Analysis

  • max time kernel
    134s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    20-08-2024 23:58

General

  • Target

    NERO55/HELPTOOL/ENG/INDEX.htm

  • Size

    515B

  • MD5

    bd7bcb7ea19e169478a8e1dba914bda5

  • SHA1

    f54ff21ab24f993e49ce2c90fe5443ae17e9a858

  • SHA256

    65f72cfa4577a359da854c48085a54d6921649d5bf7bf24d281280f15c5e23ef

  • SHA512

    cdde77729192ad9db462bae0d7b7f4958290057ce486111cee728e9f13f75b7b46dcf7e9748cfdb47628b58438b1c1c9451975f1edaefd68dddc7c09dec4acae

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\NERO55\HELPTOOL\ENG\INDEX.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1672
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1672 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2808

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    14d5461f8b90e57b1d9878beee57ea9a

    SHA1

    d49ac942942eda5e7f83675ab7c248d22f8d4a64

    SHA256

    7fa6beb80650987dd23f7c0a9e483f660c83e6224e0f22864024dc6f78799b8c

    SHA512

    d094c24347665f729aeb819d4c0be77c86cf177b7f58dcce11034698e7a8112a4f322b6c9ff19809e0c1f4661ef411783426f04893426ed419bc684aa29a9952

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ec66bedac61dde69cf10573365d756c2

    SHA1

    82a958cfb1d4639adfb411ea6565c559d25b7cfd

    SHA256

    2c99276bc693631eb075b402841c1409e9555fa172eeca3870b918cf3938202e

    SHA512

    b503d52b06b8a973db837190cade7e372531fd05c2422d854b9f5c52213e94b7e494be03c31c32231bd515c2b2d1e91c3b26cbb304df09bf5dff3d4ac1eea8d7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0eef27d34792aef3c05dc195a0e3d25c

    SHA1

    270f9c5f1a390f8c9b9fa7f75e8c807d0d9702cf

    SHA256

    d7b1c022e34e2ae272395ecdc64cc2d4a3740cd0a700f1d470796dba248553ec

    SHA512

    e601d2072b004df20048ec46d121d8b5edb77f76b2a773bc3c605f98b48b53c6332e41b1f08e11b8f38ae32fb1c4bf07f8ed407141ac0eedcc4c6d2c2b86f1b2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0285e93958dd960c5b01634ffe597517

    SHA1

    102da0521edbb8589c01d33ead23ce95403951e9

    SHA256

    b01aacd1d5408697e7f5829ac1221e9c16881806de733f607484e9eb9df972fa

    SHA512

    00499a981114fe621b13e58304168f24adfe2da3fd161fb8960556e4288bbaed1a4fad79e5af9aa9fc0bb829eea032f26aa447e3ce59e020bb9a3ebf0ef9b96f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c2c0535c58683481b8804b467d0fdf51

    SHA1

    b8424b41b36c0f691e077c596317dc316baddf5e

    SHA256

    c093358801f78af59009ec98a47e68a3d1545fa3a3854c00d60aaf2c8e69ef5e

    SHA512

    46712d92ff6ca168b71c82b3e6a19b81f8ec597bb9d5b967031969786c562812c743215689957eb5efaa585b60cd012dd6fbbe353e313954950d32032c46b926

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e85762c0912d3a7e8546c81fd6249f38

    SHA1

    8c410881fb9561768ff98477f5ec5ff74f6b44a9

    SHA256

    4fcf969c379118b2538c387a345f49c1ed5b6fe7a5070758bd8226efe99f0da3

    SHA512

    ac5aa2e8256fe7dd659c18618bb2f60cc79e7b1dc2cdeaffad4a86bb39c2d1682d5eaebb8790b9253f7ecb9aeb44907237d86ea233698da1e9723d4db8529cc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ba997d9c3c6faf884569ec20970c5823

    SHA1

    bdad5933a79edd6938760364da3109da75bf3819

    SHA256

    e7d47f646490d5d3506de14d62022d80540576438e825230dc594805801d324b

    SHA512

    aebafcaee858610040895d4477ccf70b1f8ab73c08a2ea74bffccbaae021a0340807a2d64e434d7989eb2bd02333b5e24a3177dfa550d35a76e99e03df4e472b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6a3222d8dfef8eb555e28f6045c617dd

    SHA1

    9b44d413c6b51a0dbd04c9d53f4f4d518fe0ae7b

    SHA256

    211373f6f1da9cd0aa602a2ec646029aa1927b591968a98ec87a14693f061e6d

    SHA512

    fc0c11f3c42fddfa3751b7fbaf6bcae4b65fbdd41996a9bcfd0e630c6a94ecf2be04163114be65f93a1aaf6ba6cb4238eb38f33c39d69edfb556f6a76ef18f72

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e90b2066dc07d8d5c0eba8b4275b9a7f

    SHA1

    9964847161cb00a2094ed7faa02cb05e6957be4f

    SHA256

    7f3adb37cb24467e6ac67891d23e26195812ea94f46542c0efb4131fe4c5fb21

    SHA512

    0d9b5464a6c7bee6a3fb0d46313173ff08d2b6f69e0c5415b367362e99be9915541625a07fbd5dabf0aff0b79a7dc8d0babd4edcd238fa4bd4c2a9bf7235d6ce

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a3d8945f7324930f76702f87c6d3ca87

    SHA1

    9aa5e7afbb0470a2d0ff4d30fab7cca96f636ef2

    SHA256

    e5e81a2293347f12fc36e22381508c7c41737d7200f62fa73ec09eb0fc85d342

    SHA512

    f997230938dcae0e622a872cee85b08b38bc6ae8b18506fca9d8c1929e276015232c2cbae7c0f37b9196562ef3afa606ed0ca104e168966e2d8d90e2e4fe25b9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b43b0151230d3581ee77bcd638664b22

    SHA1

    2eb6d3dee008db296bc83f67b4f9a7a0074a2a98

    SHA256

    49350087fd023affe807cfa7a2cfd85da4bd2187c5cb2478812282afc51720be

    SHA512

    17cafe4e0f3990472986b3c825d8caf52232865a4fc6d8402c42b9d1f901bbf1b2d25bdfd2fa9a7e231898d1b7d5b3da2297d01cbe87f7d0535804fde14d5e87

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    78f2d2006a4828bb28510fb153681b15

    SHA1

    635eaedcdf1243465017811564de746cc5b34ee9

    SHA256

    295144c0ad4bf33d2a08f88617e37905995e2f5968455ea3bb308487e1a975f3

    SHA512

    f8a8068b8879bce1d8e90733a6d5ffdb55d32209592fa6259238f5d423fcaf231ce38187e4fe055d4111694c6cf09f8776eab47077b0548f2bf02b296a3b9239

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0d7c315b56a6b8067f4165b435a89c7f

    SHA1

    5bb939bea2147e16dddeb48165b2c76477cfc9f0

    SHA256

    917334f7977ea6f39f91a1334b80085aca0af906983369f283271907492a7006

    SHA512

    4c1477727313a5a18db5fcb1af9dec49e780ba764bab7efdfa3640084b9f4baec9b2d3a7174fea4f41f2713c73534b0b9a90345d50932cc0da339f92d3551abf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ebe354435f12367133be9537c2290389

    SHA1

    db223640d3581c38f2f32dd8a11946feb47907d5

    SHA256

    f167266c562b95310b5990a8d6e65b53c0cf071a9818ad8c758b27adc3b6e729

    SHA512

    49be55faf79a9fa44c23b5e1ba9a665a477c9e1cd4e68d1d81cd8ef468e76f50309fbb2b173cbfe2243d2b2a1eee2503bdb596209fae33a433262324bdb64baf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    300f4e9e0527b174fecca3007492eed6

    SHA1

    1ffaab8864b19f52621caf728ef1f9c728fb0ffd

    SHA256

    a64b5a1022a75b375b43e2b91ec37f1d049ecd5a57e28617eb587f4aa81323d2

    SHA512

    d34696337a895dd49e5d4209eb587867020bdf155351089f32b08fc60ae649b10754d2e75697c4a206d1a184653eb15fb2afafb51c0fb549435add9a5c2e1700

  • C:\Users\Admin\AppData\Local\Temp\CabB424.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarB4F3.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b