Overview

overview

7

Static

static

3

??????.url

windows7-x64

6

??????.url

windows10-2004-x64

3

GarenaPass...er.exe

windows7-x64

7

GarenaPass...er.exe

windows10-2004-x64

7

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

GarenaPass...e.html

windows7-x64

1

GarenaPass...e.html

windows10-2004-x64

1

GarenaPass...se.rtf

windows7-x64

4

GarenaPass...se.rtf

windows10-2004-x64

1

Analysis

  • max time kernel
    135s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    19/06/2024, 17:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    GarenaPasswordDecryptor/Readme.html

  • Size

    506B

  • MD5

    caa8d84c4cfbd03beee97ec8a03d8e92

  • SHA1

    22fb1fe046d27af529a18f606d9ab071b2df2557

  • SHA256

    b864776d4fbc44c6fd3c95e4a50912bba1f411d4a1d573add06b66c8a6e4e311

  • SHA512

    6f7b33786e0104ec412f9f5ea58907680912eac76df3f532712046013d190c95872847acedec66aea9219cf0eb7a723d3c253a90cb654ddfadf2f079d741ac50

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 43 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\GarenaPasswordDecryptor\Readme.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2872
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2192

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e86018de5e8c15dace9e277caadcf23e

          SHA1

          ad684a89294930704ce081eea8a24fc06eba7382

          SHA256

          53b2dc91b3af01cab93928dcdb7539df338f1681405243e2dee32e5c253134fd

          SHA512

          deb5ef199e9157c6d69c3762ab119764a9033c7e1f3b115e7a1ea61777b9aa7d1131ddeb59124aed6bbd557b944add21e7e3a3804ed9350360799e4f7414c2e9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1d24699161779e7bc3db3a880557ea0b

          SHA1

          22cd40319a55054c8284c7fe8193f6e6f2521046

          SHA256

          4207c48331b2d09fa312c0da7d6ae71e63ead18006d2fb019568f9487069615c

          SHA512

          0f34742e79a23940aac5a51ec95a5890be8b44ebb209a36d2d670a8a7ea6951da92d1570625aed2dee5d53a297ae90a9369693ccbec41fe01ffbb620008697ee

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ea532044249321ba323b3f6878819ec7

          SHA1

          1b8509c4381d0c386dc26c873b2cb6b31f59aaf6

          SHA256

          ad845437ac2db44ded67e006bd2cc3b43d62e79fe7a559e29f5978eadf2ac13d

          SHA512

          9167fd6de71873237da3816f7a89f3b1eba2cffd0336d8415d9166fcf27b9a9419154d0c108040bfd77ec6fac15ea2586d950a8fab8825ca850a8a097de237a1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          45dfecf0d1f0c8175cdfb2555444a367

          SHA1

          a283a6c2db6beda9138e06211d17f66053981d1c

          SHA256

          86d5566b09d6fad835b2d20121b2330ff20423732be19f371e84eb8bc02a7bc1

          SHA512

          72430939135f03672f6df395a5559d9fc4bd7bab4d4763416bffee311bef4130815472a1462db622f92746757ad9d8fb3c3f13aa7111ed2b558ed85bdc8ef41d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          afe8c2e11597f93fc0045d9a909a8b5e

          SHA1

          243c83c3edfa0c371112d94bcc79988e58889ee4

          SHA256

          529d0ea598cf2ecbb7c9dd08956c75df112abae3d6842aa57c159ae9a560a90f

          SHA512

          827b34e171f8105970e536fdcfd7fe38c96cc76b10da923369647d15f4ddb44d6457ec20d39fb704d06b68d35d019bab11ba8a6cdad3372257f2965b3367f2dd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          bd7cc4b9a236a4b043a34e51dfa68462

          SHA1

          3b85ccba50b76ac417b6655f7d5e32c1a0043462

          SHA256

          e484887e71820b01a8cdf88ccacbfa5155565beb89bbc9557f8db9c4c602f897

          SHA512

          0e142c8e7298d22c9d609beaf70a5116f76e0b6a9a54c4313630d2400e9b3d48e363a017a988d6d7d472685ed942f1b162da8dbae5f53573902e1e0dba72846a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c886ce93a82739574f772c1df8211a98

          SHA1

          2a55088ee26b2d02424350c4ae4553f1b4f67764

          SHA256

          2f3aa47cfd792e030dbcab2d99e3e223e5c5e29b73eb71d387f6923d0494de40

          SHA512

          538efbbd21fadbfc29ef2b8878d233cc0c7fd72995a5578005b4a16de12200164746fc201e46e9638734ff6dc7c135f044a064bd47e3a4309c918ab03726e4fe

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          36cddfa6576af5c9fd7cc7fa63c3fae8

          SHA1

          68f70afd4b9431dca6e96c11a9abb5134abd9e9e

          SHA256

          8e868a87af8070acdcc71892fc7b5d0a3efca4616890c0a571c6de37c478448b

          SHA512

          4d8c5b0fa938af4e51f6cb3d1c80e92b271189d392fd6565ec6a2d84890d34d8bc74f81ad22ece8cf5b807066d6d6ff6e4c79b6470b86e365875f8c74149bc91

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          80191015f5e7452ab66bf0e4865ff8c6

          SHA1

          18576d43feeebe6056f01099d0a298d24cd9c549

          SHA256

          e44ff00381be6b94438997f628b73aeb350ae8b3c7ac9b0e12eb6c44994c3057

          SHA512

          075999e68b3d1e896d0ba79bcd33b8b4f86299c021f42866ebf790d650de45a386ded35f5c9d08d0d3ab8bc16f2e921d8389cfda632af6557180c092b4309d17

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          624300fefae4417316efb2b1c08a43f7

          SHA1

          b7a10ea8e06c3ab82b4c4660b8cf2e1447a31e3d

          SHA256

          3ce24f7b1fe037236add6d8ed91f5ff1085c319ca71b4da92aa4520a4c1f1d41

          SHA512

          f6d9ecb260b7453b8d67a348433b15f235c78f3ea1fe6db7e90af2c9c20d907173f9b1bafc0f8f512bb230edec418c7e0c13967c2232f895a90d1f0883ff7c3d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          0394758d7ed8be2b134bbb148c545a93

          SHA1

          79c203c34ff4cd27261cbe1579bfcb58911e56fb

          SHA256

          50d8434fda658d10c7ba185f59abb3e501a9677d2d780643030e1f1715fad787

          SHA512

          d72bb3a7361db4f36b05a0452d06d831182ceb982410fa6250a331f74c90821dd314b20a93ecb54f176a0b48648b438373e7c2063690420bd45ccd71f805020d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          df0562a6aceb3ffa488d7a62483a0339

          SHA1

          4f0d5a1ad14410ac53d323e708606b8786c556a5

          SHA256

          784bcf23af890886db7d036faaaec689d892cbdcaaa30936d13ba8a0024b45f8

          SHA512

          79f11282150f0c4e45d7fa8ff36346c6d96ad3c73262fc6b314692bfe341bbd9ada18e3aa1aec08a5d074689e4e076e3c3c4ce09232d1c26dc881435082ddde7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          06383b23bc12a8518ad2b1ce48d73edb

          SHA1

          e2b219449d129ad15227238b0027a075fc8a0bce

          SHA256

          9dfdcf1583d9692fdb5d5864d63baab37aa1752b17246cb3d86e284250416948

          SHA512

          b9702feece411778e17f48214f7e1e195c297e71c574246a5afa3a8886c41f432f9ab81725de1365b587a0dc45fe9f618f2b28052ec2677f46b3dc77a10afcbc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          cf65dbfc2fd970c5e43cc1e9851699ad

          SHA1

          7206e03d792d74593be18da9b44f91c4e407c680

          SHA256

          8724fe99960cfbae2f70b33d08fccb2bbf374a3cc6439c371a16e322215f3363

          SHA512

          78f1393e7f740986475f31d86694d0464ac043e535853792198dd548ab718378501f2e99d856df65d1ff7f9ab5f776b5e8873cbbe55fa48e28934becd4b83014

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7c022a520410ad1e7e00b7242ab32a2e

          SHA1

          3420e8b552d23d53f0dc52060cb26360e31ab84c

          SHA256

          44ca8f70600a7c59ebbcf9f8b6f64b7eda9f772a1e8ef98983154504c5661212

          SHA512

          0dc76359945df348bd6a02af7e31babd4b51b4b33d17d7b931e2feacbb7206fd2d07d96c09d41a5d2f7c99a973837e054df5764cdb2cb0d48947770f8af2b6ab

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          90e24b8f7f73ce112145f6b76d842eea

          SHA1

          2d7e19e22aab353da6023f40ef2b01384eeb86dc

          SHA256

          788286b342df548aac1432972f487c049dacdd7e5f96720fa124e781c41e75db

          SHA512

          db9deaef62b39417657ca27c2968719ead644f6343b6b1f3f7688d775c4e73bca9d435d0ca0d1574f7eeb478a19d92cf5064a25af5e2e1226438531e8cc67e14

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          29ac43a535d6c551da8e68d8ec2a1c39

          SHA1

          3d62e38bf5dc6919778ea61273399df2ef1d59d9

          SHA256

          dd2d0f6a8f7eb76f56044cb40645140ff1d331287feee9b8c3c019a14e59503f

          SHA512

          1bafa786520f7719d52bad3f931ca5f472f3046d6744f73d9188ad41078b20bcc0f2ea86a84477f790eeb1e110ab5e98b83ea0279d07a84e81702cec521d1498

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          db647dd78d1ee504f096a1be85bd5f3f

          SHA1

          f5926237d133cf5deacded5e4ca4ccb26d74522b

          SHA256

          6f861a6decba057d4f1a18ac83fde2837a2f548dbf00d30671afb58deacb9b34

          SHA512

          89020711d57d9ddab27a4c30db2cb9bc2c8db2f3059c16f8c2c3d15a75a8d7cc0a84cf8afc1a2c93eceb2f7b70b7af478fc959cc7ddf8a5d8bd88f95a690c27a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          779028a8c7496483d9ad7d0caaec853a

          SHA1

          9b59107eaa3ca99106da804f07340d8556c3d163

          SHA256

          b99b066799fb2dca90d20a6826a43be163161a3169dc10f91c2bcdfee68f65bd

          SHA512

          0cf0351ccfd53d92c3f07d23dbfde6340578d4dbab262580af89a720f88b32d51fba8eae33f4fae7442b9cf150faffe5741bb9b3b50f7a172139a5bae8446990

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QQYAP5A1\securityxploded[1].xml
          Filesize

          108B

          MD5

          26edbb2cb57e1e9d62ee7ceaf1d4092e

          SHA1

          70ca9e0b04d2b61c4b2c43b5bb4449e153574757

          SHA256

          816622c1646b637d53cd64417d4cd6b39c8870c76fc8fa3f4102b1e1826f1d20

          SHA512

          c47e39fe6471731f9950944653af57f22daa51b7ad597b7c91e4a3660c38199d682cabe1205caaf900c36b1ebe974fd3b9a3d5d687893ceb96ca3c9532e2fc15

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9yhbznx\imagestore.dat
          Filesize

          5KB

          MD5

          02a3c20ab8ba9cf00b1030d762ff58f0

          SHA1

          c3326b0c19893d1fcd2498e7ccce985a39decbc7

          SHA256

          f2d83a60c2606288b09d05205bb2a07c2ec02f37379b5056a0a3aa05fd963b65

          SHA512

          591deada05d76a6f62fa8ac8882ce8d389a143b27a489a1c654276aaf92be7e1cecbd0dac42c8aaee675cfd05be6b2dcc19e9bfb51a5565b40324a5d60363da7

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0DW1CQS\favicon[1].ico
          Filesize

          5KB

          MD5

          198e82940aa0aea3b8280ee7b8815af8

          SHA1

          a70218218f3e55d53853ab052148c349aafbad13

          SHA256

          2340e11b6f04989d1bf9056af69c8de98b5e087b4352599124f794b83b8223af

          SHA512

          2aee0ffd9e7858c4d05643cec68551e2f55b203e614f68a93c75e1cfada4404eb1fb5de830aa7bf6eb3a79666ee8d1553eb177e66ea97d34dc54c3c1d370c020

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNPG4FQ8\securityxploded[1].css
          Filesize

          34KB

          MD5

          b79ddcd3a33774736a83fec2d13d58bc

          SHA1

          de953ea5f822c328b5299ad033013975ff784937

          SHA256

          dbbaa66c415333780ca1810bee039f1aa2eff9e270f7f8debf3368022b09cdfb

          SHA512

          0306f75e96ca70dbcd7e568a9619ce76511cce64b0822be8845616d25ee96ef10bae98331f2cc75660fc5e3130772f59abd56c52a3169b9cc2fd3bb1a57879ab

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab3057.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar3058.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit