Overview

overview

3

Static

static

3

4963b47a7a...18.exe

windows7-x64

3

4963b47a7a...18.exe

windows10-2004-x64

3

$PLUGINSDI...up.exe

windows7-x64

3

$PLUGINSDI...up.exe

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

FLVTubePlayer.exe

windows7-x64

FLVTubePlayer.exe

windows10-2004-x64

$PLUGINSDI...Ex.dll

windows7-x64

3

$PLUGINSDI...Ex.dll

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

1

$PLUGINSDI...ss.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDIR/nswg.dll

windows7-x64

3

$PLUGINSDIR/nswg.dll

windows10-2004-x64

3

$PLUGINSDI...e.html

windows7-x64

1

$PLUGINSDI...e.html

windows10-2004-x64

1

$PLUGINSDI...w.html

windows7-x64

1

$PLUGINSDI...w.html

windows10-2004-x64

1

Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    15/07/2024, 10:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/welcomepage_noadw.html

  • Size

    5KB

  • MD5

    e46d56308f9812a43b025832521fa69e

  • SHA1

    627b206f3bffe6f2d5e662101c155720615ee88e

  • SHA256

    09f863f9bf5940d35976453c5266a9d8a1ce87e07b8dd513e7574cfaef735d34

  • SHA512

    439c73dba7fd17da848d9a4289b9b7f25e55c4fc3e98d6d3eeef160817a8013a796ff65e12b30e41827bf2110e71bb4b8358ca182783b3f22502707a69d8d7f5

  • SSDEEP

    96:SI32bJbWEMkTSf7qOugnffDbhIDbbE5zDbnwEqqc/zIxG1Dusp8SNy7Pt:SI0bWEM6Sf75ugffDtIDHEBDzwfF//4j

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\welcomepage_noadw.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2704
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2704 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2720

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    54e209af35aff0ab29edd386b6d0eddb

    SHA1

    5db0c373f2181f016b250edc3924b07b4c981186

    SHA256

    13dea88b762a8bb3664a78eba8344ab89af4a9019890484d1fd66f319219306f

    SHA512

    8278ae1729625d11e352154dd542611e83bf7d9a098c5688b38fc4d92cbd6e8595eabf90efdd56c714f6e2678342d6b5db47c138b65f4daf165c1613db89e191

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    630f1124e1ab04749d8dc682ec7ee11e

    SHA1

    8b7a89c0463f0c60e50c3ad721cf4328c7c7c303

    SHA256

    ea76bac4bf8019c065ff37031c95d47cdb29dce439cde4f5eccb3a4897fb6b36

    SHA512

    39cb5379f848919b9da1a2217e62c4e1ded203d94bcc2ec9d2d775b09a41ded08f8b6616585714c21d7c50fcf1f98552bc370e96b4d37f9618eba3091b855d58

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    880d4abc3c4f3e543be1cff6b3636f7a

    SHA1

    0d156ed357c6cfc5f9eefacf12fab37c262958ac

    SHA256

    913a75633bf0a83de9d80b8e97dea9710c2c0df568c4081b988fed811b45b1ba

    SHA512

    f3a68761da78d5a672d2534092915aa601b53ca6d9f2063f3e488ef4da74e7a7d088be8391413f0fb6972f4a72713ead11c4bb8280270f77430e0829482434d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    f931e2315388de8092531f236c9932ed

    SHA1

    cb8befbd06faf23d6008326115a73ec972814e05

    SHA256

    a24416681b57325abb1710b4c482568fdb70f199dd485c08c104d9e56ec77cd7

    SHA512

    1a34c1e49b515353c2b61719018a97e288e8f714c3e2c27dc13fe2ff570384e31073632f8eca82afc246f9783a54dcf827a1490aee72267fc29d04b9fc8eee8a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    a72b3b67883d52a169d85a75b5d9f79c

    SHA1

    7e9a0e8a44ed0e3db2805ed3c72a1fad015be1ad

    SHA256

    f7b0e49e57d3e2f5ade6c67a2a37705cfbee936a97afc556c58e38a4b7a2e370

    SHA512

    fa8e2ab55327b8fd4b31a329b75b443421c3ff5b23e2068fa23f29573a1911909beae9fcc1cb6c79f4ffae7e39fea23baf592cae4ebeb9e523691af86ac6cef4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    d4ab2bbbb2c33edff781b80240ec32ca

    SHA1

    116ab0a7cbcb99df26305d3a4cb60404716aef8b

    SHA256

    a86f5b9b32637e73613016d21f4dd14f9a26c73d302673d6021f1488d8c7dc2d

    SHA512

    4aa7873bf3b2562b87d84378ea50a52d282f6ddef26dc6179784966838a5a5ceaf8dbd61c40534b28c57ac50d4f61c40e9499dde5fe045428a7906e1d47e4d85

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    9ac23337239afbe1f16c4df3c4b78a09

    SHA1

    c69c4fb740582f0088490b34e541d02192071029

    SHA256

    5d28f50790eda715760877b2be749711f2f6fa83c66b954135a5dc24eae75ee2

    SHA512

    a3338d6234298934eeaeb8bf68a4b2d6903fdec93a2171353eec427dd634300da29a3c456eae5e0aa118b520c0c1412f593864bcc5184fa52a1841f7e7f9e641

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    108cc64ed06201d6cd3efd26baf064b4

    SHA1

    5cc20730b03ca2c98513b07f887156645684d498

    SHA256

    c40c360c9adaa78af98b9499cd60868253016452afd2bdd0233c4f6193de0c4b

    SHA512

    4dfd18b06a94e44ebae674d045b5cef05c8331b1be9dc69fe570cdb6c1fc5dcb734415bdefe5c42b245c252ebfc68d4c9a79fddeb0a7258a17dffa9c2aeecee7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    3f31ca1c7f9d7e3b5a3c446631d45986

    SHA1

    f70339fca324230f53388eb752bf2fd4a5d0ca62

    SHA256

    6bab771b6f4b2d8dd9f7cae08308267ec930f1556620b502707e4c5645d15e93

    SHA512

    2adcfbae3498ac3ac999238a9d7ebcbbc1f6f3c9d8c5f2b20794459e1757e6f0b5593d9b3f08ec653a43d4f4a5d49d4a1682d4c55f993932267e266e072b8863

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    37355edc2ed27d2543a9b89bfef0853c

    SHA1

    d8a47d764831c719786ada3696297a689b239977

    SHA256

    685540ff889374cd6e2cbaae5b1153ac800de0ea890e4585095b51a2ce5c6171

    SHA512

    f046585b7ebede41eec4e89e4850f328c27a32e353681b4235fc47130172e3a7d856ed5f61c8c6484d422b631ba726e289830748b6d2b490ad1b19f07faa2d04

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    9125365045d4ddee4b99771f61f17189

    SHA1

    861f230d8c2793d95ff529f1dbd31f9316b9479f

    SHA256

    5c77dc253a05d28ddc727e5d171edbe651d8498b3a880faa1e8b12116e68bdbc

    SHA512

    05073536fef33991a528500990bc5b7193fa3d148221587ae168ae24dcbba1d0b4f457d010aea377e2723444fc131cf3d687fb97716cdbbc25f386e530e1984f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    c8c4cec77adb1d87d801f7593fe6795f

    SHA1

    b63d7c0def6444a46760d9d0b7cdc2742d058843

    SHA256

    e2d1064eb78620988b1bdbb241f2129d139d0fc962749fe7e06529f933f7f914

    SHA512

    24c5532acefb462d17d0824c6250e43ca3e5069eb0e383ef2fac9d1fdac50b4808029996a4a3fce64a5cfa93cc7b78be4e8306e259410e3cd289a0883d894cde

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    c8a7c0e10e862fa9d0cca4b9f9d7c887

    SHA1

    3115d1b4b8e5bbf51c97d41f7801d7d7e28e1ae1

    SHA256

    38262bb5dacd4d6d5d686acb3737bb7966328a09df38b127b9c53db4c574e693

    SHA512

    b6b2bb389125c0b37a688acafefa6c8640d43ba9ed3e2dd5a19de90019e806937a5b5fa9ccc74fedad19f07cc25dc6d7c0046eab82602f434f2640638e61840f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFDFF.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFEBF.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit