Overview

overview

3

Static

static

3

774fe8029a...18.exe

windows7-x64

3

774fe8029a...18.exe

windows10-2004-x64

3

$PLUGINSDI...up.exe

windows7-x64

3

$PLUGINSDI...up.exe

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$R1.exe

windows7-x64

$R1.exe

windows10-2004-x64

$PLUGINSDI...Ex.dll

windows7-x64

3

$PLUGINSDI...Ex.dll

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDIR/nswg.dll

windows7-x64

3

$PLUGINSDIR/nswg.dll

windows10-2004-x64

3

$PLUGINSDI...e.html

windows7-x64

3

$PLUGINSDI...e.html

windows10-2004-x64

3

$PLUGINSDI...w.html

windows7-x64

3

$PLUGINSDI...w.html

windows10-2004-x64

3

Analysis

  • max time kernel
    71s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    27/07/2024, 07:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/welcomepage_noadw.html

  • Size

    5KB

  • MD5

    503788b7c7fc1e94d3881697dc0f9455

  • SHA1

    c9710548dd90191732aa428957988039d9014ced

  • SHA256

    bff319cb4251e23c995abc742d926b7c85b9798783ac9dad8e8cdc274ede423c

  • SHA512

    138f60cc8d168004325dcf2452f24fdd29a3fddc6f693326d01c614a6638c1d40ce9f7b1766b9440de8012d05977adc0f2b92eb02aa76d44ee7dfbc99cd24748

  • SSDEEP

    96:SI32bJbWEMkTSf7qOugnffDbhIDbbE5zDbnwEqqc/zIxG1DuspXdNy7Pt:SI0bWEM6Sf75ugffDtIDHEBDzwfF//4r

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\welcomepage_noadw.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2056
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2056 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:856

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f381b924684a8aa80e76be72fd3a9fff

    SHA1

    402eddd892ccf2f7e8f14ab3b6574914a9b8f115

    SHA256

    b1b3c4bc35bef7afc9b85df1228cbad505711c438539dc8643938486f02f87e3

    SHA512

    22439dfca4e97c30491a99ba21ebfd82053dc24b31243b679476d7a8df680729fec825df1facfa994b85e8b14f47090d6936e62ec23ddcca662902582cc8a994

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bcd1da7e4b883568b962309e3270c15b

    SHA1

    6b94ac1dee2bfb3dca1b792cd52aa8e67b5cf28d

    SHA256

    36f5bacec63017161a04997382d3c4fb190a5baa7d015ebc426465f75c167d5e

    SHA512

    bc0a7e771b5121446ac5ad553357c52147f98c638b819cd627300d75d4bd4fab47f88feaad75bb9d1a30fb823c6e8c01658cf1c34fec2af7c66145ceed425654

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    19f95f7eed3349a18715e4bfb0070443

    SHA1

    084de0f9407b3bb2e2385487fdf4e87bb9225710

    SHA256

    3923437453e20caab14baf959c856d311fbd165a21a86ec5a5ffee56156ebd5d

    SHA512

    f9929f0d306aeaba8ffec4f73645be2472bfd3e54b1480073d998b136a8938d460e7ce67440ab531f097b0e1afb83ed81523acf4c4f916edfa7d7cd984e2d50a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    305c2bdeb1b95da1509487d34899cc40

    SHA1

    931dfcfd4971383972bea67a58651f87c2bc29bf

    SHA256

    d86b1eab6ab05da92e713eb61258101c4e7b47588ac61829664b5782eb0fbc75

    SHA512

    8908372e2c805fd18a33c4dde03132bd0f7ce42f75ab69b1671bfa1a566030a9d733240535338a0a1671ff149f27ceb49b77644e71f7e3dc3b1282f762b03f3a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    11868a4bd8bc3832a8a38d92038e298c

    SHA1

    d055026b6f6a3d7f5a888f16df23cd8fabf6046a

    SHA256

    38b19b01c1b9d07c43ebb1f6fcdedcbb07d6e659577c3f5429fd3e7967042305

    SHA512

    2ceb9508a067bf1962a95976f5ecc5a61621d4aaf5e629b0b0262df954fa645160f4ab454e3f5f40b5ae01609046ab28fb01a8cd558b5de426972a213996c44f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    100a7e44e0faab53218f526f22d175aa

    SHA1

    ee4ad8998b8dce58a3cc2e38246fb2e788fd27eb

    SHA256

    065a4cb85fb8aef1a49ab414e75dbe51991bf168530ab88f25ccb72ac0876554

    SHA512

    1140154a671e252c52d8d82310d7f308b180d88a0a2ab202c505c94c66c4f3e496a957b505f5d160044ff2293323226e33779a4eecbbfee4b146cfa36fe36561

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    52e9dace0e9f3ff2268374a19a237097

    SHA1

    3918e79fc6d36e1636113ff4e1bd375652a563a5

    SHA256

    5a36016505653e20a275302f14b99c02b67bfbfd96c516ab1ae7104ce3748119

    SHA512

    53cfa64808c693eb377dcacbf5f7613fb3ca62ffe6f578826a931eb76893c270ef4ddba647c58ccbf7c9c3b9a645f00631760b9de5486acf1af4b4f32961ccd3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2665e9aaac52fa6882ccf6684202ffc2

    SHA1

    28118ab411d76ddea8d09bc9e2478c4b430086e5

    SHA256

    a1d5d44e446a6e54f598c2f3d667d18bcd54f79773917e99a302d16364bd339b

    SHA512

    e1669a8133ad6ffb1693b131a0a0b7098b0c09ed29fa2794e8ad1241d2bfaa0dae630e7aaab59887a9f01c46aed86457ea1acc265a07fe054287b327605ff744

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4253634fb2939faac42999db5ee59b49

    SHA1

    7093a6ffcec3d57e2bd5fe967ee6bc31b3aa8e3e

    SHA256

    4220950b37112b94f83886e54b9345a8ab284d4de544ea1c0ef9783a4c5ac80a

    SHA512

    172f967026407e56b10415f6452964d4c8f0c3718de215ab5f84859058a539f4847a9d011da9bb3a68f0433605f51ec48d43077fb2f36a0608dcb138782519d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    086805207830808a19f18b46a1174bc2

    SHA1

    0e50daa55e7d69a7978fce924e1c551cf270cff3

    SHA256

    359c2462864738f4e40f0bf1a38d293ae1a163f7ef57b23ecdff3152e48fd7da

    SHA512

    eb789c7f398ef859ee678ee5112292682cb1e7d1abbbc292199be122edd578bcbcade6ce867effbcb10e614135898343ebb1d39a68f2a059c047cbd7fb66a6a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9344df8dc8c4b93b003322a93635999c

    SHA1

    c285a41dce6b25a177556abc23453ade497d5f16

    SHA256

    445523a0970ff44d416471466a14290f1fb89433fff7d6c3eb2b9bfbc5adab16

    SHA512

    36dce4cdbf1450c99aafb647c21d367c8ecf6efb9f91811def5d593e0d49a5a8e1bdd9000513edc86fdf7fa58382263b9f0bd74e05f73b3237bc3a2f9b205068

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0e178a29ffb51fcbedbdd181f0046e97

    SHA1

    800cc2ed59706514a2141fc93059ffa4e8de39eb

    SHA256

    8be4cba6d909e72a9267adffe51af566fcf0e1ce4cd9d74ae4c35ac259182b7c

    SHA512

    a732c0460aca5a3adc26e050aeb6439535dace7643f74f5765c5ef7d7719361c37a6aa1d1ce84157758fb9b8d4520266dcf6d3694d4a3cb9c3217985f4a1bd58

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b7c3a933d0e307e473eb932f61fafd8d

    SHA1

    35b53ef09fc48bc51d5af7fe5e5fea27f193cec9

    SHA256

    3ce049fc9a07ded6d1ce7ced60b2b4f3d41063013c2cbc9d508d8232c0d65d88

    SHA512

    e226aa1d843fe167ba9bf09ecfad55738a715d8f1d154741f16c992a3890e94b56856d9cba82717c48e2e8d619d90b497fb30f2c861236964a0f9324452c055d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b62440bc274a9bd4e0aa3559f4d036d3

    SHA1

    8b0f181b500b3e711f2b03a2bdbd58a23081d4b4

    SHA256

    5aa510adffcfbf15224bba3044274c30be3fda986a82b5cd07f93ba53a743fc2

    SHA512

    c7a8f2c7e6727093afcf389c111813333bef8dfa03aeb00ffb55ab715cd37e34dbf3294524bb7feea388541e69cff8eb3e0652ced95aa0de2a43073be5b10dd0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c5590acfa7b3de93b2eeca7d0b4a234

    SHA1

    dc2631ad2e18b93f1100c148e754995a1e4c7887

    SHA256

    3e311b3689623862aa52d99c0b75acebd3c26c31e9ed16b89b4210571ac52710

    SHA512

    9d4a245992e46c8c84ffc213992de6a1588392a0f5b2d88e111a7d308a7493a77cd0bb19cb611735308fc171dcb9d740c085253fb987bfdbc927092e8e9307a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aaa2cd26a36cabb4978e139b6f3adf3d

    SHA1

    0c653351b25570c85f19a60839ccea426e1663c2

    SHA256

    efa407db22f1a573f82b80ac23577d92510286761fab66669e68a685ae34727d

    SHA512

    9eaf566d5c32079c65ad421d2e7b7cd1e0c47a8d8ae6155905763fe585502baf0746f2c27ceb118965a803da2b1ea550e4d74c35b5811d4db3985dab3b69adc4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB7CC.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB8E9.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit