Overview

overview

3

Static

static

3

61a5f3aaf8...18.exe

windows7-x64

3

61a5f3aaf8...18.exe

windows10-2004-x64

3

$PLUGINSDI...up.exe

windows7-x64

3

$PLUGINSDI...up.exe

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$R1.exe

windows7-x64

$R1.exe

windows10-2004-x64

$PLUGINSDI...Ex.dll

windows7-x64

3

$PLUGINSDI...Ex.dll

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

1

$PLUGINSDI...ss.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDIR/nswg.dll

windows7-x64

3

$PLUGINSDIR/nswg.dll

windows10-2004-x64

3

$PLUGINSDI...e.html

windows7-x64

1

$PLUGINSDI...e.html

windows10-2004-x64

1

$PLUGINSDI...w.html

windows7-x64

1

$PLUGINSDI...w.html

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    21/07/2024, 22:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/welcomepage_noadw.html

  • Size

    5KB

  • MD5

    503788b7c7fc1e94d3881697dc0f9455

  • SHA1

    c9710548dd90191732aa428957988039d9014ced

  • SHA256

    bff319cb4251e23c995abc742d926b7c85b9798783ac9dad8e8cdc274ede423c

  • SHA512

    138f60cc8d168004325dcf2452f24fdd29a3fddc6f693326d01c614a6638c1d40ce9f7b1766b9440de8012d05977adc0f2b92eb02aa76d44ee7dfbc99cd24748

  • SSDEEP

    96:SI32bJbWEMkTSf7qOugnffDbhIDbbE5zDbnwEqqc/zIxG1DuspXdNy7Pt:SI0bWEM6Sf75ugffDtIDHEBDzwfF//4r

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\welcomepage_noadw.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2280
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2280 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2176

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ced4f169dec19f366c459ddd468ec3b8

    SHA1

    aeb68c385fd94296baf93712713b2014f26c6aea

    SHA256

    5a88c11c598d8c1012275f2bf5014b9ee34e14fac06b993faa749fa9150ee2c6

    SHA512

    20185daa89a0eabc9bcfb0157dc5c2bd840f816e03be237cc90992e95fdeccf02c1e8301af80f17c919e9d4067e6136158f318ee36135ff65532b27e8f18fa7d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    83a5a419db77ab282e06197924844c56

    SHA1

    489c67f132465c8fe6036e6bad5252d9b296003a

    SHA256

    9fa20bf385e2ae262403fd9effac633249f2f798f447749e22591b65201e40f6

    SHA512

    d72e77c1459e9cb14ff985a850d3646f7427d1b9b525cbb78591bcc536dd976e7f19e7a71868994da2c089f45cc0245364bdc31d49ab57ae320263a71e810019

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9cfad510542d9a50147aa220d116ee47

    SHA1

    b6222bee40e8ab0b07543cf8ce87104426437f59

    SHA256

    1693a23e8eca405bb8b955d89d93172c469171de2c84d1bb835e9768c8d1d9a4

    SHA512

    9798b4e7e97f6c9234e0c1bcc8193b2fca501e181c927cc51cd006dd17f48416166179a52d520e3aa291b4b6fefcadac2bd1cde1b201d560a37aa646e6897ce7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c90685af5f1cf6fe2dee97a0b9fb8a4b

    SHA1

    5508d63d8b533c7d5f129d61ba81d27219fd0871

    SHA256

    f55c2c5574200ce71026c997f6786ffa2d919c3fba94549e3ddee3639fe5967e

    SHA512

    846768d27440de11a26cd1538dac6b93176fb4094e1594bdfd59c43badebd6e3bb8860b3e4df53cd36244fb452da917a844117a161cf0347d008172b7c704ed4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    30276f1d174a98a349c57147a947162a

    SHA1

    b02b09210a9686f326f7035f573674461864b974

    SHA256

    f016f222dd8587b6c24699007be4c2a1817fdb14630685c356735325ef7ae168

    SHA512

    7d563aab533438d1544cf0827781dd6124c91a34a2584246b2f2def8f6b876126bf6a9d58977acea86e4ef0ceb6d5e3f07a08cf45b83a6f790b58f8adf433297

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cba51f57d5c4165d93bb3476999b3081

    SHA1

    e310648b0f6baee3517e4e665687e952fcd3afe9

    SHA256

    7c4f339f7c8b62e26d59479b4a2cf20dde6113a45280f893eda02d10141a2634

    SHA512

    2a3dd93a51b2bdc6acd578e37e401aa40a64310cca803a6e32fcb24cbcd2e02a36c8f7ffac8ac5d0be9ecf83d1940f55865ca1fb5238309d7a66c381d5a89f22

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4fca67e3a8defe9b48faec6ff3f17c10

    SHA1

    ca7a856ad6aaf1501657f2f070e2ce48ab395962

    SHA256

    a79b17a8abde37f7a63e571660b21c076d87229e5d2ee3ce14c573372d6bd14e

    SHA512

    8b4916f6adaf23eb53339e4e7e9f8f8a5afba2e5bd6e81b0619118803a393e077427e01f3da740008aeae921df15faca04972dac67bcff6749e7881f1c481f46

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4da4d8e6d6a8daf1fc1f0c42697f9c4e

    SHA1

    42d4e2ddbc59d43bba11f335052da23e041f2456

    SHA256

    d2c3184137ea6058bc7986ec9f7ada4473e18c8a1da075fdec7e5975ceaebf3a

    SHA512

    b0f7901fed3cdd55f46e769ffec2b465903e9c938171947851164c39f67a7cacd7aa62d70058a4bfed0e23403492764c65e6a7f5255c9a3be8db2443cc6e55bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c0114223a9c8af302b132ff83ea4dd00

    SHA1

    f8fce2bba36607c807cfa508540dd3c81a3577c3

    SHA256

    fe7ec25f8d12015e9079b9b48c507f847eefffc0c9478c1359ba4170ecbbbe65

    SHA512

    f7b6599f702328b7625aa2dd5cf4d5e2dea9d68080d06925be20c01b0f2af70bb7cffa5e287127fcaa919306f74dc633087cffab71fa955781d0be856f9d1d57

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE247.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE24A.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit