Analysis

  • max time kernel
    134s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    25-07-2024 16:07

General

  • Target

    CdiResource/dialog/Option.html

  • Size

    17KB

  • MD5

    1639dc3afebcb77a24f2b76c060681be

  • SHA1

    4d5be3e3eab978f344602c9e7f8a5cf981ae7fb2

  • SHA256

    1c33000a9201ab7f6fb76a35adecd1a3b4a0ab7e21d4adca9b7ce47eb0438eb9

  • SHA512

    badeefa30d01331fc8a0ccbd1478ffb265c602737c341ccb3acd33484bf4e622c27cf4d0896550e3077313b19abe4c127002b30cd8ab57c30cd1d84fd9cb798e

  • SSDEEP

    192:u6/T7J+jh5BOfalBZOlVSY7SM+UJBRyHyl:uw7J+jhfOfXp+u

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\CdiResource\dialog\Option.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2852
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2884

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    495c7d20165de2660c99da123059ca0b

    SHA1

    83841a722a6ada80c14cc83634eaba97bd4dcbbf

    SHA256

    26db2cc6a234564b1fc0024b9d504c2c5c11540d99b888e89e78fd9cc126f0a7

    SHA512

    ca779fca0a366988b885ba8b3c6d2f7c8bb2268479f14718ef239cca1cc08c7e9872e442be74e6c39b9eeb89c520ae1a27e6204ab9aed049b5af633b759ebde3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    97a98753a2e7ef45e5aea0ac70e1101c

    SHA1

    30fee03a78ed87993de725982c3766a7da3f5b3d

    SHA256

    0734439576f41d9138d31c356d090777740dce63ea0de02b600b8a023f59d820

    SHA512

    528071a4391a0e5a3bd4924edc1f374e1c6539ab98de35dcf56b1003801bdec9d9ac63e24ba3c4b94b1563b27999afaaa655568cd131d7d1f437ce6599f830aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9917e10d59a7433bad175e5357ebdd8c

    SHA1

    27543975635d66531a3ca23e0519027bc4e3b5ab

    SHA256

    7ad1f93a1061fc04b591fd5e3ec048e264e59b9ccf6489f4fedb775aa13ba59f

    SHA512

    60b714804bed00a192665414e8316669f5f5dc0b5e52c405a954adb0b749df3d3b4586dcc224c823a666d3948437fb79f5ee7a0217dfab5cc5a787c48881b18e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b6f38241a2793db2596cb9e25629abc1

    SHA1

    ad831b3abee869789b16ed6fbd9cbbd13f7e94a4

    SHA256

    1b891b40ab676ef3f6a1099872a6501f898cc982935bce486890991a93480162

    SHA512

    57fc7cc258c8fda54a9a12f5d3f0d462f07a8591b5482be0489416f1f7fe79b04d83b3fba0681e277768b12af699da48e35717b8fe34c2a0c31483a159011ead

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3631129cf3be6a31f136ffe4056bf191

    SHA1

    6b2f752498384f0b258d7260e51c614973adfe19

    SHA256

    76a7cdd0ba2121f564817acddda078a7dedefbdd2174d6a6bc4c82131d7c40ea

    SHA512

    68a69f9d844c4db67dbf11a3c26f5244c5fa4d073e6836b4c30e498789a4219ac03e832759df08883265bf4da49d13bde73ec51d575b0bbefaae0e632eaf37bf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0b4cae9603d51d703b499d46df212165

    SHA1

    e3cb4b157de33157857874ad3451f4ae1632c1c4

    SHA256

    c586f9f8e073f40cba65caaa3cc9d9e90470fa53ebe0f15abf3c876e08d70563

    SHA512

    c5cdfa669bb8953c1a627c13a93dcd6baee99edb34151b9797cf2931b3ab4903d93dd1663a62b8353c47d080e292f1c8a9e29ff17f0b6099e389e807cb98f100

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8bbc24b822bae647d82dd96c4f8221de

    SHA1

    673829da78b6d3b537f888718a8aca7e0de6858c

    SHA256

    424eabc606b508f7caac1c7c9edc7ffb46688328f2b9a75f21125778f7ef9b51

    SHA512

    967d3cf5847e554ad700c6c40825445e0860e8845bf588ccfb90f7bcca9be0adfc416fa06e94758455cdeac8547cd3ddb09699fcc53994021118a377c97739f2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b79ba480f2daf98bc0991fc243ff780a

    SHA1

    2bf5c5efc2637476429c56955a7d0e08e4d4defb

    SHA256

    0585533489bea11e5c8dac3186b9af9dc72b4885a5d2b6c9d042071e45011cf0

    SHA512

    bf49913891298c00bc3e2f4b2fe6226ea81bd601982e1367d4ce8f44862b921a069d91bef6cd6e0f5e5fb1fa73024b37dc121aacd19761efdc9dec1690c9b74e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7124acae85557720d1818a42e04dfcfd

    SHA1

    9e5b40a5d0189c82f88040149e9d4451d4597192

    SHA256

    78ec8974be8ac25c2a0cd26f27a9ea5e158b0d65cba0f8908d3f165d44c1b05c

    SHA512

    144bd3ba0ffaa104909ac7c41ec2f5701d1c0a61578acb177bb90e124e1ac2344d69ea4cdb8d6a0d5df5fe30a1af116ce4a6760fea8db5ced72fc0f58a7ecb2b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b046445ac2393106b89338b2d7c758b7

    SHA1

    bbc3428db83bcc14fcecd6f859212bb762523c66

    SHA256

    d48283ec55755f5e03a7b9e0833962e5017ff0fac6a152d1a077d7e21088e2c9

    SHA512

    86c27895ec1ed4e40d1320f84991860bfd46e68b29ed57b46b62e1bb6cea75e9d023fe1b7f35a815981b89002f878cdcbe442d033743369d62ce7867968bb855

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d6077fafaf9d3a27c0d208aea42c34ad

    SHA1

    0df3d9d63a87007a1fd95e1204407df6ec7ed625

    SHA256

    0dfbdadd2a5a2719b84dfafddc0e7789c0af9182a024b22b9a673bb038b3cd80

    SHA512

    2e294ab05e64ea24d145c4661842e9c056159fefaa58f6e22bb245cf198a62243c7a349b6dba9fc15ece31cf47828cc3cf8bac04f0d4630c2dc8f63e859e1883

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    03534def35bb27de41488e7159fb4ffb

    SHA1

    71c0161056fc77e74b59b5f09e22b752d2cad94f

    SHA256

    431a5add5a321d8c0bd840d6e20ce633d142580c5ea5c3dbb30b6bea89db36d0

    SHA512

    3ce920675c762aa214db6e8acb3d311863b2d64f18423dc57d22a6cf3f0364072af4be0943e97ed7336ee4450144581ffcc57add63d0719aa3d21728abebffe6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e6c57c4f629828493234ec3a54245436

    SHA1

    ff249c5206b59315e0554ac1e446b4544f6a5e49

    SHA256

    c52f2d446ecf75e3e3f5ae85408b1c770fc19a0fda33564f8eee1a8019326674

    SHA512

    0d93801d0aa661b384f659fda8e55274cbe508d63f2e51f0091ff467f0e68def9e2bef2556805f72f7992e537ad53e3c96a2fc31a79b35523af7e340bbbc4416

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2a493365051e181d3cd55dbf42798ea8

    SHA1

    a6952f433dca8d27b03bcca4bb9a17729e11ecb1

    SHA256

    9ccdae026b5509851ed34d321f407c503e017a08cb2edf58f62757bd48140ce3

    SHA512

    3da48987707987f2b70d47087b8f267886219bdf73943a31313357b7f5d490185e9d74147c8a4cecaa1077e10eff41ec002b8877a65176d2adcbed7f6f2a2bd8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a58778aef3edb21f6955d803f326c8c9

    SHA1

    f36116bd970c68dd524b5cb03be6a1f19448e996

    SHA256

    dea19ee30773692ef695d20ded65d9b2e75ee95be06de1d55f59b40eeb33546b

    SHA512

    6f7657f714fec08becb7d825ea246e47b01284dbecd62b5120285cd70246a9299067da50c7e27a002c36ad3fe102ac745a02a94f7841d779ae248335cd9181f7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    165ccdc281d9c7c5166de79c87037bfe

    SHA1

    93c98c09c7582c5348a237928e82617faea2e8f9

    SHA256

    bf04b075ba2de1c13f2b4640a9bf164c280a5145c0f6298d410d2b81b1db5b9f

    SHA512

    f5b7672dfefdd2f1d4cc8473f73131acb36cf41123a10216a36708892a6f96fb52a0476e805aded8da664599aa88448a576eb6c7301713cedd4036c4034abb0f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b88f19ca0affb04cc4cd8dc2ca0840c5

    SHA1

    c8d059d487b04f7ca1fafe45d77b2117bd3419ef

    SHA256

    f1ee33bd4cf615ad5e60516fa6930afdf06a3fc0fc990ff5068dfde2945435a0

    SHA512

    f51c8cc518d6989e4c11a789f438809410107f14d33627e69fe805133825eef3981a494c97ef308dfe5e9265b5e195fa85022013b579a3e11c8ceba18a2e98c8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    96417a431f68eab02208ff39e8e23d24

    SHA1

    540f625b1f9742e78e8c3fd1492492a8f5e631f5

    SHA256

    4f60e2963562f5ae85c45aaf2c1a98a9fb0dccac9282c6ba11f1e68899746f14

    SHA512

    33be726be5327309afbe2f0d9eb18577d729c3ce0a34503647a1e8e8ae3842edf1889b56a2a427bdfb0ed0c89f78a5029ec2b6cdf369d49b390869ccb57e681b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    30a25ac610c3a5a36fb85d6fc7b7dbac

    SHA1

    fc46732078a3858dd97cd3eee4f9280cdce9ce20

    SHA256

    41563553361671fc0607726d786f0fe28f51b46074bbcb2735cab664fbba9db2

    SHA512

    b0d175b512778c454dab19aa158789fc9a157b408a6e40e99e318148a1797ca5bcd9540a4979f728cdbc57fa77ad229681f26e9fb2b2021cacc6d8a3ba91cec3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5b8d25b0db6ca296d81d39adaa082dc9

    SHA1

    daebb595ccb3cce7b0b52fee49bb940a8d9a5877

    SHA256

    4b6ae90d50c14ed8b48c0c42e6c19e1aa248e57e2faae0b5d2e4fe96179e8b43

    SHA512

    ea6729f75b7c42aa3712bd6997abd78e339df7c7bedbff38ab3a34a2a6b434149167c6d1537c991ca5e2490149ad69b9ac2051e70284e53825ee736235753e88

  • C:\Users\Admin\AppData\Local\Temp\Cab875C.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar87DB.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b