Overview

overview

3

Static

static

3

61a5f3aaf8...18.exe

windows7-x64

3

61a5f3aaf8...18.exe

windows10-2004-x64

3

$PLUGINSDI...up.exe

windows7-x64

3

$PLUGINSDI...up.exe

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$R1.exe

windows7-x64

$R1.exe

windows10-2004-x64

$PLUGINSDI...Ex.dll

windows7-x64

3

$PLUGINSDI...Ex.dll

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

1

$PLUGINSDI...ss.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDIR/nswg.dll

windows7-x64

3

$PLUGINSDIR/nswg.dll

windows10-2004-x64

3

$PLUGINSDI...e.html

windows7-x64

1

$PLUGINSDI...e.html

windows10-2004-x64

1

$PLUGINSDI...w.html

windows7-x64

1

$PLUGINSDI...w.html

windows10-2004-x64

1

Analysis

  • max time kernel
    134s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    21-07-2024 22:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/welcomepage.html

  • Size

    5KB

  • MD5

    4df1fdae99a99c7a202e889dbd41d33f

  • SHA1

    0bef5beda262ac4c011826ef65ef65d1dda5f5c5

  • SHA256

    f5792ef5d085448c3aedb3a5338c1599372bbbdd18012c00ef36f198fc910fe8

  • SHA512

    6471a002a1215f4c74dfb9d3e75815a21d0cefde0f25c1223a8cf7a70cb0edbccf8be54f08008a88a13877987fe29f855bd9b6bcb2fc22b355acb57176eff87a

  • SSDEEP

    96:SI32bJiWEMkTSf7qOugnffDbhIDbbE5zDbnwEqqc/zIxG1DuspXqN35yN64WVAPt:SI0iWEM6Sf75ugffDtIDHEBDzwfF//4M

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\welcomepage.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2228
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2228 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2816

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5470f07938346d4e7f956e2deb44a141

    SHA1

    3fbaeca92466fafae1f59055b3389554ddd7674a

    SHA256

    40136de9daf856dd755f799995df03940b81439f82357aabb8d13adde9dc9360

    SHA512

    98c8c238cc434d40a186b9d5f4d8bba4a1e788eaa255f95591d49aaa16d0c40d0a110c74fe70603761125fcb716ce3933d55f21416c83ebb8144564a458b9cfd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    38cd922ae95a92c08f11c0472fe9a263

    SHA1

    fcdc20f8ef390405adfb2b9155438cd3d536478b

    SHA256

    3d89aca8125d4873032e6d614c082c688f66656134d24e4ede65209af28551f5

    SHA512

    a17de780112fbf44ff9c85736c322893ad94e81d583d21e75ccce93d90c3cf4dbbc4ba2ce10571c2f113b30641e9d5266adf0810791ae66cce86e47cdee4b817

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    52b043c56d8ade5997ffcf813042c333

    SHA1

    0a9b920984aa222d058773069d4eb180476cb361

    SHA256

    1b409def8c4d2e7ef8bf53aa3a1bf511e32a2768b2291dafb423d0a99578fc77

    SHA512

    4a9348a7cd557a010ded5180e57d1d25ed229449b312397cfbcc1dab442139eb95a2929d65863fb52abbc34016d0ceb8477c1d4127b7f31b803c51a9c289c5e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    214f58e8731425f7d0efef5eddb7e19c

    SHA1

    13c72ae3049cab6ed362584020116ef477e7f59d

    SHA256

    9013f87a555a72bf1162bda3c12a0819c165d293ff2df3e2e99523b43d0c9637

    SHA512

    cc24960fd6b1c52e69df6a8038e67f2036625eaa021efa83e7f2a4c747016f90580148ff09b75621db552a011a2ffbb62ab58a509e2a685000564d6a29acf7da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fe907c6bfd3f6562edf6da8373ed8c84

    SHA1

    f72cf787d244d09824c6c5c465fa34dff56b404e

    SHA256

    e514f380b1c281fed38db09c550af56a3719c288a09e26ee3f69ee99b48cd3a6

    SHA512

    d947ef83a96151a06df34aed733f26221b3efecebcd475b4de18accd247bfb1b3d9ebdb8e016fa882780bb59422b6ba5563a5b21a62f0ad67c57ff45d1acb0c2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a9d1030d2b4fff70759342602599dcf3

    SHA1

    8f1f90922d560314d6a4f640c7b3e51050bbac4b

    SHA256

    f315da871ea18524c9e7786003b6a761c807fbf03c0081b39a6229e0511fd667

    SHA512

    8f17c4bc5131a0b716ddebe477e74ebfc2732e0fcc9055cb563cd31ab391a48226d201660297bfabe3f9078ab55d299bded04e3b72e60906d5bc2bc3177277b3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5f00c6be7c0ef525d9f7b66273450c90

    SHA1

    3ca8b773b5730024abbcbdf093cd4e6965dfb8c8

    SHA256

    d0ac252ecc6d7fba282777f35e89ebf7e96ef8892498aed52b223dfcd4c59b67

    SHA512

    b9802288d5c085acf00003b36ff859aefdea59c99aa58168937de097aea0d30926a8bf1a7e7a61f7e19a52d6c52f00eab0371f411850e6bd00ad40a37876d240

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1f3b5fb1ce034a9c2dc2754fc8037a9d

    SHA1

    2999448d0e48fff9e22dccc99883f2c4b7bfe962

    SHA256

    b7dc24c4277044071e8d764756103e871c383a006319f9121796ce1c0384b42e

    SHA512

    bd2b12ec08d5c67fd1aede73d20b1b668f65cfa3130550011dde5742a27d56f8c083cf1999ce70830547141c7ecff56ece6e7ba926498cbd6a70fc25015ce3d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c48e9a0241f4ebb70ae722120ee0e970

    SHA1

    82e33bf163b67b3d02641e970a6a09fe809f9198

    SHA256

    c2d072490a002b906c5a3ffa45bd9dc65cfb644c4c3b5c631d6fdc8c16c34973

    SHA512

    e6e3724d37d500cb3c673e16777e375d8ff863014dcd204927b31737b405227b4341a84c0d279d03f24961f7ea681d218b2a34e2990c2a90d474e44946a8d68e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9894cc039861cd21a08a1e3bf6e84df9

    SHA1

    3c5d07bbe5a19c83c05db157a930da8a0e950285

    SHA256

    2c41f48fb9e84b5160ab11068084aebffd5a2a5a0031ff623846d5b72abc82ad

    SHA512

    c3397d82e758528162d76f9b2ae3d7ba5d85caf1288f4b6ee6144ae2cc3132f6a676c401690fa618ad68a7abfa8ea747923e324fb1f8e5398d33662d7d622d37

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    413225f068e323f7530521b5383ac855

    SHA1

    85c98139fd423e25b2618b742e71b39405796705

    SHA256

    97fb1b74bf7e04542423356020b3d10bf9ff8853b05d1f5f7e25c1a0563a91dd

    SHA512

    26bbec2a17550a3a8de835108b26fd71020a741173cfa47290e12a47f2f92095cd4d3f0b21c60ba231f657580f782216b9f3eea63e333a4d7c1a599fbb36afdd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    78eecaebec8cf019c6cae67a2bbc66ff

    SHA1

    b505e1b2b5b851fd50011980e709f93a106a3206

    SHA256

    a9c54e7063751e448e995427530c0e9a8e60c66bbe9ed92a800f15dbca2aad62

    SHA512

    87bf3b02c80fd62b2511688c72a1e8d20fe5a28615714306616db32aa3b867d212322890da1b01c577f02b16ddd2b152ea467a3b3847c83f6e7f15d03a36f095

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    802defaf7a7261e02282d5c14082c9d4

    SHA1

    a7cf1004ad0bb6cf52ec927316116f1798e024dc

    SHA256

    331310b14ce7ca8e82b6bcc908ae6d1a22c9555116bafd15b96fed7c41a92d5a

    SHA512

    260c68a072f300679750c1d69f5f6272c4eb8c64072983236b3ab9c1d41d84cdcc6867f159123acb56bbb82bb913b4d8cec6739d47ff9c935ac2887a6b980060

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    323a9e9024a2d4672918b29c7f5e53a9

    SHA1

    d2c9bd8070500318c3bc43944965e197cb9880c8

    SHA256

    ad53cf569acd679070786f32cd272a96ef58f98895cad29e791ae386f48dfd09

    SHA512

    335264ed2f4ac4cca8d6e98d7e94de44548654398d2189743616a65fc89583f742a18df23abebed8c468e77c7dfee10b3e3117ed3271dfde2f9f13549c197e69

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabDBB2.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarDC61.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit