Analysis

  • max time kernel
    134s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    09-08-2024 16:52

General

  • Target

    monaco/vs/editor/standalone/browser/quickOpen/symbol-sprite.svg

  • Size

    20KB

  • MD5

    649fb0a55b0e0fc9d79e6b7872a14c10

  • SHA1

    b33619c9dfd65d3f2e5a5fcb767a752123d51607

  • SHA256

    fcc3026b97068f3d9e1743d36ca26b96ffdbcd2841fa9d804caccc4f249911c8

  • SHA512

    3fb4b07e9313b69c84f887c9ca0464e4c8d06a98a8f2ad7d0b48452d068bd526004c21633d0279b4b5e17ad882acf8c7e99b4c3e7650be43b495b670a87d0cbd

  • SSDEEP

    384:cyPJZCcKWPJuCNoSmvcar1PNY6g2HdSjEc3/WD3:DCdCNkvcaQ6x9SjES/W7

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\monaco\vs\editor\standalone\browser\quickOpen\symbol-sprite.svg
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2388
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2388 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1424

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    8a8adca2dc1aded8d66946f53f889c14

    SHA1

    5abc5413bf419b60110788e8edfe5f9b3d7adba0

    SHA256

    e682d81f800ad16394e3cab92258aaea30abd52195a948f08f05e0d7aee04009

    SHA512

    42e5bfa028b1ec70fe3127836a6ba6ecd83d54ef3fb7639e322e235c2f240569f6d0714b6f43a17040e91086818b14dadb9505bd02e1c08bd4e9ec8a4809f093

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    7063181d183ba8e38960155800eac893

    SHA1

    92cba8c7d427e7b21e0f9430c8ac309d77a01eb3

    SHA256

    ec9be8632da35dce40c2fd7eaed33cab895bad087c93aef5e66f1692712fe054

    SHA512

    addf75968f515c01eebb3592a3cdfc2a2d8893a4de335d341204fcea106ac989ac7cb1827a777238d1e6ccbe7ee99a1a7a959b53fb07ed1ade0869ced399ff1c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    4a027e00eb6c76beffed8db186e023d4

    SHA1

    dd6761bd81be83fe2a0e35851cf69ce27867848a

    SHA256

    deaffd53a29cbdde1a2a80bbdfd6ba36cff9bc09b726f12bbc3ad8703110b415

    SHA512

    87cc5f8f12adb2f770c905f573a93b78724aaed885b8ce02b84be5a7cea39cd30bb66f2c3f1da14456c433b99a04110b73e72ce7e35fc558eefe0fa569a87802

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    5ad4b46b30088c846d57c50ac36fa2b9

    SHA1

    dbea2308dc3592a7e82b39796bb3bf55d4fdd2e6

    SHA256

    72cbd58e5cd766c8d8c75867aec6659a1aec5f91280f8be555d8f4b4cfa62c32

    SHA512

    72a27274a85b1c260c931b5e3e16d16ef26c44dd299e3d60061421111d88c4aa637ed33b4b6f97277dc0c033973961a345b43453fb4552075ac04998ecb8bc0a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    0510f82d28a89201a202ee5a1f4fb7e2

    SHA1

    381664866d7537509384c535b234a25d324335f2

    SHA256

    ceba012e20f85f8a26e61aaed2b526cb4a512105e825205a12c6397b1dba2c00

    SHA512

    ee804f4504227a5477ba08817f8aaddc899836ac7c41197abe03d4594fd1ac74456fad5be0be467175760e01e2e0108d4b7833399a5689a6e5eb35299f89ff26

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    d86223e6b12b6221b924a2f7e48ab198

    SHA1

    ee11687fb714824abb7bccd627adbffcb559de45

    SHA256

    f7541431b69703d03e20ea6c45fe853d763c7a3203c22e23df305435b51f9c33

    SHA512

    66fbe805c5228f9d7a82c29468bf4a44b0d7653d7976ad7c08807c8c1e9a6e36ceb524b68bd852e092a5d595182c78fdf731ebf1f3394ea18052ef2c8960a41d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    b18d2f359daf706923c679cd00009a64

    SHA1

    5cb89652be5e117ccf6e0b26a5bb4ae2cc30888e

    SHA256

    a50924df72165678337c61e66bb739da6283c0fd229b7ae6b940d03dfe4c66be

    SHA512

    182ff0388a3f81321d6ea086f32ec964383619400e90988b68b650a3dadd2170ae2f6ed7b5450feeb043fbb1fa1c96f1d745489230d553ba04e443186b86294e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    f1ca73126daf0bee62782aa2a2f319a2

    SHA1

    dc9b674ae26fd5dfdccb9a8605f5ceab9e5b21c2

    SHA256

    d127c0991307f6e862cc1432718317123ba5bb0ef5a06e34bfc37b53870fc167

    SHA512

    9a3ede2c41c5b86f74fe697663edddf1c3bffc8b74c26f8e1d6e05279d75567b7d5d7d5f22ff77c56af54da6de01387967925c4627576be05eb80a67cc2b620e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    7ffb8a1e6978d4197822530f3d3767a0

    SHA1

    678270e4d6a9420b5e67757196d7e57ee54c2cdd

    SHA256

    207bc207653e88e81ad587fb4680bba053e366ae09fb310811e5a4115c3c9f91

    SHA512

    34e0c54ce2122927e6eeb6f18d888ba406d57401db001360a3d2a881b469924da9c0bdf76bd7c0db1ad34d10c4fb2297a751e51d707bf4dacb91dd06728081a0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    a252732e235a2797c2998998ab285b50

    SHA1

    67e46d411eb92ad557afa93c9146d387c080de98

    SHA256

    86e256624c99393bc54d0e80f03f534e51d22149c969e86ecd3138509c6fb1d1

    SHA512

    8c6a1eba2f594584ebbc431267d006b36cdc72205df47926b61fcaa4148a0b217364597053a16200837c1719ddb44e8f31710eceaf99c4cfb667196107f68406

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    0cbe47e8b4c4962886c2fe960a4ae6c4

    SHA1

    78dc7f6da968e7f47e79e994d15eadc9914bb9cf

    SHA256

    a221d35f82d4955a6919624c361d5bba72f6f910972d9238234d9802e0e81051

    SHA512

    22cdd8a4c275ec1dca5fa5ebaeb3899167ff3fbaa915dd157a6327862f6d0377609c60d85fd30156bcf0dcd63a19ae76fc9a98a0ebad450614718fab62a6ca5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    5a0a7d53d78aef83a7fb9034d1702b6a

    SHA1

    5baeddecdcbe025d94367359359a4a56806693bb

    SHA256

    ae571a13c7ff1be7c50180243be70b76d7464958e02bca91f4370430e20d81ec

    SHA512

    573703608738bc6518a401a9a500f6df900f95e6cad30e9d55c3d4230bdeef61aeafd37c2040538222560fb362aa011d14595adbee1c9336a36fd176de133e48

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    2f2757e29c4e6962df13303b2d340d3a

    SHA1

    0c75a3c3d5c1d4314184634aa39fb4275d91fa88

    SHA256

    a69328a338cc4cdc1e99c88191c74019fd27cc86529ae7a41fdaf8d4f736f3b4

    SHA512

    2a8455c2b9adc7280fa8b0bf7fc80e6d301ae3932b7f42bef402b72cb229235aab34f2a94d5273c62e25e646b7341319a40cb9289e9ff80647e91124e31f7674

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    0c4e57676501acccd96e7315baf71927

    SHA1

    4d97e78134f013fd5ccb0dc94558f845b6672d7a

    SHA256

    afafad0765f43369958076b18f46391e0e40157d9d410ca9c28b58483387d0d4

    SHA512

    5d1fc4f30026b24c47b50067d54ea9cfec5c76dfb77279ab93aa49d15f63ec63b98df9287fd71fd7a11e396aa108fb3df1328bf813cc71c03e004d9448dead1e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    219f5a2b750746db44bb3bc4e0a12a34

    SHA1

    352a4936ec92fdca8cfb7a070dcef954eaba49e2

    SHA256

    cc0adfa77350d35cc4fe3dc04ec8098fc49f9e5a5941d239b04dc2b027823637

    SHA512

    17988985b7c4386b5fe6df277c7a986ddf4b861e09798323dd068a150b17e53fcfbcfb05c9f7784c0bf8b635f918d34cae37951c2e92e51076ffe1d91e0da50c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    af4c780778fcd31c938cb3985a3b1b56

    SHA1

    b5469e302b04b00b8bfb4e5c53ff2e05438b5b45

    SHA256

    d335a511c0cad0c6b93e2b13e5b9cd0a166badb214cda6c0b8289ab8b1059e3e

    SHA512

    6dd1922b90d86aa76041c8a99c434dc6119051149b008a9b3e408b4c06f774fe171c66e52bc60e3b74287df82765ce70b854c4def57e1c2f9067d3cab6028892

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    58dfc2348e5edf8c27165a20d28af231

    SHA1

    eb21e55fe651bd3b4343b07b7e438c3db8fdb8cd

    SHA256

    f52ecb517a10608a4893b97bd342b74a2cf08bdf22906a0c8b8515aebd4bf06a

    SHA512

    53f76389bedbc6380b39ec2c16ca342b62e8ac777c9c77d751d00b7218e1680160279b49e1a4f2f13b582172fba76a0243acc8910b0c1fbe3be02a8919755238

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    52e401f5c4392b0c54ff097937928324

    SHA1

    0592fcccf3355d3059eb7f05d4066a90f264c390

    SHA256

    b613c051a3ecf82b02e995a2f12b78c1af18d92a6155922e41aa3fc9b513b9fa

    SHA512

    606133f391b055567e35c26269b4553a6bd7e1842c9aada8e31d0758db629def8b1c901ba5a7b6e526332a974dd61fbc040a99e678ea385eb57130182415b077

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    efd9fd05763af4abca88e07097460a4f

    SHA1

    dc70aef1c9f650c316528f8d4385378699c30582

    SHA256

    d05a67b29facf51953e738ab18fe2bc515c4261496781fa8e1e5526bc6497556

    SHA512

    e8be2186294d6140b759455b5dbed987275584d048b315b9c534c74eb5fd55ac067f14420273989150f5a69f237ccbb5643a33890da833ad2b6a897e37ada6c6

  • C:\Users\Admin\AppData\Local\Temp\CabD07A.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarD12A.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b