Resubmissions

25-07-2024 12:12

240725-pdgabs1dja 3

25-07-2024 12:11

240725-pclhnaxgnk 4

Analysis

  • max time kernel
    361s
  • max time network
    368s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    25-07-2024 12:12

General

  • Target

    https://graven.my.canva.site/

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://graven.my.canva.site/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2336
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2336 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2092

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b2b06817240ef1a9fa34989731c70278

    SHA1

    cda00e4dce6bd7808333dbe5f54e5b7a0e9e326a

    SHA256

    80a877b12942b8d39682b3d5485ab7c7f5e4cdb5592f0bc7c0f984dcc15c6b94

    SHA512

    5136dd59060327bf6941f3db57b584f672fd4bb6bf9b70097d2ee9415750c8b5f6dcd8ba93733aa2cff7c836080cfe432d4d1e5f54908b29ffff557367e6b16e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1dd0c509343f7aeeee6c3ac475786edc

    SHA1

    2011d7cc0997eb104245dfba528b43acc9124be0

    SHA256

    2751035e3c1f6e359f9cf973f2ec26cb762c96ab0de564b56458f226440a1d9c

    SHA512

    9071d00901dbd4b360b053436773c9e0c108858a0a9b29e57ef0983f97e82475a406b38bc4fc9f146b329f8a0842d4dafdf6c86da901dfa72530ebedb2093c20

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0be170b3e458bce969eda190ce8098e2

    SHA1

    e28f0279f55a61a72c56c9703ec0ea27e01740d9

    SHA256

    66838471a49381b1d1ae629de037f5990bc41160e47ffa7215ce9f221d2c1126

    SHA512

    9cc1ec013ebc80fa6e0122a37f55e3d9acdb7cc21d7d1d42e713c819ee7b2d337dc2107d13b6f54e36c36cad1b5497ef040e68e09f65debb1b090d5f288835f9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6a1f38c0c67c5864d414f1b8aa976d2b

    SHA1

    ba5d3ea39045e410515824166df786a9df2d350b

    SHA256

    a19c4165087471859d71311769b0b17c93b41368539faf58eaccf32970f9b183

    SHA512

    83b478c2574834ab53ba11bd6ab187ac45d8ed364b8c0f1ce7103edb87cc9eb65b5d16780c9773c57deda809383b5f5ff2c03e94d33e6943d5dd6b5ebb1d2755

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dd432114b816bf363a3b8556c412b74d

    SHA1

    0ffa6c952e469548e8ecbd5195133f6b9bef7c29

    SHA256

    2b5aa303e0b8bc108fea75c0c577ebfd7bf2ebbc4c8e38bcdb4b550bccbc550c

    SHA512

    cd878c44396004b400792b9e4c45881de6645e6e6fd531d857bb2b2c9af58f14b8723b5245dfa524e3dd39fc55a14222d34b872cb22a85e7c93890054b55b346

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7f55a06bb55bd3c5c53a299608d5eba8

    SHA1

    bbc9b5a3cfd75c1edfa97dfee4807eb2651bc7c2

    SHA256

    203b1f3f3304d99b1f303bdd594c7952192bccfafbbe2d3200a701a298b191cd

    SHA512

    028ae8908b5183c55be2bad92ba3e53143c61f568ff43d85e7c018c6e78dc5c686c654b97e101bfcf36691833f183738b94072cb1ea3da49ee6040947e4779c6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e1b8a60a294b16f96557cb924f040cff

    SHA1

    4c1129df51d40737a526c76ded3c79936f36dcad

    SHA256

    723ab740f22b765ee1f0b9cec202fb3318d9b29ddf8e8c653c6355348ce4e9e3

    SHA512

    d2ba4de3c2f3bb58d0a1722144c185ff0a265a9abdfaf6e89c82ba70f0d547be8fd218afb35773e23d20fc3ca6cc07a0fbacab2c5240133bda6e9db590806939

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6e37f800c4e4fdf0aef85e98ddd51fed

    SHA1

    d4f249ef9d66809c2f3ab32ee700c4817a27a720

    SHA256

    eda2404f46e879702905b4a01d27326ed963479b3c7fcb3cd2fecf2a4e381a7b

    SHA512

    18895eb44f257599945406169878b8890630a1cd9321a17fc020a3af02985191c13b6e36269aafd70ee13f32a8c7489af1dea725194fd74705866c834063f80f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b8fda377929b078736ec040dd64401ac

    SHA1

    3225471b017a27a6e59e6a092c1c3d86ce8e2371

    SHA256

    5d9781933c6827e08703f2a815927bf6e3c780d31aea235106370685dd117a3c

    SHA512

    b77132a9dce78de61e9539a4b965923b79b1eb1c0158a6b0f87f6f1b6d9f4f8419c7a8415031f4b0be7f83d7aff83c90a3eea063e66fe8a65bca7104296b026a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    61880e554a9ca0db55a8bae9dc2b9ca6

    SHA1

    712306602fdf86f7d84356da87fcdf7a472429aa

    SHA256

    c744d6d4faedc07283b56bf68a40eaf63c85c0e62063ad1ab02648109bfbd7a4

    SHA512

    e8830c66f2e03dc74e731fbbc93dc76f2c31eb7f1d4d78aff07e8136edf9ba7c82e4315be3c1eb2b89421835d52eeebc0adbaace06029c058187c2eb7e71411f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    671c6b85602f37b7cff3ae077c135c4e

    SHA1

    b94bd5e5d47c8676bc02d9a05777751f1d849cda

    SHA256

    6b1007cc7ffc06e858a87ec80b9f92d90a5c3b56321bf261be8ab190d085073b

    SHA512

    73674fe518c1142e9621a17714944cce61ba311e56f5e874f4ca833cd6c1649f1d35b2fea364f8b89bf0b9459b2fff092bff3693478c9662c877b50bf2bbbda6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    62f002d30573c7f0578fed696b90bc98

    SHA1

    6e07f0e64510121bbb0aaef6beb590da3cc0cb81

    SHA256

    39a520fbc86fdd35e2ff49c7b13d5694dbeb3be5e484103c66e8963055d3b97f

    SHA512

    52819c6008408fdea94b76358f814eac1eed84a9fd601145977294f481ea9dce3688a2f76ce8c8fa8da7e3b92b96c918fcd4637b1194a7c0a516772d8f04dbbf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    306e671f7bb1849b35eb51a9b74cf610

    SHA1

    8035b3b0d05f5ef09be93f206ed2d547649caf98

    SHA256

    eccbe998656f77eb7afa320afe59dcc1e04d53ec20d5eb1ba4e1b762a66fb94e

    SHA512

    d767fe34abcede9d81ff5bc579f1fa8baf8eec31d4edb1fc288016e117c24a8c9adf6d95ab2adb9ddc309ff7903fe8d33960d10f3a18badcf8dfa09a30efe1fa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    081f7dfb011d1dc32a2a82c111b42cd6

    SHA1

    55169ec942b89f7a90ac420c77dda4f3f60ce66e

    SHA256

    41a1ae8e1836348b8f85b47e2eba7d86f3a333698b10da2c9ffb30798ec12fd5

    SHA512

    33288795c0ae6155f577de41b0702cfcc1f284d9beb3391558072bd8970e8228a490564c73348882908cbc180ba9b1b0255b29aa04ff3897970882a1de53c9b2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0a8e4c1149872b71d135def6add52d6c

    SHA1

    877997eef42866253b8e49b2a7868ff24c409546

    SHA256

    0d07add13858310b15b4c8b24551e9019b472556b04d0bf8d52b9a55ba754e3c

    SHA512

    828b9230446ff6a51624f6ed84e0385372e15b652811c3bce6e143ce39cb30cc8888656833ae970df2a320b3cd96f389b650bc2f1e6901342bb556bc4da91202

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b1881b9e6c523140de86eafccda4a04d

    SHA1

    599779fa7324e344bf2ac8343a666e677c6f940b

    SHA256

    d50a1758377c4e4e75d5d73552c555fad48aa77edaabeab599ca93e3bd1d296f

    SHA512

    a5b6e58839c9ae19d855f93862e39260afcd7ee31a8308e867c8a2b15a7339bd42e6d9a54467169d4b5fb853d1878ca92f3bdcf9ffac18a86b772560fa12c714

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0c782dba666481f252f22e54264a53e3

    SHA1

    03d522fcc9cfca6a91e48bdc6b0aed29f07ac5d7

    SHA256

    1a97b2f65ad52cf881dde5cdb47587ad29247796a70c8d1d67e2fb82b262a066

    SHA512

    52229090cd0a40edfd745e4e2074dc326802eaa6c0b114a4b1b60a8994ed657cb2ef2976cfd8ea0134aa0065fe24fb2cd986aaf7fdaaf529080c7602f4d77dee

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    109441a8363e354839bd6483a8b2f310

    SHA1

    00a76af8d208a2ca354129613a42cc82cfccb912

    SHA256

    d86c14db490a31d35dffed6fd16f0e82a2fa9660c06bed6f5d98dca94cc1b76b

    SHA512

    8df5919791a6fd538656b95e12c22957403e387802d8a2f49b28c49b5adb412304daf55b9951ac616877eb97b0c5e7e67eb9b08c28ea5e1d65acfb1a7318226e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    74977871ea2a08a91eca82a6883a1603

    SHA1

    5557cc3c3f319a7836e54c31dfe33b843f8d7b90

    SHA256

    924f28abe225e895e332b0b4a7a39afaa221a3df5641e1cb6ef2a188cbdf469e

    SHA512

    9af1da2a8447d73fc2cc66b33879dd90d8a5ba86552c3029152c19ebea3f07b0bc9c50f67c14d25bbe0c4165831ae238e5eff10502adff8bcce2149a627c4034

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    17a69c3287a5f83e045e96c98b7914f6

    SHA1

    930b538a425b3325a7b8b3dda815c21145a07925

    SHA256

    53df2d85ab992087d210e1189993f6db13ca48f4bd7a519e6baefb658e4a0d1a

    SHA512

    c149134cc18f9df9db485e55438e4f41bd3b8ee12e0e96ce9525928d07fd6e6ae41a74b94c5f35b7e53f4cd718b05977ae6e2039db833650b61d35e06d3e827e

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ljg9kkp\imagestore.dat

    Filesize

    534B

    MD5

    e7085e982f59cc8d744af0ebb9eca2d6

    SHA1

    1e6ff8f39858fc849f0aef1f400ce6ad913176e0

    SHA256

    89cdb894260f008ce5eaddff824899f9e7320e0a3a77e18c8c869f0af79022b9

    SHA512

    0a74cddd7cd0da6df80430ebf432970837c1158748214569cd6844f5202879875a452cd0fae435801ac8a70fb73cce0675f53f5b57f551c545f68d80a387d20f

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VOGNAB2O\83b37f2dcbb18c810da7cfa915708210[1].woff2

    Filesize

    31KB

    MD5

    a6d71302d385f7136d0a273e2a238aa7

    SHA1

    da008a4702d5ca562520197c1f8532e7f23a4cf8

    SHA256

    37a4c2a2e673c942a26562923f2e8463660defaa568b06973d73ee2512189205

    SHA512

    874bc23755d6c43d08c7baef7eb964112fa93944793c99dc49b6d89ad838678dc62b18446f69bbf264173ed11f76fb02ae9d8e1c63a122cf546823372f79f9c0

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VOGNAB2O\8f7934b3d45567e9cf1f541e008969a9[1].woff2

    Filesize

    30KB

    MD5

    3807552d3159af9d0cced5dbfd5dfa15

    SHA1

    da28bd845851f7f4d30764e5b511239c8eac5451

    SHA256

    3bda2b2d1219e31125f948d0e43e3d45980db9184b1224e08c9ac0fcc871dfbc

    SHA512

    dc8b17543e692661f132726d3c50a64dc428cb032f0632c504048883c9146ef6486f2650601e69ff0564f3b2ab36a9408cc87b0847b4db011447dde29ae323ba

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWMUP5AI\26387fa4f5b1e3f7b6217b27d79bf264[1].png

    Filesize

    358B

    MD5

    bd1067168105225d34d0569ad3650ac7

    SHA1

    0100f6ef1570d2dbb0edc42597289d3f79e9be65

    SHA256

    05a74cdbeb505ef24a44d7fcb2dc421a7cb67c2eb1af71d06fe015493cb996e2

    SHA512

    9772aa6b8ba1ca8ead077c32c29e8d2bda6b415ecf87e37fc3e8d073e515c659af7e5acaaa3e20c8a7787fd0c90bb1a6d1e5494e2398f4a87e235384c795d7b0

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWMUP5AI\e005df7c7c34fefde116ba9b5a0e51e1[1].woff2

    Filesize

    31KB

    MD5

    07b6d4465fb65a1099c92b098e81b4b0

    SHA1

    43a55f18b46a3496db09089a70a4bd008d90c650

    SHA256

    0155463e0fb522eea924d82d910e9e0aacd52bc0626daa8ed56b43ab7cfba87f

    SHA512

    826603101ba79a9fe33198ef57d951b829fd8adbb8d44520c712b4b01efad66ebf2026666609fd02556198276d88de8cd17bcba0379fea3c98099554de2fdc2a

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z7V06J7Q\9340013c7d177c83df1edab0cf96ac10[1].woff2

    Filesize

    30KB

    MD5

    27449286fd05812a3f253c751e54d3bd

    SHA1

    9c1d8ad51644e23bcde89bbe7403f779dc132a3f

    SHA256

    23d7912e30cca1831cdf2e9270ba71f9a540e37f3dd989585df54e7906537e97

    SHA512

    8f31aa202971f4267304ab3f50828c81b9810dfbb002864ddafe39827500b83623e6e6eedd2b69791cc17dd5a3bb1e16aed0bc9cb0272b752c17511c1635e25f

  • C:\Users\Admin\AppData\Local\Temp\CabE3AC.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarE3BE.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b