Overview

overview

7

Static

static

3

485fd9e0fa...18.exe

windows7-x64

7

485fd9e0fa...18.exe

windows10-2004-x64

7

$PLUGINSDI...IE.exe

windows7-x64

7

$PLUGINSDI...IE.exe

windows10-2004-x64

7

menu_en.htm

windows7-x64

1

menu_en.htm

windows10-2004-x64

1

menu_ru.htm

windows7-x64

1

menu_ru.htm

windows10-2004-x64

1

uninstall.exe

windows7-x64

7

uninstall.exe

windows10-2004-x64

7

wit4ie.dll

windows7-x64

6

wit4ie.dll

windows10-2004-x64

6

witapi.js

windows7-x64

3

witapi.js

windows10-2004-x64

3

witmain.js

windows7-x64

3

witmain.js

windows10-2004-x64

3

$PLUGINSDI...s.html

windows7-x64

1

$PLUGINSDI...s.html

windows10-2004-x64

1

$PLUGINSDI...n.html

windows7-x64

1

$PLUGINSDI...n.html

windows10-2004-x64

1

$PLUGINSDI...l.html

windows7-x64

1

$PLUGINSDI...l.html

windows10-2004-x64

1

$PLUGINSDI...Ex.dll

windows7-x64

3

$PLUGINSDI...Ex.dll

windows10-2004-x64

3

$PLUGINSDI...l.html

windows7-x64

1

$PLUGINSDI...l.html

windows10-2004-x64

1

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

1

$PLUGINSDI...ss.dll

windows10-2004-x64

1

$PLUGINSDI...r.html

windows7-x64

1

$PLUGINSDI...r.html

windows10-2004-x64

1

Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    15-07-2024 05:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/Confirmation.html

  • Size

    2KB

  • MD5

    191aceafbad365636cb7643c203626a0

  • SHA1

    eb6c68d54d6a000106ef98333e70a67095eb0012

  • SHA256

    0de9b6c025ad8da5dcda86652f455edcac12737a8975acd770af18ac32c0beea

  • SHA512

    4c3b2bda77ab2d52812acd5250b0fbec7f7be756d3e28ccb9e1c401177e682ca1f020de61b3311635829825365db222000555284502f8598332fa48fa5b4fcbe

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Confirmation.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2552
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2552 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2232

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd5f95772451e1f51fee0da8eff85c2d

    SHA1

    443c6c7da9034e04e971066b8366022077e1f109

    SHA256

    c79b86c586598e40a7cae56fc3f1a47e42040c901c66f965ca29c21a07251a21

    SHA512

    3b3aba08ea878cb02f2fb61107a0a6a2c4bbe78e8fd419a24642c9ea41b353de877957cd4d042092af13a7b16252c1f9de3675b790ac0dd22bffb620800a535a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f2a05d64e1894b70c503c905b7ee0b8a

    SHA1

    1dee7ab07151037f268f4f480d5c96078eab417b

    SHA256

    faa39ba645c503c67f5d48e1c25f2ab348ae6b9ef6ac417e0f0e196ee0749a14

    SHA512

    7e783802e67d5443ec371a55419023e946537b6da8b8d7341f5003d50c394d739c4c24e65e0b7ea834a09914f379208c35caa306458b66e104501c8a8d304e43

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    48bb3ee0e366a470558415fbfe727cbb

    SHA1

    0357fdb3ec674f4ece46a6326dcff40f7ebff042

    SHA256

    c5b103849fb5a42f7f9b38ee41464f57540392c41b2bad070123af82c8428878

    SHA512

    7ff0655466aadf1e67708dfa811bbc0c98707d4d29d61e4d9744c0dd4ecda7d79cf93beaf6a96bef4e961091789abfe5e9075e492f5a45ddb6602a6b5bbebad4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8d809b4260485f51a70bdde28c713f48

    SHA1

    3b429c5803dcce7878fca4ec680f78cee45f7b35

    SHA256

    15d0cf44e2cbda705245f7c12c04100c02378e466ed582f9a37bf9e0a60a685e

    SHA512

    020adbdb451b71bbcfec2c24535da76e8e05aa4f0f1b45e57943c3d38fdcf5fce023af3103d21b12bfa77e17c61b6fcd97c3aa1e49d10b675117040d6340b382

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    93f73aabf167a5f8cb7cc665154aa77c

    SHA1

    532f34b2077171b8edbcf9a3623169a477313e0d

    SHA256

    9caff7acb5dc235464ab3d0cab62d1172878022ac227295cbb0b0e7f11624bc1

    SHA512

    ed07ad3f9ccb5c45a616ad28d29bc8adb7d4257ee0c9295b74de66832217262f4b98d2e654b7c89f89f777494d19ff324476f1f14acd2f954a4019a14ead7071

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    25390f0a5e1ab3be29bddcf29bd5a125

    SHA1

    2003b4bb1c68d3d325fa9ebbc7d15210bcb055b3

    SHA256

    e53cde45027dbf3b2308ca46cb56aa449caa13a26c284ccc1bd00ed2f3a74ff6

    SHA512

    58ca50431379513b9fbc48a15bb65525dbea6e4fe364c43d19c648acaa83dc4a39c801d22e0e5aa126cea71a8b53934e4ff62c2694a24bf5d2f860e32c64f689

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    15601dacacaa918100fd2a753f10b909

    SHA1

    c901444ec2604604bb8514494a7925de33686e64

    SHA256

    ff9e015f175a263452672f048d31c0852fd230fe2d034f3cba001450e6dfea9f

    SHA512

    dd85e13af65b79d931447785ed52dff3f76a4b444f1fd8a91de2945231475ce316864af58790f45d7b7f6d68cd640449b76c5a8615cea2a8150d4f09bbc5942b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b974726744cd71d6d34b7b4dceb9041e

    SHA1

    48c7dcd14e59e9e71a092bbc483a88910cbf14e9

    SHA256

    c35597c28c407772370af691bac34736c271c14161d7571d3a5d4c045a99d6af

    SHA512

    5f8b2cb859a1f072fe5f33fa7739f8f097c057d0754876ca76dcedb499b5220211e733b9f976d344eb9817d54043901629364d2ce8bfb03b486d1c31be48984d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    abaa7d0d216b4323bad2d681c528c6d2

    SHA1

    0139e40d256beffac042d48a04ffe0177be849ab

    SHA256

    3ee59d6b2049658a2900d5984d6fb8bd6df5ee4fb525ad572200ea77b2c55879

    SHA512

    e98ff12420b5c50a49dabc648ad2d8516ade0b1a2f9ae4345b45e71f27b580779753abd574ea04095150e2d3c04fed31d382668c3bf998cb3cddf4ab9352ab42

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    330d68b76601f2c2e5df084aba66d4e2

    SHA1

    452b1cc0418184ea2af477d6d582696f378a6fce

    SHA256

    08c47cb632e830b045e87edd4e3cdbb52e804eaeefe546575338d84f36f3046d

    SHA512

    b22ece4a2e4d28b119674541ca6ca1174270168de258be7dda6ecd5f4d195f28f0636c95a31fb307d020a2148752c59fa9502d7df4970542fb0326edc0c9dbca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b56f1bcf1b90b402726e36c41f698dca

    SHA1

    1ed8077330475e4e62a144ca98ec5ccc87bc5269

    SHA256

    16738371825199c77da49de4aeedecf57f775584eb406af97a5b2ee9e4e9a51c

    SHA512

    4ca87d521bf1da2e2d40b3327d33df9ac04c4feb38c5c1c3717fd68a99de356e252270cebd4842b3679e02778601af8218ebaff706d77c7cdb980d9f06abc7a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2fc3879e70edb2a52c301980a377ccc9

    SHA1

    7790ee0dd89ea56b202d963ba5ee35906323f114

    SHA256

    33ae008813641ea9a70c17b0f3245a4cecd233344eccd251385ef95040383564

    SHA512

    ddb8501d6d163c15dc2ad023cf3ab7a55701fa4d2004b5cc8bdefd2638e6951fd013efb5d663a7b6067f125532891d00b146beac53bebeea0db5f2d451e306c2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c8adad1e919bfe7a9db9e2ddfde9cd67

    SHA1

    ac7325fa4fedb9e57427926cc5ec199cf4e46bd5

    SHA256

    55e62c291c912fbea731299ff13a0a49a714d5ccaa00d4d87ea126b70e631de1

    SHA512

    1a8e26e4e21250a892cd4ba21884dda65adaf9578100ef3047da95235b3bb2695967171ea03f97c767f19974b8dae3658889e37cedcc6703540859c433d5089d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    72378071d93a677eb00828aa85ec58e2

    SHA1

    35a6ee36abebb722183751d8c5934e4c8e78483e

    SHA256

    cb332a07bb550c2e8945370a3e68947a72a498f8c2e2ddc8f9cd92f52a73f46f

    SHA512

    5c44b54720310ccc7314ec06914263aef9810274c5af00365db8d155ac5dcbbab5f3d2424a074db916704eb1647f9a483c390926412a50d09c6a160a4acad960

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ced75cf57e63f82b491a1baac2d25a94

    SHA1

    139561ed69548d3bd13e1b7afff239d487277a1a

    SHA256

    51b956c15ffa7a90b4e6ad2ef19780ad283b78b3d1c22c2d3d0befd1742f540e

    SHA512

    c8ed2073146f8c6c06c1340608fb5f6fbdcd420945bee380b16eebfac262e97fc60d7633f0073d3725935bb358ff7b3e93630a830402df502460d55292e98d6f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9c57ea06bf630868fcff03ea2be1abfe

    SHA1

    d110ece23d695dd885117f692f5963cf53e9a1dd

    SHA256

    dd4a922a64ce9b0964ec25546d99454269224d20d9269a5339e0e1b39ba2c8f9

    SHA512

    4f1f7b89d1f925745db29c5aa2594be611928ff2869da0221783a2f04c0569b8c60496310d1d05fa0d9e96c02c551475ea0b7df966ca895f359b3808c0edea28

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dfe50aed8f0366d53e50574ee8252681

    SHA1

    95c92d1880c27db9cc73168827f2b8eff329f579

    SHA256

    0399b098a2309221ee644a6df57842e7313d5299bdb5924f914cc5b37c32d312

    SHA512

    dc4446097b83bc5b9037e8470296bebad435238753b04bdbb490ec7c164509f5dc39407d73e5abd0279415206a32449ecc25da2ecd35d0cf7403e10fd5768b61

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    73dfa77e1ffa1f37b7f68522f66c3c98

    SHA1

    f9dfbae674a869fd584cdb9b53fb803d8b3d8cf5

    SHA256

    f3e3db056cde0e12cab94c95fd90571f53b78c2ea4a6309da7a387d4195e2a59

    SHA512

    01202cd27b60ab4ab4182a0c75285d2c763861a351a7e3f7ba22761f0a3def42a2a42f39be0df90ba7ba557a25e77aadaaff99d1b915e558384dfd4a3ef5dbd9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    af0fb2a629028f8e7e93373d7a6bdabe

    SHA1

    18bea2daad990abbefa5f95e76e482865668d48b

    SHA256

    04856614c971e9cee3ac41685587a676688583e031da2ec0d88c305304241db5

    SHA512

    b5e89f7a3776fe15bc2310191647ae9130903854bf3ea807a0acc7e5a264d9b78ee290f9c6e5087e8ebe57b3665b3d12cc68809092c99353380930170a418429

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5850.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar58FF.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit