Overview

overview

7

Static

static

3

htground.exe

windows10-1703-x64

7

$PLUGINSDI...er.dll

windows10-1703-x64

3

$PLUGINSDI...ls.dll

windows10-1703-x64

3

$PLUGINSDI...em.dll

windows10-1703-x64

3

$PLUGINSDI...ll.dll

windows10-1703-x64

3

$PLUGINSDIR/app-64.7z

windows10-1703-x64

3

locales/tr.pak

windows10-1703-x64

3

locales/uk.pak

windows10-1703-x64

3

locales/ur.pak

windows10-1703-x64

3

locales/vi.pak

windows10-1703-x64

3

locales/zh-CN.pak

windows10-1703-x64

3

locales/zh-TW.pak

windows10-1703-x64

3

resources.pak

windows10-1703-x64

3

resources/...te.yml

windows10-1703-x64

3

resources/app.js

windows10-1703-x64

3

resources/...s.d.ts

windows10-1703-x64

1

resources/...ac.xml

windows10-1703-x64

3

resources/...n.icns

windows10-1703-x64

3

resources/...on.ico

windows10-1703-x64

3

resources/elevate.exe

windows10-1703-x64

3

snapshot_blob.bin

windows10-1703-x64

3

v8_context...ot.bin

windows10-1703-x64

3

vk_swiftshader.dll

windows10-1703-x64

1

vk_swiftsh...d.json

windows10-1703-x64

3

vulkan-1.dll

windows10-1703-x64

1

$PLUGINSDI...ec.dll

windows10-1703-x64

3

$PLUGINSDI...7z.dll

windows10-1703-x64

3

$R0/Uninst...nd.exe

windows10-1703-x64

7

$PLUGINSDI...ls.dll

windows10-1703-x64

3

$PLUGINSDI...em.dll

windows10-1703-x64

3

$PLUGINSDI...ll.dll

windows10-1703-x64

3

$PLUGINSDI...ec.dll

windows10-1703-x64

3

Analysis

  • max time kernel
    129s
  • max time network
    150s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-es
  • resource tags

    arch:x64arch:x86image:win10-20240404-eslocale:es-esos:windows10-1703-x64systemwindows
  • submitted
    07/08/2024, 08:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    resources/assets/entitlements.mac.xml

  • Size

    333B

  • MD5

    9920b60c89256ceca825062dc9c53c53

  • SHA1

    0f1d847ef4067022c69fd82c135f3dfd2e4d352d

  • SHA256

    f4b2891dc2b1239191cecf7cd5b9a36ea4edaec33c1cc091e09380d669e8fb63

  • SHA512

    93ef0a66d6aa8091af3ab8af4b1ced502ded11f658aa77b6a5fe9e3d36bd5d01231060a0a656ea627c0fa32313b7a3438c75e1eb96f4f07692ee4d0f53ce9a90

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 54 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\resources\assets\entitlements.mac.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4432
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\resources\assets\entitlements.mac.xml
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2408
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2408 CREDAT:82945 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:200

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
    Filesize

    4KB

    MD5

    1bfe591a4fe3d91b03cdf26eaacd8f89

    SHA1

    719c37c320f518ac168c86723724891950911cea

    SHA256

    9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

    SHA512

    02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    f8351b4841d95da384f38561287eb8c3

    SHA1

    a13bfcca89c4a31f70618c9d0a376d97fea750f9

    SHA256

    6b97f8eb023dc4652748dee7eb07d58c4a81832485c6ea8e23af77a8ccc52b2a

    SHA512

    86dff250d8aa6e873463cf68de7206ea9c4936da514cf983e030d7ecdb50d47c23be1c736900ca74e6093a94bdd1d8997acbfe398556918a5057372c1af7f27d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
    Filesize

    338B

    MD5

    d31af4d105326c85e80df34c3cd9f6ab

    SHA1

    14367cc57e4a8e604c9a3a373a7cf4dee555cc69

    SHA256

    57e33f26351aee10f35f19290d41afeb4adc5b36e14c486242d1faf45b6f4f94

    SHA512

    34e7120631dcd805ff806c8d52c0806fc70bc4f4e08a265a90c3794dd20420561f79837c3bd733b73012a06e1425add6ac7fdd63d82abf3d0c51b71297559a1a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    22aee82af996b19aaa568fbfe268f95f

    SHA1

    4b45dd00aaeb6f32196e9a3efc4b5196b4f78a68

    SHA256

    cb8b8f8f945b62956fddbde1d967bd5a0c340de4c7341c5f68aa12de27cd35f8

    SHA512

    9f84aa7ff3fa0e9d27cbf3bd92554d0af272090c2dcbf19e3c7655d59d5654b7b90771bd85aaea0f41a2ab27450484c773fcb97b2eb41439dc211c126306b668

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verBA3.tmp
    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7GTPFJEK\suggestions[1].es-ES
    Filesize

    18KB

    MD5

    e2749896090665aeb9b29bce1a591a75

    SHA1

    59e05283e04c6c0252d2b75d5141ba62d73e9df9

    SHA256

    d428ea8ca335c7cccf1e1564554d81b52fb5a1f20617aa99136cacf73354e0b7

    SHA512

    c750e9ccb30c45e2c4844df384ee9b02b81aa4c8e576197c0811910a63376a7d60e68f964dad858ff0e46a8fd0952ddaf19c8f79f3fd05cefd7dbf2c043d52c5

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\ALBYEBMU.cookie
    Filesize

    541B

    MD5

    33f2db33f73e0af23e954ff5cca89475

    SHA1

    06e5cfb845a7cacec8d08999bf20a64df20cd083

    SHA256

    49476e5de05185348dcb3b9b7d2eeb41de1537400bf0d92c6465809cf5603ddd

    SHA512

    211b70a5e317cad3553eac6d0fec332911bfb460a8325374c228f5e79f62ba8afcbe7941ea91137cfaebd11a7efbe94f57030285db4b6aad2ec811b279c5bef2

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\CV1579PO.cookie
    Filesize

    541B

    MD5

    fc50eb75265c9cd4b6db39b53ecb6c7d

    SHA1

    b51ff6f6b6fcaf99407b4430b998b0b7af800ae6

    SHA256

    5ed896361edc08183f54cc04a40af6ff2b73bcdd8db23daea813d2a06371995c

    SHA512

    cfa8571875e55637a0ab3d31476675861e86d6f861c8b9c173550e493d52595ffbc6659a06ce4c0d39ca372e135227fa3b5485c43037587ddae5c4e2e8df9205

    Download Submit

  • memory/4432-8-0x00007FF8F1630000-0x00007FF8F180B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4432-18-0x00007FF8B16C0000-0x00007FF8B16D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4432-10-0x00007FF8F1630000-0x00007FF8F180B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4432-9-0x00007FF8F1630000-0x00007FF8F180B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4432-14-0x00007FF8F1630000-0x00007FF8F180B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4432-16-0x00007FF8F1630000-0x00007FF8F180B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4432-15-0x00007FF8F1630000-0x00007FF8F180B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4432-13-0x00007FF8F1630000-0x00007FF8F180B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4432-12-0x00007FF8F1630000-0x00007FF8F180B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4432-20-0x00007FF8B16C0000-0x00007FF8B16D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4432-19-0x00007FF8B16C0000-0x00007FF8B16D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4432-11-0x00007FF8F1630000-0x00007FF8F180B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4432-17-0x00007FF8B16C0000-0x00007FF8B16D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4432-21-0x00007FF8F1630000-0x00007FF8F180B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4432-22-0x00007FF8F1630000-0x00007FF8F180B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4432-23-0x00007FF8F1630000-0x00007FF8F180B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4432-1-0x00007FF8B16C0000-0x00007FF8B16D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4432-6-0x00007FF8F1630000-0x00007FF8F180B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4432-7-0x00007FF8F1630000-0x00007FF8F180B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4432-5-0x00007FF8F1630000-0x00007FF8F180B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4432-4-0x00007FF8F16D5000-0x00007FF8F16D6000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4432-3-0x00007FF8B16C0000-0x00007FF8B16D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4432-0-0x00007FF8B16C0000-0x00007FF8B16D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4432-2-0x00007FF8B16C0000-0x00007FF8B16D0000-memory.dmp

    Filesize

    64KB

    Download