Analysis

  • max time kernel
    134s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    19-07-2024 20:21

General

  • Target

    $PLUGINSDIR/eula.html

  • Size

    13KB

  • MD5

    7197f6e7c27f2b94ccee5fc50c6b1ac9

  • SHA1

    5bf468cb2444a7a1a0defa79fd42de9070bbdedb

  • SHA256

    79f33058f84641101a85973c87bd1514a01936e11c50ec2d07911003be0b9cb2

  • SHA512

    e1d2bb55a095cdab6b4093920b27b53a6def1a5f72454e7de3d64002b0889a5f7ab80a009e36ec47610a750e84b85d06aba2b43d85a5858396ad1e5bc40c9458

  • SSDEEP

    384:CjJ8hBr9T1oYY4Ek/CiWQ1doxBS1HTj6uYJ2:C23vKqCiW0IStP6hJ2

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\eula.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2812
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2812 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2176

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e640fdbc744211b93f9c370ed9892748

    SHA1

    120ae6b9f7fd7581342809b2f23293eca191f93a

    SHA256

    552ea2af65924c9168ef78eccdeacb0c02259341d76a0624ebfc8fc0d63e90b9

    SHA512

    3d99c6fe785bd8a217e34305951fd50e873203a0095fb086c8ac7106290142de313d77f8b9432a6c83631c8126281dbc85feb4dae306fa779722ef47ad5ab419

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bcaa8558e7542951d77ab3586b6fbc3f

    SHA1

    22dcfc2c858c9c5d99cd508e4ce14790a31571c3

    SHA256

    4ba5b4ae4a7909bbd064e016943de2fc73bea97202dfc0b06057a633beab80a4

    SHA512

    2c23eaf6d8234324b20f9588c46fc1fb1a52fe1f07928da7ef847fa39654bac49e2e804dd9f3face8dfcd0a8a914a4db52308d6722271bfb55efa078baaa34c3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6dcd78f04c8ba06c9535b74fa46dabe2

    SHA1

    8acd53eb0b6a6b36dc17cff7f51ed74a71fbb8cb

    SHA256

    760dc3e012c3bf0fbbbd51f9c47328094544a4fd9a5ff20e1831eb5b066f1903

    SHA512

    e66757d077dba5abe9eb42910fd3e3fb375313935b5d27cd0ac8a04b67ec3724375483c0f4f271cea13e6ea0d8b9c6576bc7c90af780f8a3ebd9803d7109ac11

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    db23a114405756688c01ecda5971eda0

    SHA1

    dc2a8714afe17a60601373fb2820c9bc63b2e310

    SHA256

    5a6ce2eaf33a7589cfb58a599d89413d9a7a1286744d9945ef7e43506e90afb2

    SHA512

    dece16ecef6413736b810383dde9d429c65906618314636fe07629f7851cfd1e0c14f82c894647daabd3ed3c9affc3ce7ad5f891742d0c05363fa6fc29db4dbd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c25109bb7615ceb53d8f53c5ce35eafd

    SHA1

    bcbbb314ea9870255a74c345aa6aab08e39786ff

    SHA256

    4d8c78e80ff4995662b9f56be8f161f1801a53d8491e47c360ac585b93caee0a

    SHA512

    8075281dc480cf3086dc0b79974efb9b0fe6e2e6deb84d56c5bbfeb08eee6f279cf30fcaabeca80fb25c1e8919775c8a771d256918f74c4bbf3b016024c3930a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6e3a284a1a8fc355c3704335bd2d938f

    SHA1

    822ab7df74a68835114c1d1d80f7d6530f3fdf92

    SHA256

    11a07c0ca050a14c26725fef5437be78ca4282589c2a5f5ed959ee885a6e97a2

    SHA512

    968406ed60357cbe9122340e23a57691b157aa677dac55359142ed214f0b972ff76540bdcade2a2ca4da5585887c3db16fdfc6853b0ad9d913c2ad9987263e0a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f1d6d3ff3d02ea7a009c42f14f991601

    SHA1

    a5f42e07a8e1e331f3753abd64b6f64d598c9f96

    SHA256

    62b24c9d659a76032a53ac14ae806c13904fe4522bd91e067b98e25ea5e2891d

    SHA512

    a4a1fa5f01fdd88ca6b1f594e77daa90d532260770176ccda01f14bd4ee1c5498917546e80a2eab424808a7e163fb452b2609f24765d20900a32c61e938c0af8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7dddd4a6805d919b6d9e65b3254e4174

    SHA1

    6abe506f5e94dcaa217cf68cb4f474bdceda89bb

    SHA256

    9c998c000155a6cd5bad6d9d27deec673f7c57da8b62f35fa3fac158ff7e2df8

    SHA512

    b6f55a9c4c814cd38263929efa6938790f7e02e3c31167606a7753a79a1df527554d31505640bf27f245adc9fbf2d842b42213f265cbbbc5275b2e1eec1ecd80

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bf80fb8a8d08551690155e4c29a93485

    SHA1

    1208482b3294854c97b20e30eb3ae4acd11ed415

    SHA256

    219bc9ab3244872dc77a47b8a82fe6eefd5867296b1c6bdf6ca728425b545aef

    SHA512

    38b86882e8a9bff691a8afd2153f9b3552ca6f39cf58ae0dc66c4735a46c6c8388f370bc7d65f14dbbbf9a8c911d6c433cd350c78aaefe4325e154f0f52fcf44

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a9ae9fa4d8fc3d3a7e885973fe2a51b6

    SHA1

    5da69436090ebdba62ae033fef58b541339360c7

    SHA256

    0c7fcae303a46887baab6ca4444115c9a5b56deeda7ce658290d1b664d27e025

    SHA512

    39fd176af1dde032721c14b8f5d0c82457f12f799953ca7a7341869d17844e69a0abb915f3883961c20477b40f19178e21d6bf348f2d374a4b1530ca9a4feb05

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7192dc95b07d30db1b28fb72dd7359bd

    SHA1

    12c50e4c695716f383c0e4b44873a8e27983e88c

    SHA256

    20dbad777efa6af4e49ad042c132af9faf2a30d9c0c012022376ca81f11667ec

    SHA512

    0e2fe7a10071df72cd8b4f32bee1e61a3df28c98163097976bbb3c3fb073a9e14b1d262c0457be7161d4973315334463e20e1f28330fee84b8e8f74c5a4e3dfe

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    48e4346e418804e7dd906570e82fba38

    SHA1

    9ce11b792f2989c052c7435668638b2cdd05d7b1

    SHA256

    600edbda38803bd7b231cc21c4b4f2790083762ba441ffe7c82673dab06c8a0c

    SHA512

    3b16303cc2ab90074eee45a3884ba250a2fa073b42365be171e9c0ebab408b93a3bea4e36cb2e10ce19e90b60a6e1c257e038a1f2592eb7626659c68d9f202b9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3be979a8497feb42b87080c289061549

    SHA1

    b48cd90abbfb9ead03bebb61a86c29fe5dae7a89

    SHA256

    51112d0cbc1e1e9f93f88d4f7964894c3294a84e8ec1a584f53186fc7d823fe8

    SHA512

    ae6dfec76964ee3340416d544e55f5d60c157a2201ac278faeddece2b051b84f99a8004be55ae25062658b288ede1e9a9c0c8a043d2fc1a2a27d13247c52f540

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    20aba3240b43918cc945d29329d532d0

    SHA1

    92d9f505d410adc8c306b0301198d2e97eba414b

    SHA256

    3915fd67527051786bb2db676645c1f50ae92d82a8af69f9bc6701100e8488f5

    SHA512

    3d517a6ef35c64a45d8551a9e9a160b8483b0f0d286de8345657af773c36d99a1b8ffcf74294fe1894922dbe7378be110d157c028d5e1cb192c24540d198ea86

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    339233bfac3385385b85b0b167e9cca0

    SHA1

    3e9b29cf277202247267e8a48fcec734e1674a05

    SHA256

    42bc1d489c4f98452c5aad57a26786963636ac8ead04b2cbe00206e074f53224

    SHA512

    613863dbe14fa9c6006f4e70f1c78bb0750d8d4a9ca90723fd7434685162cbe0ddf53009285e0ff35c0876f0a5fa9128363b21513d37ece0547aff8263359d28

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    89f8a6f03112a27ba88c6ee1b7900ed7

    SHA1

    68978430266c723d631787de39b3ac251e4b82e2

    SHA256

    ae15b9c3104f63c1d07b2c27ce7af1f654f37bc7d3ff5418f84eac24bd27a2c0

    SHA512

    d7a7feed10dd2ce26bf6058b1744a1bea1ebe5d93aaf3cb6bcb9788fc911317ddb439ebcf54a1a462aa2ea1f485b1d5f9635b3d4a208072e1b5f45ecdfa6fe7a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0d56949916faa490e65b9f3f31aabf39

    SHA1

    04307d7f90845245924b18c78b1dbeecac6eaecd

    SHA256

    ac364605c29b2c2b52df59fc7ba4c71c125f710def142dab74db2c0de491b0f9

    SHA512

    004ee039e2b629d239cda8c7aee73d06c67041aae448b6bae69bb7b3799fb5c25f167fd9c073234334a5c54b044c61c0ed2dea2631d32ed6b39311c4c59ce83c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    16f0dfdb623ebbbe983f6919f8553c02

    SHA1

    3448e2ca3daf7f1457b24b449c0040e2ae682512

    SHA256

    d6a6312db2368abbb134dca5cd80da19c6cddf7f878e22017e3750347edec298

    SHA512

    f4285a34440b7ed3e874aa1eb4ad7da7da7c009dbb806df33b7b24435874c41d83b8439ec17baa52557aa43240fbba8b584adc5176c4ece241bce478ed0da517

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4fa97e77e66e1ac24bb1039370a68f4a

    SHA1

    9af289043ce4450e63291d7c048f3dcafd2861e3

    SHA256

    a9570007b0fdd18c1412db3a4a0dc36535a75a46124d6ab023afd5a5b8c91800

    SHA512

    c8e916e319313ad0ab429ba2488cd997706ff1178cd64b5f90dfb1bc85031ba4a1dd4a2123a61a46527d736d9d36971a1f44e8d9c59451e4cc17f11004c6ddc0

  • C:\Users\Admin\AppData\Local\Temp\Cab7DBB.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar7E6B.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b