38ca29cb3b03802f6c6

    • memory/1820-770-0x0000000000320000-0x0000000000321000-memory.dmp

      Filesize

      4KB

    • memory/1916-811-0x000000006F7C1000-0x000000006F7C2000-memory.dmp

      Filesize

      4KB

    • memory/1916-832-0x000000006F7C0000-0x000000006FD6B000-memory.dmp

      Filesize

      5.7MB

    • memory/1916-928-0x000000006F7C0000-0x000000006FD6B000-memory.dmp

      Filesize

      5.7MB