Overview

overview

3

Static

static

3

6179bf4ebc...18.exe

windows7-x64

3

6179bf4ebc...18.exe

windows10-2004-x64

3

$PLUGINSDI...up.exe

windows7-x64

3

$PLUGINSDI...up.exe

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

FLVTubePlayer.exe

windows7-x64

FLVTubePlayer.exe

windows10-2004-x64

$PLUGINSDI...Ex.dll

windows7-x64

3

$PLUGINSDI...Ex.dll

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

1

$PLUGINSDI...ss.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDIR/nswg.dll

windows7-x64

3

$PLUGINSDIR/nswg.dll

windows10-2004-x64

3

$PLUGINSDI...e.html

windows7-x64

1

$PLUGINSDI...e.html

windows10-2004-x64

1

$PLUGINSDI...w.html

windows7-x64

1

$PLUGINSDI...w.html

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    21/07/2024, 21:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/welcomepage.html

  • Size

    5KB

  • MD5

    1004a88bdeea82e7ef4dfc62396b1a00

  • SHA1

    0de1e852a8349734d726ab35df540d1a1c177c00

  • SHA256

    e3903f421979faf30a9324b35cbb4c2aadd299efa1cfb3e48446f6703207ffae

  • SHA512

    71af71c78b74d53b1ab3180519c66ba2982ff2b467bb9bedf5b410a0543df22e39c49fae7e8bcbc12cea547aceda17828ba34bc8717c2bd5da23bc0f7a7eaf82

  • SSDEEP

    96:SI32bJiWEMkTSf7qOugnffDbhIDbbE5zDbnwEqqc/zIxG1Dusp8V+N35yN64WVA1:SI0iWEM6Sf75ugffDtIDHEBDzwfF//45

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\welcomepage.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1488
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1488 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1588

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a2ebd21f2808331aac5c835c0b6943c4

    SHA1

    139a491b0dfb0dd59b201a26efeba3e81c7194c3

    SHA256

    403ace2bc8822ea1e35deee27389f04c62e7d3c7539da99e620a3261dd90d03f

    SHA512

    9210cdc0701c18f10b353a20f59398d6861db51bec355cbc4dc8ed595d4701edab87d7a8f7bde98a3bc4db92bd7a81a8aa18ad071bf369b987e7c03a8a2bc630

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2bf31f8a64e462718c36544548322559

    SHA1

    e45ffc1b594da4ba97446f99f7d612cc01ba7a5f

    SHA256

    ea5fb39f5cbf8a99a08ee5172a95100d0e0b7205ec9fb5e21611dce25ce3aa55

    SHA512

    a940db176443c77d336cea915fdfa8bd0f923d47b1ff6f796461b72b1ac11e4af40ae5087d4e499a690b732374123cb0ce77aa83bf78a438317d4f263d6e2878

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b31f125d4cf6d70d6896548c9250b785

    SHA1

    5edb3ad5a836b554eec1c9b6641a36450261ca2e

    SHA256

    db1af1a4d2bf0444e7adaf0832cba535c9b9fa27fe69b9fbd8cbff6f9bc73f29

    SHA512

    52455f122431880e016d659440f21aad1a1c469d0dbccf881a73e6c877c3ba5569d51be747ff1bed0735939d7e1d88d09897de84ec37fa4182ed2addcd503428

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    31c52d524faea78847fe973b8fd75c3d

    SHA1

    0ecd35ab4d9c3a482a284e932c2ab7cace877968

    SHA256

    2cfdf2db0df6bad47e7302dc9da71bffceb62a80d7bc9904e1147ab6ce883730

    SHA512

    8c2c1d365aeeb28e9bd7b93283cceeeadc26e2e54e2acc88e70a07dde625da171a15e266ff323d78e3efca7c9db7c8403c0bc7d1b775671a312f75a822bee6fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7b4efdf309ef5f85adb97f4a220d023e

    SHA1

    996fe8c51c8ec7a054071a41d5d4e4aad5ea7d8a

    SHA256

    aa104cf7836f65d13eb7227c8dd4e0bbf5db7a7d6940766d01ef3f3b7c6f49ec

    SHA512

    2ce86d78324d8562d8c9b8cd17cf388f42de69c456b7c8a307f65759432000c087e0d8799235eb745806394b4a977cbb537f1dd118f3a408ef1167b90aef0720

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    631ef47d7e1e4eee7070baea75c118e7

    SHA1

    b18f6e1bfb1825b53ee1827c75d3f78bca33e9a7

    SHA256

    f971db744edcbc9d1fb39d1169e8106c083c281cc7cbdfd9c9bfa2f3983a1db9

    SHA512

    653dcc466af8e51151998d4873cb092c9d7e3224e1ce13c117105232cfdb182a7b6980529875658a73d5ad335ef747c61f47ceae99ee38c026f03b14153aae19

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee393603882dc09cb2cee11b359066ef

    SHA1

    2d076ab15e4b566f073f6b61701b0a8df73b9ff0

    SHA256

    a788bdc75a4b2c513d8cf3efe78f1dae632c81215a73d9082ef07e140e4621ed

    SHA512

    6df14ba4259fc2f3e19b00e2da0146a092cad2bca423677d10a0211f833c267e980aec3ff594569d743f94723df4eb1807f63ef68fa23601d6c3926e561bf5ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c750c273c8ba88141f2f222eb313fe18

    SHA1

    58273223802d677b30594733a8f786bc790c3d31

    SHA256

    630456c25ce7a6bf0768d1a50cc656c7e2ed78b7c875ba7f6d6eb524ca800e88

    SHA512

    9ac40f83b4e24346b17554d10cdbf912a0807b0fbb196b9182153b0ac4853c9935c9219b6fbee55e7e23cb6a01833ae2a6c6880188cae55288114681cbf15fc2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3532ea73cc077fd06783d61276a5def5

    SHA1

    b59725ac28bc0b1be544ee6e5170fbbf05a8d769

    SHA256

    76c3b1a2cb5b65cd6303f2d6bc2c4f0f566e4b1e79d19df831c06232509a6307

    SHA512

    4622e853d023993005557975892b773136c705650b938ee16d7c93fe474e11f55b7d5a7355521b67d230487d42555d3ffe44ff6ce918c0087027136028216f80

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4e494e536de0c6ee78907db5859feed6

    SHA1

    789f673e036b6f68ed56a5566cdba8063d43e4e9

    SHA256

    cd8e27c03c726bfad3a59ac631fcd2f515600b9341603ab54f65819b441a5437

    SHA512

    4576ad0775ec1266d1cfae75ec0d2827b14d2c67e64a26664fa270288b49f48bdc7cb39ac0cbd1ea6fd7ff3bb1279bfa69708df0483baf0e1be891c61156b553

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f33e9de89d75e5071cc3970f2b015dd0

    SHA1

    a78f16dc600eed13c03692331e5a192b1c2ca796

    SHA256

    3a7874de39304ddc0e82c71b29dddab034852d9a3c11ef33b4e35ea9a3e3971b

    SHA512

    b5ec15d1beb4214f7a2efb271951e41ab0fac3ab6d3653cdfcaeff6984704083a25a68009cb1466e9ac0cc940941858fdfb0771dec39b323535ddfc291853d54

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF569.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF608.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit