Analysis

  • max time kernel
    134s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 03:50

General

  • Target

    www.osssr.com.url

  • Size

    178B

  • MD5

    075dfce9c0e3bc8d0b917b104d0248be

  • SHA1

    02e4721ceeb314ada7962ff181e7b5190f20711d

  • SHA256

    4f3435aefab572496e4792d520f5cef180617b02f4320fe1e4b07b5e602375f5

  • SHA512

    43b06975faf55a406f03dc2c8e70a5b9fc56a5d680a314cd7d1f74cafaca32a15d6644dbe83c470c729e7451165485f9e9df1cc53c5abfe0b0232de4964f67d9

Score
6/10

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\www.osssr.com.url
    1⤵
    • Checks whether UAC is enabled
    PID:2120
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • NTFS ADS
      • Suspicious use of SetWindowsHookEx
      PID:3064

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    92a1401a5e5f0c2e9cbbbc8836bb258c

    SHA1

    1b962f3cf3e664dcd2ce33fdf4b0a73ef368cbb2

    SHA256

    21cde78a422d07e0b330df4f46ceec76aa3994f72a1a1c7df89d9753ee6652cf

    SHA512

    e648b4c23b96c53d9bd3b5036954742760c20ccb143485ceb694ddc7bc5dc78dac557b26b8e9faf0dc6600cc1a8f5033e5830f05b0e136af63b50721e1bc8fd4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1116a3b8c1c109f95159acb8e026e540

    SHA1

    eefa8714633af5d2e287b9de587597dc447f26a6

    SHA256

    2df8720b214bad960c5891e066a2505ef38737c2793fec8805a6fee7d42710d8

    SHA512

    4c8add935c877adb7d5b0b6dbbb9f22ec3c9950899be45cdcb2aa55f7b30fc0da5b5514a89fefa4046955ff69fb61785b14ee7104b2f07749001f7f7f36afce6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bf7c92a773b6d7a202b20e4ddc57f904

    SHA1

    d8b4d1f8ccdafedc730ecb040d80c030847165b2

    SHA256

    7ed10782e8567910bcb60f3932942141d24a93bdf1f990d4c7d07cc0ad2c54cd

    SHA512

    5ac9b93cc78805e5dc68558c396be56fa273077ec6912cdfcb892dc53a5079bc7739b7a95534fb34a9ff76277348d694f726aaab63ebc0ca952affc68f7262d7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b54f514071c1d20658644ad061ae7ac0

    SHA1

    53475b642f25c7e9ba2416e82f658d970927776a

    SHA256

    06935ae01aa884db47fe20d08363c289657bc7fc6eade299881eca50d5270860

    SHA512

    978f4b89d3348087ef72b0e1a1f8bd22f92bfba3dae69c4319c8673b7d265ddb129206df5137751a94a58e0bacb8550cad3d4079639d3db06048430a7867fccd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cbadb95b74e877ad67c473bfb07607aa

    SHA1

    6bad8cdbafc857c6e66157ac0debde8cb584a8ed

    SHA256

    fc56427ac810914defd3872a17d721cb0a99575fc05efb111eaa0704d6c163d7

    SHA512

    1369e081ea1d3803c78c3dc22ac5bf304b27b6ba6132fe78935a11054be2360fb46a373062c18f36079922d1ca0c78790b38f9d49b5658b692842c652bc84e14

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2698e5b3f38d9492fb3ae08cd69d8262

    SHA1

    581cb28ebe7af648dd79bb4cd30283e686dff7c8

    SHA256

    1aec97f5562b3a05545be97347f3c5b91098b06de77dd03d596ce960a08c475c

    SHA512

    4dd9c0c01e49cd76a5032388094b025eb73985de66eb540c4a2922be8c5719dfa7a8b2e23d8627ee1c9f82850e5e5ae80c37df93dd031d41469251eaa96e2c2a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5b36b6525db15f4b7b787b1995b3b7b6

    SHA1

    deb4d8d126ccf02e9e4c98a19aeba736c304ae03

    SHA256

    63fb31c9017e7ce64bdfc23545e93e7b9e407ea794574364f922562be2915adc

    SHA512

    059b605217f7bd2f4ebeded207a75e3ddfcddc9dcd01402972d984a5e9b0835570c58c316ac478a4cff8e1779b0c64a7132bc9f9ced35f23d79f76ceb18f5456

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    eaccca7879c997f0db71dca5c940e8c5

    SHA1

    c42b2add90f022d6a17c8e080cc94b5aed56cd06

    SHA256

    3cb1c492d8389c5aec9ac31e42a3be41ba0f806627efa5046f53b34ab8920d7b

    SHA512

    972b1b8d49e0b697aab5a9b58b10a5764c136a11b5b18d5998799c5542693fb1904579e464c37d4f7ca2b0bbe515dd9c57c31fd22b6ac0e6bcf235bda402b97c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a79a46f8ea7e6bdf6fb8aee1360367ed

    SHA1

    454e849368ef434880d28cb44795e79f9afff2ff

    SHA256

    235948eda0852507097b76cbf0d32cb702a7728496d1236aa465d81b5661d343

    SHA512

    dd3735199cf46c1a5fba28042f499d239ddb1cff125f9333855693ad563c54d90923198233a1dc3b4fe5c8a51fc6fb1f8f38284ea59607622a4c6d1f678cbd9c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4f9eaba13fbaa9411ea45d7bc20de8ee

    SHA1

    a61cf70fd0b7b00f4629448679c93ed0025fbcee

    SHA256

    e60c6f5078b8878c40944f4ad4ad44dea06cd3c2f2473aa9b7ecf304ba49d576

    SHA512

    10d02a7817d4f700f4d56eb829e100ea3aa0e6b8dea537c1eb394df9c952b63e3ad5503731bf935aa957d4d503f7926e35e8e9496443e6c3035e4a42c9dda6fe

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    82056a5183e79a7630c119748aed25fa

    SHA1

    34c69439845d011881669df054d5bfa46ff6a8a2

    SHA256

    f4edcd11d1751a64630b07508c9e23583c3cc29f3c1088fef4364a2a74efed48

    SHA512

    cb795d478e3119ed9106404bf2d595faa39f27d03b2359211de8750f6102224505d9520cb69737a3498ef578d4e42c1df83985ef5de042a3459c872a6fc9682b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e01a3ea30f2dd6a76043c9869874963a

    SHA1

    cb56c07905d6f3a44d887d0211fe53ceb1ee1696

    SHA256

    f1d2e3605732c418760841938493e126f751de6840dcd2488f5bdd029d894498

    SHA512

    e53928326ac7ee29808936c96a2b6b74ef92f6285ce340f34b0b09475f964f35fddccce2852c7cf8a715439aa59e5a60657063b76277503f03a62f8d5cbafb3d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0b68d654b1e5e050c0bbb53d146030aa

    SHA1

    1c8d0e0e21a5993c0e197206d0405704037202e2

    SHA256

    d173a32a8eb374653a75f89a585ec0e8e5c44e728be0afe7998786366a848ab1

    SHA512

    c8d0cd568f387bf28330c1d522c76914522d9eaf1c9d386102ee33ac5a9a28c964de952ef079f3ce127b365d04e120afa7b2699edd34a4761d808803f96984a6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    513f227c748cfc4835545219ca3a90ad

    SHA1

    cc8cefef7c0c8b5b93f72d4c92050f6bfac573fd

    SHA256

    013d3a4674732687422a87664d32684f9cb54d5a15e601165ae15e46be736054

    SHA512

    8446bdaf9ec73a7316cdf58ecd9566652c295c80b33f5671754364b49ed0ed9576f8e631028b88f6110375a7b44e31991ef4c312b29ac3fd44e3c9eae9ae1fc3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    212043b47556dee7947686f975e7e0fd

    SHA1

    ed02d8d9257267243dfb5d39369aec596669a831

    SHA256

    e37fe55e8e912ff79f4cb663e351fb2a295f76fe4c5ebe12a8358a28e3775347

    SHA512

    accd00e1b518743293c3dcbf61937d5c023560de4cb6221c37879596b08cd0ad666240a75a4b90778dcaf44bb542d195b7b90241e8c6679ff064206f1a152753

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    722574c117ce4bf86370c193d2c193f9

    SHA1

    9df6c5db739c2d40747d1457ec7b33fb3b7b6334

    SHA256

    d8424e7cd7896e9a13a6a8ce2d803597d764adf202a965672adb70486e468e7c

    SHA512

    c69bd17d6e82ebbecf2966ad717e1556df6e6c434308c865e3583a99f29e0edbe3081c5ce38e6edd821d11b8d2a220600456ee9fb873a788ed15af1612a8225b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    95bfbb035e670ce44d16b73cae6853ee

    SHA1

    ca2dd17c8f67157bfcf7e67f1a78b310a070e936

    SHA256

    f93c728a772bd2616b3eae833422365b8e15910485ade919bfc0e278ec86da6c

    SHA512

    6f7d8faf15c6b27204abdbcf3130fc75ca3a4216efdab691fde291adae55b3dbd45c0ec2e5d4bfebf56875ee424081011f5357e45580479c3c173de8cc668ca0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fefe014b8cf92ce66d6da35703178bb7

    SHA1

    da4888a964814a075d746860ce333ea1d692f698

    SHA256

    658c37a685ab08d6813215c162e4b5971bb991dcdc5bee7c6b269aa82eee7b21

    SHA512

    c45961335245b82a022d070ccf330b6acdee9d021471e3e4bfc6f74ca3525cbc302c128af77375f9e5a32acd419269cb1e0d88f9d7650ef14edc8d3ce256cf1c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    90914c794c8ed44c024e8a64c6456b19

    SHA1

    104caa4e483b759af5c812ad1da9187487ddb9ab

    SHA256

    f2de2f663b43db2037595da470ccb099804ca56be6ca6d13e5dee60fa324cc3d

    SHA512

    e2db7b97a519d76552ccca23b0fdc9cedeb8ca24412d84dd4ab36786415b72f0de641c231b0f250ac92b31158e47fa0695f25d08ff3240ec04fff2221410a050

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    edeb9313d0a07bfc803ad1a8dca6d7b0

    SHA1

    193c32b3fed0a21350e6fe3b9004ae6c86a72bac

    SHA256

    28d195866b19cfbdd1b543c9fc2ccb31d4e945312597d5f1c735759208962a1d

    SHA512

    4a6f9a761668cbcaa723722b77245c237dd789f06fdf9c6ccad4aaa3b5c1ce6f5a9c326ff4498581dd85d72b52f4207999b9c33806c7473a3b345a47c9af9f11

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7838ac841f75ffe752b32f8ced33df77

    SHA1

    abb66981efa849b78fc0f811ae6d9a42933dc9a3

    SHA256

    b9c9a3d0a3eecb24428c9bb1a541ba2380f0b201413e05e7514243000d95ea6d

    SHA512

    f0ebba9ee219a64d1745944006d074b8b3c3f946e4530025e85e4937162d32ca014cac7961a0921c93d89b6763894fedf166a3ac833ff05cffca2a549533b786

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    27c03282ec41f0dcd606f584f472bb91

    SHA1

    f0b958b1955719634b735c5bdcedb9e63849e50a

    SHA256

    8c8f4d5dc4ee3c7fb0d4d2910fc7657908e039bfa22a106248045c16270c783d

    SHA512

    50bde1ad968ae99f7d8d337d1232e94552d6b07909d20d540fbc427dc8e3cb66e5f7d253a1e7606bab7e1e99d2d94ac6b0adb1f59be4a8f32622ad737ae57d46

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9741d12a0a308c1bdc70d03aa6ee2f46

    SHA1

    0b4dcb2f3bd7d30c555057fe1ad96a1a58b833c8

    SHA256

    73e536c6472b60fe4771734173c20b86a84cebdcd6f755cde9acdae5137d4b60

    SHA512

    bfcf6bd5ed67cc69833658b5479a7efe77d3ab8ccb3bd67d51e12366367f58acb7489806b919347b28730e18af5227286fc23c29e18d3ea4d05b91147acbb7ca

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    d2ffb7fe12aabd2fade2407cbc5f978b

    SHA1

    426d59614b2285833d0e4e3365169844a04d6edc

    SHA256

    b8cbbd373009b712e0075c1aa9c5c9a6e84203b9d4305f24412f1bdf00f81805

    SHA512

    1aeef2debf4e073c8cc882a8999e1ca0c8a88a94c474c4ec6f594ffe1d9e8cd7c91c6be3e3d8bf2cf861680c2722d8b66b38f6c110c2c0202ca33e9de242b95f

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\sxsuh4u\imagestore.dat

    Filesize

    5KB

    MD5

    fc3a594421cd185bac40a47debbea7ec

    SHA1

    e4053f4da3362c5b50775481920b38150026d26d

    SHA256

    78694cb2d535f6d107197ff4ff905a49c290bcaf95b783f20bf2141bcde7a54d

    SHA512

    caa2c6fbc2cc6bfb3f8b537fa8dab8452781e529a5fdd388e6d2d2b4580c51fd6fdf1bde0d02567885ee4ca5606e0d55701b4ed34d13e65ddc6c03e44c337f56

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\favicon[1].ico

    Filesize

    5KB

    MD5

    4f5d446f04abad0acbf944f79bfea4b4

    SHA1

    b910d7425a52885b0adf7428a63b37feb97dcab2

    SHA256

    7b74854a49b979e9b8bae0b50be8fcd008c6379153db1358ebd63d0a3145e814

    SHA512

    a8affbdbb486c6eaf03226af8cb3be77f50e702f606f71853dbcf53eab1f2587c65e418854e61a194a40671631baa5a6fc1ca6ef5eba6bba93104d9c5e231650

  • C:\Users\Admin\AppData\Local\Temp\Cab13D1.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar14C4.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • memory/2120-0-0x00000000002E0000-0x00000000002F0000-memory.dmp

    Filesize

    64KB