Analysis

  • max time kernel
    120s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    13-08-2024 17:02

General

  • Target

    v4free/Ads/c_3.html

  • Size

    31B

  • MD5

    61d50d9ea3a9b0f697db0cca98674821

  • SHA1

    c0a0206447e88c3613afc70ecca60be1a9376d9c

  • SHA256

    a1e40f9df6732878d74fbe30b1fa1fade12b1b98dc81cd294b23e388079de639

  • SHA512

    c6940051b2595878006b39c4432862cd687423773e9d411945041c515518e9d8d7f1cf8f4f07e6540a6153d23b5e495801268958cbdfa85e14cee2f39c865c7d

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\v4free\Ads\c_3.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2384
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2384 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    b75f4c3c72cb2c7702d01806ab1cbf8e

    SHA1

    48452e499a45d4d53bdfe3e737980f61fb04e92d

    SHA256

    45755e746506ef5736d500e99d12d773820264c22741a99138cce0d693502166

    SHA512

    5a6bc38d2420b6b67407abd019c816353897f0b7cc6ef87756aa61527a6362b11ac0de0aa4c1b6cb56fe5a4667dcf773a0972a49fbbbbb013f80eceda9cdb137

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    3f66a2dd93104f04be254f5f90cfa7ee

    SHA1

    83d5208857e01d66c1a88290ec5dbade2ba73366

    SHA256

    058bd04654453d7b273081622ebc062fd829663dabed14b2a1fc23263fb2eb5b

    SHA512

    fbab41aa4188a580a4995545d329ba86c7b4ee0552e7d1b3424a0f1a183c6b40449ed9363a21ec7abd7a185272150ed1e3bd7c53e86a760f8d34bd9598be9339

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    d6058d7c3753c87d06faec00a34dc700

    SHA1

    cb6a72a5ed91dae49c5183d36c645155c88eada3

    SHA256

    535b5e263da3d9472c09a66dd435ceebdb78bd5cf7e3e8c052d8ebd366dec336

    SHA512

    e8cc8416969096cab232c415496d01c720483a95567a3fcb2f85d2f82286c2ba724d1095e8c921256f5d74758a4f66336ea1fb96591567745564c7cb942817c4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    d8f1d0d6b7f2863749798ecfca2572d3

    SHA1

    ac296f9b8c8cef6630be954d185db145194d9246

    SHA256

    12117a756978b585d76084e8fd9e7d81f28839a731a8f1d3f4521cf11e6164c5

    SHA512

    69aad839e0b8ca83e3dba30593e635ad5c3046cbf9efb05eacb664bddd5c1d074aadfa3f9a966077bd70a4095670b043023752bcd584a857f2a0e69215e7fc8f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    3cd01b5ec018a1817f2b7c3d8b9ba0b5

    SHA1

    bbabe421c9f8a8fcf5d7aa7e168e5a01cb6f9b8a

    SHA256

    7719f3c0f1d5872537278c612a386ddf34634fe810fcf9198419bd584362fea3

    SHA512

    129682a0e05936abd953c6ddd0f729cb2ae3931380596574e92fb20c415cf88d60bf67e15675611e90e7cec2b30e908777c42037850709cf9eddd25f69bc3e5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    23ada338dbe872aed243fed06db083e9

    SHA1

    abbf1d0d79b3337a3c409b79c4a28d4afe6e7b12

    SHA256

    6dfe9f9804ff8dec8261f248274000e984172d09efae0bd7dbc9fefefd3edea5

    SHA512

    f8e950d748407aeac52912f44aac18058670ae10b0eb5fea76094a02887fa029e5e8fd67bbe7df52b5eedcf41042c3d4f2f56f0845ec80373d08a95b8ead1eff

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    b520a9d19b485bc9638b7ef9436de7e5

    SHA1

    470de4823e6713f49344c3b811c54d75b1a43b4f

    SHA256

    dbed4bab19d81cf3edac663c7ade8e3021166146abbae50b166cf3846ce03a2f

    SHA512

    28fd97c0881bb92098b2fb253a3842bba4b3e6ec04ec5640f1bf0f7b2a1d1f4bd02be3a1ad419d868435d352301edb74c269f1d6cbaf23f1417b02fd8abab13a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    dc4c4c77d918f668ee92e954b4c92ecb

    SHA1

    33b5b5dda2262b73a98928879917bee5d68be7b3

    SHA256

    3ca29d5111bf0542b6c9d33dfb6308d6231ad68ac7fe8e3bac585617a45a728e

    SHA512

    0d7a73d15c3979a1357a2c2f097a4014bc930dc5a69d4f2d2e908d49e4729c3c04eb12b08bd076b16275eaa409bc118676a51382f0572f7c7e86fcaea3452001

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    43ae1c2a3c6650d6ff8bda107862c239

    SHA1

    d3e6ece3a486b8d59b131238aeff4222535542db

    SHA256

    efe87a87954c2c885f2f0acd66c729690a850e8fecfa02ed53581079ddb4ed0f

    SHA512

    11efaa90c648afd7e780adda50be5ad39ea8d01e7f2deaebe485234729191ed70900079f4f586ca70c2326ccb4f11679bd719184d065defd0f02c072504c3de0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    5c2af171d889bde61f184fd13a2c9dd5

    SHA1

    765bd1305a7f00fd02db789defdaa0f4bcbd905d

    SHA256

    9e1d8ca4446f1f83d7081f19aab2d36c5b41862dfddb579ea9e80ff9f7d8e567

    SHA512

    84eecc42dfd82051ae5d4bf1005812711166c8fd36d02e003480aae9303a676e8112bb664bea760b232f52f2759ea971e622d2aba3734296d302489d2e8ae18a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    d39e65bc1001eec205143e81fcdff1cc

    SHA1

    2801ae7bb91faa5b708c208a37ff80487277cd69

    SHA256

    2726e1331c313c0267b9928d33701f94d94820f8ce1e2bc01bb76e943f8c27e4

    SHA512

    30335c9a53022bcd3dd8b9bdd80e027e2e575277bd9b3293c1fe0dbc58e1205e73a36b33d064c0591bc2e3490b555328f9fc2fcafee27b32a8289b90c4066cf9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    f79612350d1aa76eb955ffc2ef4a360c

    SHA1

    458a6041f11d9dc525c1992618323581142316cc

    SHA256

    2ac0922677ebcb125787255169d3e40b82e99c1771547bf7b9a9a4b2422d288b

    SHA512

    3e66257510b2ca0aeaffe4712b1930cc896af71101a84561bd0d6c3708cef00dacda79df6c343a5e489e4647cc27a8e692263859937f376e9b9164c95fe3bdfc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    04f5b8c2d8752e66f28fa5ee2a8362e8

    SHA1

    55a6a699278d5a3d9d4817724f70b6eec677bfcd

    SHA256

    a7a44f872884f8204ca7c57190443ccbb2efe19205cfe84d7569e0b71f451edb

    SHA512

    49b0f9c56536a8d8b635ddfdd40cc1d7862bef71e9020cb9380e16b598e7d18e82511ceb3458b539b6cc1ed258c65d52b34f032d1fc5245de2eb81c51e2c47b2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    d004862f4125ca96c82cad391e325058

    SHA1

    f1af8861170ffd6f8084387746eeba9226e3dbdc

    SHA256

    9456812456b930df5cf62d288767f9a1263febcfc2d0af00474cc33053cc91d1

    SHA512

    829d2362a9fb3193c5237d27a9e3a3c8e909aa4dc9ff3128d5e3b063c337ec656dba41ed6f8d6f7bf9748add3e24e00d659337ccbedc1273070228d5367c9d17

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    1d33f113d2bd7947bb28153be536e1f3

    SHA1

    7df692acc1ca60f3ece2823771f4ecfce2e2911f

    SHA256

    2cd65a26b5fb636c6400e06121b59399d8e0181f57c892f0f800bf67c7c809b7

    SHA512

    5671e78dffc98ca87f18f49925bd32f008aaa471bd25175ae4a2d15211a6bb2d99ed538416b4d09d1bccc5c5a9bbfce9c8a1efa05242517429a63da6e554749f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    9d8e117ae0e7c5e3822f66ede185835e

    SHA1

    b6cb8a3f7e5e0d109962a1e97e1470fdc5e57ebe

    SHA256

    52f78e4214f8e411548e07d7be2ad3712016b35b6511f1950292b4b6025c0e8a

    SHA512

    28b9584be7a743cde29da373a648d67648bb1f74d2dbc2a015bb0fb7798b08ad580f8776d73a30c722c943f0131c94d30a0401fc0a8e2bcd550ce339d3a33d56

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    beaa2a374695023235ef5b719a5b2ed9

    SHA1

    88bba94c5f9bc6a0377f1727f30b054057ce00c5

    SHA256

    9b2a65a9aa9c3ea6c13dd29dd075672ae6ddac8a7af68b1435d4d5b4bfad7a9f

    SHA512

    bbf6e7a245459d619539be9e4f25a71cb35950aec49e6fe69070b0e64366ebab6dd2b235ef7fca0268e4e83ead1ea03b6b98654a12a10463c41e0210c57d129f

  • C:\Users\Admin\AppData\Local\Temp\CabD6E2.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarD790.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b