Overview

overview

7

Static

static

3

a4802842b9...18.exe

windows7-x64

7

a4802842b9...18.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...er.exe

windows7-x64

3

$PLUGINSDI...er.exe

windows10-2004-x64

3

$PLUGINSDI...ar.exe

windows7-x64

3

$PLUGINSDI...ar.exe

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ne.exe

windows7-x64

7

$PLUGINSDI...ne.exe

windows10-2004-x64

7

AdminWorker.exe

windows7-x64

3

AdminWorker.exe

windows10-2004-x64

3

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

WebInstaller.exe

windows7-x64

6

WebInstaller.exe

windows10-2004-x64

6

WebUpdater.exe

windows7-x64

3

WebUpdater.exe

windows10-2004-x64

3

content/iwa-ovr.js

windows7-x64

3

content/iwa-ovr.js

windows10-2004-x64

3

content/iwinarcade.js

windows7-x64

3

content/iwinarcade.js

windows10-2004-x64

3

content/un...l.html

windows7-x64

3

content/un...l.html

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    17/08/2024, 23:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    content/uninstall.html

  • Size

    517B

  • MD5

    129d0a4e13b0bbe1b7d09577dd6bc8d9

  • SHA1

    c72554923635e134de27efb5280108e6b09281b5

  • SHA256

    6cbe1d3f09a8f60f3ed8d44188aec925e597de153b3fdfd3d643be451d7c013a

  • SHA512

    e00537367c27aa0af9625c04990466218a599152122bc7d9af7b766749f6affec127ba190ef025bd8db296ce42a077e99179d2f267cedf0697cb787902a6e306

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\content\uninstall.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:348
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:348 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1944

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b3d886ef61d092caf444599be2ebee53

    SHA1

    fa2fa4a281c51da6a9c12b287c06998d146cdc9f

    SHA256

    fc6dbb72bbdf624263be7f6b834015acc7bb2d62c386931ffa5215626d0bad77

    SHA512

    d20a9b64386e650f0eeced7c04fb76061292908604c2cbe98cd43911227dbfda1f06905aac02111b8a4c99f047b8d3f3934573cc3a366fb3dd631258034ff8a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aaef8d40732386894846e3b814c51fe8

    SHA1

    a65c77461c2e4b67611069de5a24b0fddad89d02

    SHA256

    3b216caaee859b1438b4166eb55eece5721e75490d0d9bbd28e7d7f99139ebfb

    SHA512

    afc55ecc41ff696b41cbad3d3293a351acf2e55a810b53566d9431f7f71d5f411c924a7e6d891066ad44744626658763af1dc5ebfe4a755cd96cb05b3c5df5f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cbe1c85458b417db6d2c33f73ea83277

    SHA1

    e05e65582b1e33a5af1257e15927b68ca1b4f045

    SHA256

    8473cfbce36191ec042abbc7bcd91a09e1aa835e65f297d388cff21fdea9057a

    SHA512

    e89dfbea4e66ed0e8240f997cb0e20691ae4e78e60ea00d4a56db84154353eb14bee61a67b05f2e9757300eb2e32d53a44d4f2552644a92a9859d54fa5d74afa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ea8584c7cc06aa85df7db5293117f3a

    SHA1

    1642c6204c6fca93c9c8381bcbc104e07f108aaf

    SHA256

    beb7bc6793d1009dc8912fd5bb5a1367cd07339ec6f2bebd44feaae6458b26ae

    SHA512

    fc0a6b0aca3ad7a7b59fd17810e886136d30aa52adc7dfc73975a12c22adbbb5f36d61396dfd24bddc110c1ecb60c0345bc263dc4ecc86c6c1047c14abe3147c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0bdebd4074440e0b8c0bd2ce997774dd

    SHA1

    89fd87fa849e12e8e280a87acd3082f3f5727f62

    SHA256

    55a14d6da84aa0db3f3b6ea9ac698a831a156052bc75da96111b1341bf319065

    SHA512

    e63cd697c7461dc2b2fd524eb2fbcce60802376fdd3e22f42eaacc72cb9e16d7fd7359be12f9bab9a75a3beb76fbac843b886ffa4fc674d80b196f48a337cfe0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    76399d3b4e77670b678311cb09a6e544

    SHA1

    aa099ce43b9731545bdc9c95b6085a1ffd872b79

    SHA256

    7d72520b75799e61053dceeda16a9cb718b9da3b71173e3218b85f01ca2225da

    SHA512

    8fff670ad5d1826277c6345e9b05755f438f0d60f89f69c5fedfc885e92d4db3d29efa6a1a8b6ebf41f19de57c319ca07130d80bccc9d08b4965986981c179bd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fc7974de060e9ef931060a6cbefccf24

    SHA1

    caacff16108f666529ee49d76084253a097ab02f

    SHA256

    46455a414ef3ba2d8fa6ba42022d97c2c7f9fac90779c342b347efc6bb140379

    SHA512

    fc76131008e824678e64b71ef99887792f9ebacf8c47119a58815062cd4168cd9ab18d300932f32b937a2e316d1a080f9fa7d554b1b53c1ce0a781e39a1533a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    19870d31f371329381ddc25fd2bd03dc

    SHA1

    f7209e653e8abea7acd2fc376a5aaa049a35f105

    SHA256

    1f96d98c4bea81826fa1c5715b764580b4609faa0678c3a938240738a99cf018

    SHA512

    d069e2e71cc8330572384212477dadc5028fa654e96e79051b14e82c19e3d9b24a533e570c5862179ae782e592d7a9b4141f0e05342202c56da197009865e47b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ae6c66902277e726e89c5f65780d841e

    SHA1

    db46a969a52979b025bcbe107df902f3bf5ca44f

    SHA256

    2f3b2a82a383287ee6fcb62cf0541b5610788aa22fc6f528c9d5a75db5da3a83

    SHA512

    e1e334364d5f410934d931aba69f120325359258c0e39680e7c3a6fc97b03edf967bc7cc7f33134a0d7812213e6a4a5b63d1b177c12fb7469dece4282f96b038

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9dcea286d36b02f031e9b0e61f781aa0

    SHA1

    b01a27ecfb68cdc5cf06874fd09bab71a2383fc1

    SHA256

    e926dab14ddad6dd7b9df974da9974150eec175238305036c507372d430a14ba

    SHA512

    823a27dee0a127ac12e32d16f664f93174a91c8a0e9e30507d1510bb4e52a714f1f504d35ddeb7511e60a3120ecef9d8814b8386eeea81b30c8a9c0b738cc544

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    84ff16503b967cf584bf1b5b2b3a802a

    SHA1

    ad613ccb357c418bf1cc6f8ea6c0e411e22fb138

    SHA256

    1685105e1d81d465dda2fbe3c570f3f1f201ceb0e36851514bb03c466e2610db

    SHA512

    3726b7c4a5e6ee1530e71eae177a7536a5ebb7728217c3be3681ea190dc602df21c48bbb78bb6b23a3d858d7e4248bf5c7ab8f0f949419cef5ffc2ad53e9dae9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ce90b9af29b65ec5c52e90108966a122

    SHA1

    368262819cd4e4775b55ae55afce05e769033128

    SHA256

    6ae68af31869ae4346c79175f8f4345049102b38ba293bdc33065c93310f8b3d

    SHA512

    5be7e65cb3e353a516fce06c8656e8307171b19cc936e75063b4e8913374d1994c9f5199bff02a5751fc57989a4f829acc7385f5be37d0d15871b13443990470

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9cb3c7d38e58dca567728959d16f19d5

    SHA1

    35ff73945ab2c1c4e0461d56b50cad3af96a469a

    SHA256

    1ddbd64618b1cd2478cc9c38dfc33a413daa013526dc3df44d9549912ec000a7

    SHA512

    c56d009063db8330db41568e856ab3c16ee1d999b4d14d31b57a4f4d6f13b1b07f3e9af0a34a707950b5af3ad9c62ab1775df94e8dcc38d97be2dae66807deae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4e554bd4d85e3e907ab2f1fcb1c1e8c1

    SHA1

    cd8f107a374351ae4fd109ee2e5d060a5f510ece

    SHA256

    fbfe0b82d717f6aacba9bcb9f5476a3afa3c1c71068a220b866f2e406aaba99e

    SHA512

    014827e554aa193736dda4eabd7f378fa9b4a19bb85b03d552886660dd2127999e89db2397f2e27e60d91e412df11ce7e162093542f8113c7cad7c6b79c37cb6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabAF55.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarAFD5.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit