Overview

overview

3

Static

static

3

66d66b06d2...18.exe

windows7-x64

3

66d66b06d2...18.exe

windows10-2004-x64

3

$PLUGINSDI...up.exe

windows7-x64

3

$PLUGINSDI...up.exe

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

FLVTubePlayer.exe

windows7-x64

FLVTubePlayer.exe

windows10-2004-x64

$PLUGINSDI...Ex.dll

windows7-x64

3

$PLUGINSDI...Ex.dll

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

1

$PLUGINSDI...ss.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDIR/nswg.dll

windows7-x64

3

$PLUGINSDIR/nswg.dll

windows10-2004-x64

3

$PLUGINSDI...e.html

windows7-x64

1

$PLUGINSDI...e.html

windows10-2004-x64

1

$PLUGINSDI...w.html

windows7-x64

1

$PLUGINSDI...w.html

windows10-2004-x64

1

Analysis

  • max time kernel
    134s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    23/07/2024, 08:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/welcomepage.html

  • Size

    5KB

  • MD5

    1004a88bdeea82e7ef4dfc62396b1a00

  • SHA1

    0de1e852a8349734d726ab35df540d1a1c177c00

  • SHA256

    e3903f421979faf30a9324b35cbb4c2aadd299efa1cfb3e48446f6703207ffae

  • SHA512

    71af71c78b74d53b1ab3180519c66ba2982ff2b467bb9bedf5b410a0543df22e39c49fae7e8bcbc12cea547aceda17828ba34bc8717c2bd5da23bc0f7a7eaf82

  • SSDEEP

    96:SI32bJiWEMkTSf7qOugnffDbhIDbbE5zDbnwEqqc/zIxG1Dusp8V+N35yN64WVA1:SI0iWEM6Sf75ugffDtIDHEBDzwfF//45

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\welcomepage.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2108
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2108 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2888

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    01c07876c2cb9858deeea884647955fb

    SHA1

    ea39780ffca070456383f256d669acd71ca37899

    SHA256

    e096e1576ebb36c58598129380d98703aaed58d8d7482523483d28aa5cbb068c

    SHA512

    13461aadc22fbbf2ad611b36b84c74c56dfd86c12bf1eee4e17ee4b44ddf8ddf7db3918009207bc02361e65b13b26384f8fe034c0e99d2c17dc41aa607495f26

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9b4d23d39a09eb67886479e0583d9b02

    SHA1

    c6558387947b3fccad602aaaf013d8ca650f47c7

    SHA256

    3253d871a20a3b42dd7465364369bc4cc134bdae4740232985c83110bc1321e4

    SHA512

    54ba8933c636e584485131419499296e47b1752af29756976c01c7bc5a40bdfd6c97b7ee3648dce45313e35092ef50d429c741accc1da7800f8cb554f02aa925

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5f7cdd6f33ec72fb0b7d4fb2bc0b4012

    SHA1

    b317547075b3c83907c1796ba0908547f4c99f21

    SHA256

    9944afcd0307ff4039042aa871322e1bee0c1801ef5fe8b94461d821fbfc73e8

    SHA512

    1e3c15597a920dd9728d30c7c71a889bb48a45faf5dc3ff2092ff17304655e373c40b28b7f044588441a282a99852f3c294698af3e7d55ddd937d72bc1dfa792

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7e961cd1897bbc35590ae5f7730a7419

    SHA1

    f1d0dc835862c58187027b80165630d23f698ab6

    SHA256

    aa7929afb28067f00e38ea42c55ab774a8c6d7d5a044f929d44b17aa164d0836

    SHA512

    17a78ab8196fcbfe1e39d07aa499248b3be977ce913088faab06b4154ab81400efc52088fae1b41e5fb562592b66cd9e936bc125025392f1dd3aa2b0319003c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    78f5e09cd11cd2cd06f082a9c5490f78

    SHA1

    c5e8b00cb8a9b7fd5c78788781dc746543e7018a

    SHA256

    a079650cfba4e0c9df7187f0e0d8a8af239ad09b87033af98230dd72b293f0bc

    SHA512

    41c7b5dac25844db8ae71ca509018aac9e2f405ac61d93ad914c5090fbb7cf1f348b03866b9abada5842d015ce00239a8ea410ccb8644d7a8d460d8eee67c051

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5b4be2a7fc72ba3c96e48846399fc2aa

    SHA1

    3244c9eaf4f9e91954a5edfe42f39f4f1e456956

    SHA256

    62ec359efae55644dce3d45aaa5b404d139e8c9a79ebeb4f892ee0382fe03e7b

    SHA512

    67f5854955119342618b9f7b543ceb78621289205823ca2284f61cd5f16537ceb21d63522ef86dfa93876f98d8121e45ebecdd214560cd52b72563af33cde179

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e690e05ce986857979e1e2bc4b3f3ab1

    SHA1

    7fd43bb5b7452691ab7add42b09b1ce356c7d362

    SHA256

    263d4259699678421287940c7366ffa8416ae4b62092275829549783c919b46b

    SHA512

    f03370d5ef75bd591126945121a22538aa90c514d408d114e7ff760e0f8a2e006f40bf90b5926d01f55a856c272d2c3e801cf115645bf5216b423b894dd8e224

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d9ad8e675ba1de9057b1158b2b43c877

    SHA1

    a609dd2a1ff983b773e894a9fa754aa0070fa402

    SHA256

    558592c2d3074abcf50563005aa76fe8d66dcf495bda00f2eb100d7c62d74df0

    SHA512

    bb7edc9c3b7a08f866dac968a8971416ba66812a5ee77346d1d375aa2153e24b01602335f313e9707215f824869654984c00b65e4297343af796aaa6cb0b04a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cbc794da37f3c7ffc4da67cc2f109690

    SHA1

    7b72a2107642e4e314cdd50e51a254c13225d0a8

    SHA256

    c3e7ffa4ff0e5d534e15721a89617b3fe3846c251d28c28ef41b1798c8835d24

    SHA512

    5d89ffb4574ba0aa806b96678435a8c9dc2e3c4b8920df5d11b986932fc36f441c028a64b95c8a7805866efc675ae1b202a067f9c0ecb473bbc2476da789c045

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d49f59ebd3ed440413a249abbe94c5b7

    SHA1

    d5dd2a8c8006f97f5291a0d38f0ab41bc73aea43

    SHA256

    85c249748360d214a3d3c17b7ffed6b32063ae17d71a3737f45bb34bdf47c1d0

    SHA512

    68ccc3c70492e34e03f754fd2d88a02e5ce387bc3410345d6c11b7370d2f23151dae6b468433e4a822c439f6c21fb66244c00a0cda5105d5b10cd67f7027d2b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4a27325d113a2574b8f00198a7bb1f5f

    SHA1

    c4a131f1effdcea009e073d8b688634a013b9247

    SHA256

    c497033f1d2f63936adcd2b24aa63ab703cc1c3c7fae1161c17cffa77447199c

    SHA512

    566a150d4d96fae25bf2d21356e5d072053fcd5c83c1558f32ea8ace8aeee1c2ce4a4640bdeda8394d35c00afad4a9c21cc633344a80bc7cc4188cd7da3d3469

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    01186f917713e69cebc3d9f7139dd24e

    SHA1

    0494d3f0dcf4ad1e3af7b5bc7e565518ef5270e4

    SHA256

    7f227389e29e5e2cb00ca291ab84a390006bc19a73d6bbb28fbde2962153c283

    SHA512

    63c368f443b003cfb87da4d20d2ffff281b88373ed0fa62a9bbc0e84717d03d37ea5dc5dbde26eb2b6021f817cac4cb064d928e5fbf21d3fa3727c9007d55558

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6876af8627af14ae057f910f03352da8

    SHA1

    2ee328fff997f23166c4d28c71e8c5e51b0fc45d

    SHA256

    912070835184e1d078d8368ec1f8ea519b92be9784e8a749089f834a9de7f016

    SHA512

    554273161378eafc57bdb083dc12675fd9d763b9c495c2f14fa4e70ae270c160cc4cf3a158c46c796ebfb404d322679b22a6136e9748d516b724ed66b628b4ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4eb070c17071ec0ff9313d5c31409bfb

    SHA1

    3efb98ce6d283aeba641571ce10a68760f82502c

    SHA256

    268aa3a1f2a64513ed0662163127a0d1bada30dc332693bb29bdd45849ae0bd0

    SHA512

    9606423b3f6ab7da49586d93b19e4b3e9f1b52185a2ddc4f3aeae3c89cbfd6eebbb1b93ad144618999bff95073a2b82b1d2097311aa4fb8de9f3a65a241cc1bf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    18d96b6d32544cd099b5be07ad51858e

    SHA1

    202f73c295f94a7bd83327cdfadf704ee96427f4

    SHA256

    1c83cdfc32d6eeddec813530e094511828f19f4653d071f95159191bebbdd650

    SHA512

    27be0b26cdbe7b77f5992bdb97ee332ddfee48d9dd70d0a122c676834b411a857c97b1a2342c9218f2ec95c422f0a6e58382dd11aef023eb638eb4de3b2ee63c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9a00b22a93debc9477ffd772f090a4c3

    SHA1

    e278a616b00281f33a3fb9f8ebe08ab8accba10e

    SHA256

    04b333621fafb5bbecf5d76daa1b7878f0c86601c7399fb18f073afd03ba4729

    SHA512

    9c6e6060eb79583012494aa09c33537961182186446008daf3d0cd7038fcfc5ff47b4dc40d4b58c8e35bb9627ac72f42fba31369ad5712aa1a30591718e04027

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabDBA2.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarDC13.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit