Overview

overview

3

Static

static

3

6524032e72...18.exe

windows7-x64

3

6524032e72...18.exe

windows10-2004-x64

3

$PLUGINSDI...up.exe

windows7-x64

3

$PLUGINSDI...up.exe

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$R1.exe

windows7-x64

$R1.exe

windows10-2004-x64

$PLUGINSDI...Ex.dll

windows7-x64

3

$PLUGINSDI...Ex.dll

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

1

$PLUGINSDI...ss.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDIR/nswg.dll

windows7-x64

3

$PLUGINSDIR/nswg.dll

windows10-2004-x64

3

$PLUGINSDI...e.html

windows7-x64

1

$PLUGINSDI...e.html

windows10-2004-x64

1

$PLUGINSDI...w.html

windows7-x64

1

$PLUGINSDI...w.html

windows10-2004-x64

1

Analysis

  • max time kernel
    110s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    22/07/2024, 22:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/welcomepage.html

  • Size

    5KB

  • MD5

    4df1fdae99a99c7a202e889dbd41d33f

  • SHA1

    0bef5beda262ac4c011826ef65ef65d1dda5f5c5

  • SHA256

    f5792ef5d085448c3aedb3a5338c1599372bbbdd18012c00ef36f198fc910fe8

  • SHA512

    6471a002a1215f4c74dfb9d3e75815a21d0cefde0f25c1223a8cf7a70cb0edbccf8be54f08008a88a13877987fe29f855bd9b6bcb2fc22b355acb57176eff87a

  • SSDEEP

    96:SI32bJiWEMkTSf7qOugnffDbhIDbbE5zDbnwEqqc/zIxG1DuspXqN35yN64WVAPt:SI0iWEM6Sf75ugffDtIDHEBDzwfF//4M

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\welcomepage.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1996
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1996 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1184

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    060590c5886305d6b9899992cb67e16b

    SHA1

    75e459b9926e3f0a47e5367c0d43dbf3575152b4

    SHA256

    d5803977c04bf48a9a001cb7d27fda70686fdd1f5c8bd6673c190110d6dad3ba

    SHA512

    537081234a5ca8475736dc524fe6a0cd5981599ca8bdb46a6f084090cf4132e7196bf0d192001ad3b867bbf3206cd8db1d43299cf0313698cb4427ce09c3ead3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    acad1a322bef6ab6d5be8a88dc158dc4

    SHA1

    a2b05470217bfdaaeb62c68a0f1d84f8342dc748

    SHA256

    b6738aa368c2fc14663f60593af49da3f2f741b8f9c892f9d98e7d7f384555ff

    SHA512

    341062cdc7b0e00863581b6782003a9764ec6dc8ebdcf5a023ade723bde0b1260e09a7a5b84156f090ca5d407f771ed8553ddad647e5aed87ed6328c57a45523

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    53eda1f0ec99145b46cfdd1e9dc7c126

    SHA1

    bd1ae5e0eb19380105aeda17c23e8097882aa403

    SHA256

    ba81f0674f7d72cad45d7ff7882cbca0c3183726ba77c6436734f59a28172499

    SHA512

    746827aef0516c5e702fe1dc583264f20a52e7d0fcfc89cab6d291df99fb262fd101bb1c0ef701a47cb320047a5aac87987b6d2d2fc3e25cdcdec0028afb2e52

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b2e41226dde68b031969b4841c45282

    SHA1

    785a6056c926e7f2b0f4764064a9598860bdd010

    SHA256

    40d8ba45c28186a2e8e11a875e57c010cd0c759fc7f294f15450d9ecac67ed06

    SHA512

    3c8609c359601a2150f39e6000ea3a1501c1b7d4b40475093eb71e0b7e3f837228407f930e8e4194389b05c7c24bd479addbdabe219367359934f51826477599

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1ba32235dce785a84691a5ba32253e28

    SHA1

    0ce08ba64582ba18878be1bfea8782a5837e4f1e

    SHA256

    e50f72caec093418ac2990a780eb1ed3bf6b7fd614bb24baad40e2a92a4cdf1b

    SHA512

    c88c3428a5a55af3195c9881a9d7bdb778ca567f2ff575a8f3eda03947a2213d625fc8205286a4d5d3545c156f0123f46cf99a7af8592bd29d4901c4a7357fee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a202bd90772081af9c680d6d79d87d18

    SHA1

    c5e88a3451d9d0105e60f264a847a00702aea98f

    SHA256

    5514a43189dc26f6241673ff96c8b92148704b61ea50b8d173114a93f6b6148e

    SHA512

    2e2ec718e176405f41ecf228a7a4fff3446cc230228695c5d4d4b017a0c1fd1689182b7d6eab52df2ecf2734dff7d2c88782fb1680c8a6e87e5c6181c3b95626

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f11ff792ad2422fb8704ef83d3a9b437

    SHA1

    5440901128c13587623a8e7e028a51424e8778f0

    SHA256

    e9dc316379ba111cd091fd50b36b915bf7e693e64195e656b626e06e88dcde5d

    SHA512

    4987548c8047b10f40593527bc36be1e4ff776e146b19f4ebc26f6b1f3e5a7425317530833cfffbc68603fd256891d184f68b5d4512805d0490180ed29da868f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0eae62f31d900c32ca8006ac6d480f47

    SHA1

    b708897955875e04af832fbce24a67e7211b46eb

    SHA256

    2e4e4d649c6a27b8310bb989dce981c11567eb24f26636608c70c595df2b294f

    SHA512

    4f8e13bc6958b6f91ee38c36be233edb592489d9669b366fe8ca21694c9062e4ea3cfec4b0ea621654eb4d3db105b01926c2dfb864c799685f521e533e23095f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ef7f62eefab146ead8d49be73b157087

    SHA1

    a23579c4f84eeb93e05a39b3011be160389c8260

    SHA256

    c2ebf76749b32c76c56bb336fd5b929a7cfdb9a1f68a363eb6aa20973bb7f86d

    SHA512

    e819fa67cbe5bb1fbfbbee0a76f1105fcd6202822e021df3dcd89f22560fea956e5ff5cd3ad586543543e5e0645df464cd9549bf3ead0e00d846b3d7346f2b97

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3C65.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3D74.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit