Analysis

  • max time kernel
    117s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    17/08/2024, 15:44

General

  • Target

    9fd220-the-coffin-of-andy-and-leyley-free-download.html

  • Size

    5KB

  • MD5

    57e9ac3b13186a3218c2baf13db41b39

  • SHA1

    b6a8a7233c51cc902dac5e6a46f5a1f19894cfd3

  • SHA256

    22a31f188dccca3fefb0f436cceccd9e0485196e13f86eee426fde0870c2f526

  • SHA512

    405f087879b225ce23bed235b83d8a313905b4bec536449ed38c443d85c35e398d9d4ff29ac61848db123d40430ad1128dd611107198dcd1be25fcfda27a171d

  • SSDEEP

    96:1j9jwIjYj5jDK/D5DMF+C8kHZqXKHvpIkdNprRU9PaQxJbKGnx/IR:1j9jhjYj9K/Vo+nkEaHvFdNpry9ieJ7u

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9fd220-the-coffin-of-andy-and-leyley-free-download.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2912
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2824

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          4d552ace6f1fef9ae867ba8dcf2822c5

          SHA1

          92cadf0f4f6e176e6afd215d363fcbcc9dad0762

          SHA256

          0e61e54a39e068ef17dd7b615c5aaa7a4bbcc201cb88087feb7d3eb622f0107f

          SHA512

          f8026c1aeb98ce3b6d23eea42b9d87a9836239a5dc70fa08472afab55bc42deb203c0fc1feadf405d48fb70f9f74910a8e3356d0cad66ce5edb9511acc7cae95

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          391c6ecf86e88ed61d2a90679623c4d3

          SHA1

          d962ef5e0ca78f15fb8cfbb9273f15b6d5598c08

          SHA256

          a74fe48c431fcd5fbf5da387898e6060ca0197587c8da57099af0b8d2965070c

          SHA512

          85c70dff66c9c90a5793b1fbefd24f51117ec1c7f534f5a08f2ea0fc4e98b0e88540c6593f72d64fd08c1ef156303b2c98f7a7834989565b759e72c214ac2e30

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a9f7287ae66b14558455e1e88ce44053

          SHA1

          e7e712640f301a5ea98497f0c1b98027feb141cc

          SHA256

          acf40973dfc134bf1eb21c78c8649a086e03713f9b98c707005d53d228e60fce

          SHA512

          737150f49301d14a6e7faf43ffc5c2bb99b2c6cbdcb43ba4ec9c195109b0e0ea4b92d4227354052d3609b89499f3070df31aef4a8c5d20ff86767c581878b8eb

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          99bb05db6c9e22472ed8094298a6d2fc

          SHA1

          0a8da819e61f5fe5cb74cfd8dabefb1e7abc0053

          SHA256

          079bb7b5569bb70f986b3ba12750cd19267f844e6472e2889908e3cdb34538cf

          SHA512

          0b0b0a608692df9915240218cccfae3b20dd4fce5521bc2db290cc968825579f8d3ec05b703f3f53c829151790646d94ea0ce0279e6a955aff6538c6b5ff336d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5b4b7ee20678a692ceb4528815fa642b

          SHA1

          edf95b5110e066f0eadba48e8e4970d50c1efadd

          SHA256

          bde8bcc37d0e4feeab02a3f2ec2ecc8ff5e6ecf75d30f6220b10b5ba1bff40b5

          SHA512

          894a1760d80ac7634856a80e0cb011e91774891312e6160e45c6818942d68e3b4002a8768e57005e008b8c302126bc2364e46aec4496a063cdeacb35deb5d057

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          4ff2b3ae4d84e9a3d59d81426bf2ac78

          SHA1

          6cb19ae6cd25f32b247c8031d959ffb88afddfba

          SHA256

          8e4cb37277b47d69113cacf2d71252045e76a12f8d1d0c6171931a3d333e8ac5

          SHA512

          a200b4586467ec0a3d9d865db1c0d98a68e8784d42cb13a523d6c0c52d78e9f992b7035b0ca97bce4807ded87b33f41fb9a0e26dc3dd41c998e3912a667c1f3b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b2a038a69fa41ed59955f43f4570d71e

          SHA1

          89d71571acb527ff160dbb34d5707278650b860c

          SHA256

          c62e28c700813c5a133516ecc12262662856eb24390c17cf0db95f5df5628762

          SHA512

          918c2c34830e1c651e7c16d334b780a2d542bec60bc6389717f32633b4c05eca8ffda2590bc280a02bf6b9baa44aa19ee89eddae427ce44b3d2a29ea0f57aeab

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          25565613be1f7cec875a8c249380f05d

          SHA1

          1cf760b944cc47c1fe360648f5a5e878970cb88c

          SHA256

          8c9605af87428e7825f18162f6c351e320fd72dfde68dec8086dce9a369cf26d

          SHA512

          6b29b1206191f9d74feee5d2e20ee86395d70ff3f13f8387724f4fafaaa96694235341d05c4c9845700d8edd0ece6a706bd94b7480925bc728616e2c714687a8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6f05a93cbb8d3f8c1a5e22574e4b388b

          SHA1

          0f22610a861e40e42c2387a13a69623432e381a3

          SHA256

          42ecb5e1f14ff5f486b02ed53c897774bc3a557ecc4bd3efc054c4551bdf6016

          SHA512

          c2840f675bd0f890b0e3508f5a7b0db8ef8bbc31e14ac25464514ae408e838845e46466512dfe0ca2121923b7c434089e95da6b58a103941a8971feaacb106b9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c510f75200d657fb0cf6c41491b76cf1

          SHA1

          da1a6bcb2f2ef321ecd5b08d432eca880e0fa754

          SHA256

          a6366221dcfc08addbd54f256674ff3efbb93d7daa4d43aee48178d293dfb7de

          SHA512

          7a2c040b1677217ced851870d07ec5a2566c1d7d02a12c02a93b2dad8f516df01eccc6b045b0b4b4e21ef9c310d09ab49dd4748a112674b7110a0499b4893925

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e6596affd045a222356a8f1e66c01693

          SHA1

          f43d015cd2db5d814bd987358cfeb7b2ed1fb317

          SHA256

          a487e98724de7035b80cc3f717c11336b9381b4e63e07ed6cf6f32d85c02e608

          SHA512

          f077546c11706a276508f2f6ac9e3477073834508914330cb887a0245acd91217977ff40956e9b33f3a64be7f2639260b5ab30aeeb7c2938288df29be99391e6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7e2a6a7fab0e96f8a3b5019ff0516e43

          SHA1

          e687b1fba1dc95c66481c63dfde832ac0a56d190

          SHA256

          42a9ad1b29a558b2b7b310d623dc41757be1092ca745b4ff66660acdc2d6fe03

          SHA512

          118c423e17bd55cfe76ceb2a4b408979113deff31788dfcb9ebe6f938cab21b83284d4e42fa9f420b2937f07f7c12fb953e781d590c6e2e5694a809dfc6366d1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e3a2efb641509c3a95f261c27e98ef0e

          SHA1

          c5418868a33b3bafa7813dfe81a065add96b466f

          SHA256

          8288221861ec860b22977b73311776fbb54eb7e60c9b6274941fe8f077e2cc7b

          SHA512

          34b254ec52d63c36b5289e9ce626b428f76dca2e1fcc9c33a5b515e785dc6f779b0ccb1397bb68caff2e747e25dc4d00a8cffb10cfac4039e53a4ed41d17edb6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7c2b3ab7044809045b65ce9848ace135

          SHA1

          48415a4cc82240ad22cdf14abbd67eee59f8d369

          SHA256

          fbd27806a22bae5186c02f489dc237f16dda4cc96c8f8b9b4d43d56c1e15ec48

          SHA512

          f4feb9a72ef7e6f13303ce06d8337f3cd008267f84d510762e670be520ef0edb76855d0b47ac9a9e67de2f0df161afe20fa167242781b48d8f976328e52a10e4

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          86d744fe9a167ceebb961679cb2fc0dc

          SHA1

          9c74b768ca2454707d1f9f6d37e027b02bcdbdcf

          SHA256

          9b6faffd2957ad36be2e0475ad80e53477c07b7076d1d5b1a5f2e1222d56b171

          SHA512

          1a79db082c1fd4c7aef5c5862d37d3ed7e0283aca987ef4df13bd7e0bc3c86bb748d6869315ec4d70c2986ffe4f7f599fbd095890e5aeae049d0c282f0cdcd00

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          cafcfafc4f49f88dcb1a04b62b72e63a

          SHA1

          f87b13672521dbad0009cbeab4ddc0959fcb1fbb

          SHA256

          8799cf95701e30913303def13a54a00dab0b11a55e47f251b0e85ea100d76596

          SHA512

          2c7bb219edc89b9ff88aa8818abf35ed3ddb7d29b440d6f0613c5018810a58832b1c0f9849fb5a1e74b71b52ef5ac76b69ed939d6880850ba16a7446789b1ca4

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          fde6ebc34574af5b4927cef8dca34446

          SHA1

          bff7aeca4dc71d363181b2f667c11219e51e787f

          SHA256

          4b354bbbd87bf6129af19c42a3842813bdebca8e0877b7fdb022c4e7a47cb6af

          SHA512

          5190ee2df83935cc43b469cdc5ed8005b561148ff52577ead38600ac4bde0fe7088393740b0a8d616082107a4b9655ccea636bbe22d45356c2fd3da9aa143087

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          af6c299e4d856c5afb75573b50e97482

          SHA1

          2993e9c8373f10592ee520edd93b6adc5b974dd1

          SHA256

          ae06b15f3d74f30a914c9baec6fb41ecb1dde5e2feff54523df0a3cf8608c7e5

          SHA512

          c4f01673ea7357d57d94659d918f79a37e67691a68dea912cfac3bc656bbec557640286234308f926741d4b75363268ac71ffe2ff1fba7bba8aa2ddddb12f950

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          768c0b358fdc503bc2cb86a30a3c183f

          SHA1

          18dc91bd6067926063259e24fb124571d5d068a2

          SHA256

          e072a4e052fa885d2cffe1dfe651bbf7064719438b38214081dc3206bad27431

          SHA512

          6424d98a64385bacd408424d53abe6c1e26cc7fcc9f5dbfb0836c536ed105247e1273c387ffe198eade88c1ef6f9cb134514fa65bd172f575c2cab9512ae6ce8

        • C:\Users\Admin\AppData\Local\Temp\CabA99B.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\TarA9AD.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b