Analysis

  • max time kernel
    128s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    26-06-2024 10:29

General

  • Target

    HEU_KMS_Activator_v41.0.0/?????.url

  • Size

    238B

  • MD5

    4f0fe0efda7a1cbd40a9c07023af49a0

  • SHA1

    a76db802aa91695a0c1ed68df5534aeb69791eac

  • SHA256

    79c028a933d5b9bda29675e001107fddfa0462d06576b094deabace0dd0703e4

  • SHA512

    d6601eb15cb1d29a56edded14c8072b9ff4a4e80de4948a4c6a116cda92cfada2121f8969fa3038c6b274188cce6918e6d74d495ee62780d5fcad11213522da9

Score
6/10

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\HEU_KMS_Activator_v41.0.0\_____.url
    1⤵
    • Checks whether UAC is enabled
    PID:992
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1952
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1952 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2660

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    f1b5f03ce7f4bcf6f46af6796154b99c

    SHA1

    f7ec01371df50eb60a9220ce7c86f60d96fa39a5

    SHA256

    b4ee715c226ab44f362d4e1f9fbd5a15c61a603eed0e91a56f85535803ac31af

    SHA512

    a21f8b50a3f36ff85ef798eca3424023eb82250f495119896044e78fe7ef0b25471d42480e82ad6a58bc056906040b7f77717300f1b817b579fc6fcf7e138498

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fec2e4c4ab5d5875829f8df358be5ab6

    SHA1

    d774a1d323973a27052822318d8625da6b6bf5fb

    SHA256

    641b70a7da28d1d6fe36adee53ca69cae3f6114756732b0dbb9bacec0adc5d23

    SHA512

    a98d53aeb7e34b3373290cc7982095d8b71b1a44eb011afd1cbfd9b87e60f6a2bd8309a2fa3338529f789a1ce0c44b1877840b86612c8ee878375e40df4725fd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    57084e4279c06cd2ea91cb6fd36c30fc

    SHA1

    f8be0f19dd57ce39f3f9ac84cdc3a4ba2b0a330e

    SHA256

    c469a05d07787599ebf98b8224f6c0a1873f16d62498cc8b65d3be43a1f7a51a

    SHA512

    1dcc08510a1502ebb9a8f37f7411f26877478e7ac7fd05644a175f1a9f2153c932d83eef5c60b155a0712ef95c224c7ad6a4fd9bc0880702e0f0d86cd59ebfa4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    22cff466885768eb292ca50c74816c41

    SHA1

    d0d7d7ce99cdcb92baa18e7747cc8bf469a1dc30

    SHA256

    39ac0e2b428be7420cf77d031e6150243a2f3af5831f6dd2b2e986dd9cffb7a8

    SHA512

    76c06f771bc47ab2fff32704435f32e62454215474c22662c3968f1dc04de5a8082002db3b3158ea3aabb702b801abaa253eda66258e11a495c7ee9b669f832e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c99a620c6fc8449919aba94020338569

    SHA1

    55e855fed7a7eee5e9dcd9762c6cc476d3daa7dc

    SHA256

    ceeece1c4ef242d4ba552d2e8c4ab6c5222fef2a21c6a422eb15c492c2e46084

    SHA512

    c49c4064d86ccf58e272424d5a3daaa738fb1df6088f71ac2ed8f516d37e79fbea77b708af6dd52b50b15f9879e794e1283c8ac0070a45da5cd357258f835f4d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a9d1fd13803eb03e1ca612f679c3441e

    SHA1

    268488360b42a496882841c85165e5af3a81e5b3

    SHA256

    8212e28d6826c5e9f883d68d6e186ed1ebd0fd1cd12dfc1eeabef5740f388b96

    SHA512

    2e417d80521513c1b9bbc64b66171f6b8c5cd94a997b5edf7721be7c9c162468ba365d4c55c0cc8379967675f35d64b6c5156da75f34250f2d0c6828efc20229

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2c8adef834abe4c0971a8e3c012c49ea

    SHA1

    e86b2c5b7d10721e260991a88fcb8c8c97ff6063

    SHA256

    76b98d463b5436d90741addb3bd3233480bef9da74ea43f3c130997103a39a45

    SHA512

    73fa9953ac079bae7e9954fc015a62c472a0889aa7f09d45e9d040a530e1335a3c1428dc6911889f57ca88464faa25f5118eed71d4ae617bb92da6fa406106a6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5d1d8c60834e127b1dce6b64476e0baa

    SHA1

    c19b9cbf0093fa8ba3f63f63fef83164272f0e68

    SHA256

    9061d7a631d6aba4d1572e1d533484495adb780e0c9dbd8e6c7fe056b88f1d58

    SHA512

    b8d257d1618e144469dc0c45893aaeaa5330ee631d7361a1bc777cbc8eeb72dcc432a4fd26880580e65079e46672e1c4d10044ec4327db397d61e8e4aa464dff

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    def0f7d8d32729cb2df06e8596df488f

    SHA1

    f758f6cdce6c7e5ad873756a5fb522b67e5147c3

    SHA256

    93d3a5320bc48a57bf4d4191d9de9964c4f6107e78254d8569cfb890d97f73f8

    SHA512

    7c2f1af10d898a60fc0d2c19bac16ed1570963ca48cef480245ea68788caac51c6feb4df0d42c78137ecad7e683f502c0df601a973674850638996be00fb633a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b2b77da5ba4c16cb1c13f69fc2664a37

    SHA1

    9f3fd283947de579731387b3182f24810c0d0d16

    SHA256

    bf0dd587e6276f52bf62bdf00b328bb24ea8ae6d42c7c3f54dd038d2f353eced

    SHA512

    da0f4872b47f062b8bd5447ce1a665bc5419803ee72c03dc3ab7de18821e63c53cd39a4400e49a4c10a1dfe25c2893262030100f34c9691724694681246b9ca4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c69f54a460b3851f1ef402e4765980bf

    SHA1

    1492f9cf9b03b4652093b2ab7fc6d5b96a3fd91b

    SHA256

    43e3f675fe68263735dc2b2df7a6a5fe6ec6efc171ab0a17f230ac918014e4b2

    SHA512

    20eb5886c9dff08f7bbe4f526c637cb272ea38a6f6cc66971abfc50c0f0d90241ed326146410a2e81bb9da68bcfb9d82fc04bf553c0fab2a4d0188d39a167edb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    63fab34189a5e90b0150e685959a8947

    SHA1

    ba22842b3a27bc6c8f2bad829fabaee9c5fab949

    SHA256

    b224cd65010c5f31532f27976318c3f77b521f33c67f891a191ba820473cec8e

    SHA512

    a2c515192c8fc0e3b2434a1f559fdd989abdbbd25547be9b3a15915a4238632f3dec7da1ae45691a1bad803c10bbfd7bd5b637117ac61c04b8133c218a98b97f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6f31458c6f26340edd7f195339125816

    SHA1

    cc083e86b380a75afe49d7c1877ff78380ef6993

    SHA256

    7d52977de3ad4085b0be8a8d3b10ee57d93847f44054f69616776fde095dd826

    SHA512

    b82349c2c7f05fe2bcd28c89fe3ed4a16b7cce1fd9bdf874868ff6957c4c8df831879496248f946bfb0e59a9cd5cdfa352b4bb1e8ae60a655abb355d9de69c92

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    79bb593415ff5bfce894bbce7cfe7c13

    SHA1

    2cca99b9118a8146f5cdae9d468a40b2e117fab2

    SHA256

    bac4c6975245ed16b5ac913b0382331b999ebe03c801b8cd24143184ed2c1037

    SHA512

    4b342b33526af5caa9ede149154c290611d7ac0875fc8be03743364fb667b09e7f6f07d303a23241ca317119618810daba58638c49a5bc5d7284b5c7e40b4e4b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c77235eed21943e7733677ec592e1726

    SHA1

    e641423d18c194c1639eb99a7b4b100d0538f8eb

    SHA256

    f700c1b4c28e15a3f090a22d62118047b87fe2054941cc3106c9d3ec00638736

    SHA512

    4652346f7f375c776476a9417d8bb1dd1486e83bf8a405e2338011e00dd88ccdd26d730a3e10199e6f68942e04b6589298bc74c2b2cc1c3f1fbbe3249822b0d4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d52738101610e433c6e795abf7aec42d

    SHA1

    913e87b5f9c74f6890bd73b5b77516351c20ec81

    SHA256

    a64997adae49f32d20052c35dfc293e8d485c254f55870650a7af3d0d54ea817

    SHA512

    7df1a87b699f847e32463d81df3798498ff15b37b997ba7b51fdf2fa174df9981216213512ac3f74160df4491e84a96812777328de865a0d6f5445dae6b339f9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    353b168cb2b6c1024ae7aadcbc2464e4

    SHA1

    cc7a0bc8c62ab4fb967ea8d8bcc196196e181e1b

    SHA256

    f011ce51581fa062fc52a3105701098c04a48bfe8d2a22b74b6ab97e904e6d9e

    SHA512

    9e57fefe16065df7c05bd289ff3f4d44221948a44dda5bb67c3a52d516e4a5b23baf3f94a62b6cc6b9464447d132c0970a5987569e981a6b572d2402e06f0141

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b0bdfa8e548585cc553baa1b0100852b

    SHA1

    65e0311144e0c078c75304f7ea85b1bc74533be7

    SHA256

    68a9dac85794061f56d84d7b0e58f38d497f9a459a77198dad6ff1c8bad22887

    SHA512

    a0bee1c2f7e9c785f4a56516ef04afada41e44bec74e39ab3d606e71bfc179f27de69d955cd4e9e4579098b3ac876e9ed5cf805e2b275708fbd52bfb5047ebeb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2a29187747bc762f34192d18d393ec49

    SHA1

    3a06168d483466b6b1e1dd48c484230a97b7257c

    SHA256

    fa27b219a748b11ac02f3e9e23275036942b6162b3a222742621c67170978edd

    SHA512

    1f79bf98651dc28b853302380080facd97200b9eab4b2442993af4e7980856bc3eacfc3758f468443aec51264e0c3a33bbd9192938c77862795b9055b4134560

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b66261336a18c9c14c1ffe0c288a868e

    SHA1

    bd0891f7ce0e07d39d9b83b8e3054d8e7064df6d

    SHA256

    b6276bfccbfb3840a3ece2640f01674037b3b07be4a203d6bfa3a46eb919b244

    SHA512

    a9497b87978097d40814a3d70c640b82819ac4e431cb4c3491925f8b4ae1264f83988a086966d9991752210238acb6313e22360a0ad4afb7faab55c2154ded5e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e516c80c76be19a189e3726b3b6844a6

    SHA1

    65c5f27d2c03a3061a7922c70634ac86afd7be72

    SHA256

    b2be4d1b718e0feeef7d8e8c3736fa75e210be2fb39751494375df85ef13f862

    SHA512

    38e0f64061b63e77dd4af802f6c7cf270f4b6b4331e120f2cd93fe1425fea3daee355aebb6d50e282842805b054f08402d76ff67d251b062140e5f6572fa6a0e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    b30c031dbcd6eb7547a639e68e114c0c

    SHA1

    3b041b940bd851aa9756c511bba1890f54d5f1b4

    SHA256

    c26a52e933b2fd3b8a929ce23768fae1c1fba764012561f73bd5c9b249ee81d7

    SHA512

    60e9d4e86ff7bf2014ab6db00111dc525b3b1364122241d26a654fca20c225e385f6c89abf1a85495039f9f76ab3c6411b9fe7d9bad175a1bc6368aab0a9a672

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wi962z5\imagestore.dat

    Filesize

    4KB

    MD5

    cead091dc32ef322484fbb183a525b1e

    SHA1

    a0b73606fa853dcf35058884d27844a730317da0

    SHA256

    1b1ae0bbeab752953dba8dc644a98f230e92af2a09f9e2992a47b2431ddd74e6

    SHA512

    9a7eaddf16e60711155cbca96007a0c00f327ea673d3c053cc1f923637468d17e350f4b9ab2d2fd67c871326aec0ad986574782c4a7d33b8bb12b2b7fef9a3d7

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRMHFE1W\favicon[1].ico

    Filesize

    4KB

    MD5

    036aedaccad59201cef45614dae4c901

    SHA1

    44c80edf16020c31a29efe346cb5ff2dea20df3b

    SHA256

    00d386f73149b711191f9efea873474a90266bff140870098e82c98d9cd4714c

    SHA512

    c799788b6098ab5fcddf45569147c1a9c65ab9afaea8a009c71d81ccdcb15e4deee7731ec4a1deb17db235a2860b9d40d4c328a1de22d1d7a492dfe092b0bb67

  • C:\Users\Admin\AppData\Local\Temp\Tar2708.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • memory/992-0-0x00000000002E0000-0x00000000002F0000-memory.dmp

    Filesize

    64KB