Analysis

  • max time kernel
    121s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-06-2024 12:43

General

  • Target

    ??????.url

  • Size

    124B

  • MD5

    76b6c72aa6791b12846677efc651b845

  • SHA1

    d10551adf4a9c53688eebd2496fd87399ceb44b7

  • SHA256

    7dd87fe3ec1a8a37cd45369ca0b0eb377bc4561dc5c34fbfe5a622fea854a1b1

  • SHA512

    03764dc5230bc193bd69c60c8ff030e4e3056b03ff90baac4124dda7fef5fafc22b2b24af5c8ce9715b1f9e0cca8b058d463fc3852ff824291eb6b3fdb5f1880

Score
6/10

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\______.url
    1⤵
    • Checks whether UAC is enabled
    PID:1976
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1644
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1644 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1248

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    aac2cc4369dbd3776838843c01d92a2d

    SHA1

    1acb2d5c6926b39d51236af7abe87fd9af6fd186

    SHA256

    816cc83750eee62203fcb69ab23d6dae6a3ca38eca3c1135da5a2bd12ea0fa04

    SHA512

    756afa543a2278e77a623125309a33e42899134384091031ec0250def8c18f63d0fd8d3d82e9a0b11aad8016f35d4eebae9a6a970882855bacaae8a0b1ba2de2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e2a867700a38efc895278a0273bfcf7c

    SHA1

    a98c0996a8a0cd39e00299f0fadb22906c79ca8e

    SHA256

    0fbf010b854e4768c1ee86fea7078066f392316be88684b3e9e6f5acd71fa398

    SHA512

    4ce54ba9dd840f38c9c2cd17a10c1a26c8bedcc743e954eea35cdfc71d9c66484cd3800198d3fffe502305b7e852e09d49aa300bd21bb35d10facba008ea1be1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2a98565d069424d6ab54a9e4d3217bbc

    SHA1

    7219ddf0663ff0b9c3871782fb48e74d8a166410

    SHA256

    6a009f0507da6f6094d641d831ecba785483ff1040da5408b51f33912125676e

    SHA512

    2caba9a208d225f90bc8aca51d69bf34eda404954dc64dcce2d54a660d283f11c979610e4a053b20e2e394105b56fad7583e93b281c34986671d80f56503de46

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    00ddaa585871e1fcf48e2ccb26053c0a

    SHA1

    8c45df85dbf2b5eea4852af2fda2235ce7605504

    SHA256

    a3c69cb07216d36612cf39973845d01aa59cce3963a1b4c93bbef44035b9bdc7

    SHA512

    86f3e62eff7bd1ddedd29544f34027cd0c9ee3c95f343c780c4d18b5ca50f80e0e8abc75b6cb158fae98021548ab9e2c860069af1b1a4f9d5d6cce6629e03523

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    64d769380f351c20c86cc9144e0f80e8

    SHA1

    7c6308c94558f3f8218235e9cb8b10420742ba35

    SHA256

    86a13480e584c449ef0e281df492bd0c2162dcf02baa18843ed031d14d3415a6

    SHA512

    c5fc0b1574d6f1dce27b1eaed5658111a12d56da134ae46c8f53a567e754263640a981d22c57fff40d0e78c37ed4d2037098b6f57014e9b25fec65dcd0d2bd27

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    65a7210c8927c7b82346f11bf405427a

    SHA1

    88bebebab86a5c8da408543db148fdac65f20c4b

    SHA256

    350e3394e0fb43fbf58efbef5de62bc4452cc72d247011c9ce8ed4aaa4c879ac

    SHA512

    a4a10d1803feb53133023d19db70f4ee5bde703817b9eefe53cc5de41ad3756f528de0cba22e688a01c697f9ca1b381c18f7bdf72600c2e8dda0c0772c51050b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e73e7451d75a16d10c1d704ded3f2d71

    SHA1

    da027c4487b8e58438c5374e55a986d9b93effc3

    SHA256

    f2c86b5b65bbfea9e266cd4339b83b1784e7c672e78a5e5b1e03885dcb50f15f

    SHA512

    6c62cc7acd7a4272a8c162a69b231a60a77df1b264cb53f6232ae7a73ebbaaa764a763fdd13440b79829a190323c56d19e1950feb36e06d7e34e6a30d3881823

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4a69fbe61f3fa84c68e174c5f702a6cc

    SHA1

    7440155182981ce6efc602b7a2519e28fc772cac

    SHA256

    90f6ef8d21569e8abaf7a0d30a2bd661f45de173ba1c7d8a1931de9ae923bc98

    SHA512

    18695bee02077c5a239f5941a80fec78f4b8ff7495b7802d6e0dab8f82274f27f3511933942ced8945373de748bd0fbd7b2b2e0ccba575d05fc5422e62e93889

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    831c1fc28e03b995cb726b8fd87b7655

    SHA1

    0d83e436b8f52bf4e456290b81c47e751ab24518

    SHA256

    99854c5899c471da452cd18f12a69114a256c1e29397af21ed9451afd4c14c6e

    SHA512

    d6515d9c02a75d9e589ca274d716842228bcc3660cc1f07f8bd69dc8ff667d6aaeae0a7787d552e83550006190de96d127a2bd0fcf76c2784a331a157da42581

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ca65939849b3403a353705b778d2cc7b

    SHA1

    95e1608e5401bda9837ae5b4c82287e9d7cc58fa

    SHA256

    25ce2409f0142bd5cc0ecfff1e89f339fc2272c1df88f3b5bf57f9a4180b940e

    SHA512

    76a2c41cf12ac72e4951916d281cd3cefdb7d95c0a415c2dfd80ee6a4557ceda462a6294cde801ef1de5342c23b3676a83be73c0871b23112007a5b9604b2e97

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    505313706ffc1f2b0957dfd150cd91fc

    SHA1

    4daffee6ef3bc63cf4de61efcf7f1f74814bc227

    SHA256

    e26012aff3bd8e2dab250db16e7b393bb3fcb60bb443582667387b2782875cb5

    SHA512

    c9f29963dda0e6a147d7fc92e3f4b6846ca46494b872ce7d544affae664b72289fa4d6439b43d633b1ef0d401e859444b55f43db2f771fb3b54a2a4f2fed5372

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    26d5f11798d64e20200bfbbe0804739a

    SHA1

    c4b5b199c7cd40c3574c4b4e803da4868ab269c4

    SHA256

    312446a74d3a0d75dbfdedca072e6bd3ae5ac9ccb70fbac8cbb7329616dfb08a

    SHA512

    8eca233a0cd3c8a56cdb64243ec94aed94fefaf5fee6252b3ffcdc0736334407027c5e856a63bc5477fff845fe2082b05316453535129fa71d835bf8d4477a43

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fc7c498b8893b79cebd4848f1235fd6a

    SHA1

    caff862cdd67961f2a3a3d4ce42cc2b54103b508

    SHA256

    01641832f9125446e2f2df2c4841174ed1ee9cce5eedd02eeb7e6c93dc7a8820

    SHA512

    cc3a102fdc6f5870d3c53ddd25410444ae63fa9c551e2845298458a2ba2b968e3cf7d2d3ae6305351d67300d73349af9a85212ae9af79e97c903968c5b213009

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    62934e564ef8951b27240d52864a0bba

    SHA1

    42c8040efacc923b02aae8f2131ef86e104e31b5

    SHA256

    9cbd2f0840db862c1584d65d176866c083e7ff06888f61d634e63747681e9660

    SHA512

    b6e3c7bc9f10744750add9a7fc12a585b91b65b5f63ee371056f45e11fd86d4b238cc0c0aacdf089d878b250cb4ea776d434d3be7bad265868516da44cd22f42

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2e16d56daff1ff46e6dfa35c4970c61b

    SHA1

    edbd179b31671fce7c7a0068dee6ba826800fd8a

    SHA256

    a7d99c43cdf2f60a890048a3c31cb392e3dafb9a4832ee009b1b39fc5dfe1a57

    SHA512

    e9c099a39a29a94a385495eeab6d8a941d026ef441ed1818b44099b8e5487616e8943e535f648bdcc182c2226dff263c7268317a0fe8d906bf390d6b246be9e6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2187f8337ac65ee43a78437c42ac982e

    SHA1

    bc8ab398a77aada56cbb620a927d863767bb8347

    SHA256

    a402b8ba30cee1448c32eaaadf740cd8ebe950e8ea2ffe4d1cb96ff1de863048

    SHA512

    e3c9389c6328278999f683743fc9fd0b395383c7c18f584ac304ff02c703b84abd646191e6712cca6b64448c80af151377d64a4c317f196e6fd6829444e08450

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b234224e29f85edee37181a4114beb18

    SHA1

    0ff119af9a79623e839b029b37f76aef33a479ab

    SHA256

    297a9fa69f1b75031291aa13452e66e1cdffeadb8db1f543ec86cdc7174ff518

    SHA512

    d380b0cb58c721045647ec18ad8bd43fa4b6d756ee28590b208ff3ab96a1250e71272711f9825ba093fadfb65a98f0b9155612124c5905c5054e014eebb74a09

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    81b653af5bd6dea3f99d100bfaaf658b

    SHA1

    398a9e78b52f3b12b0ef6dd6a0395bc2864204a6

    SHA256

    2179bafa0a4b0c8eb790654aef4d8c90e10a1e32b8d105ef3e84ebe6914cdf89

    SHA512

    b590c26749ed5a1e0305e9c27001830e1ee2817de87a147092bf658988efabbba6102cb3a71d539dc089c1f691887126d364c188a8d6b7f8bee6f8c0667567eb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    616afa25a496287d0af6f73f02480e34

    SHA1

    b5c752dc8a0e52cfd5e80e0ac82beb191ad67fa9

    SHA256

    e34524c6cbf16571173f199c877b4d5fd53fbe7c6244c405507b0d2ab54cdcb1

    SHA512

    36cbdda106eb4938a7a747c1253f68df7de00fbb97270d13348251a737f3faba0ae8908321af64fb291ddc982b8d95be4857029edc3b07e01a9c28e1c34030f5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    79322d0422083d229eba9d3ac2373102

    SHA1

    ac63aceaaf1fd759cb9edf9f74702395bf297f9f

    SHA256

    044ac16cc22356262083d5286d2751081dfc9533ba4aeae40864743043c400ba

    SHA512

    2093ae259f842ceef5f49a4363cee73157bb397f1f96aa51fd30bf9db61441ee0ff070f0055cfa774eb5e299ba3d7e80248562cb0926a2c8a201d928adee61e5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c5e533490cbbc78761c80c9eae7d37a9

    SHA1

    407e10bfd838478ec8b8429aeed5c7eff6353500

    SHA256

    a3f6c4009a6b761e4f3c6e0e3b561954a68bd6813f2379a459bd5dd184b6cd1b

    SHA512

    8a06c8b609948e02bb666b629b66aae105446dbb812e045af5bdb3019e66a0782b50c6c82399c75fdd181ca2c809d71db500d00a8492f126a5938b43c90b7195

  • C:\Users\Admin\AppData\Local\Temp\CabE4C7.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\CabE593.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarE5A8.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • memory/1976-0-0x0000000001D30000-0x0000000001D40000-memory.dmp

    Filesize

    64KB