Analysis

  • max time kernel
    122s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    20-08-2024 23:58

General

  • Target

    NERO55/HELPTOOL/ENG/INDEXPAGE.htm

  • Size

    77KB

  • MD5

    87ecd30666b07309b12a15933bf18236

  • SHA1

    d0c4b73cde7aef222a6a7413591effde6b577103

  • SHA256

    79dbd74816489ce3183961fd36d0caa32634642b815f640e2b2d13c5366a668c

  • SHA512

    a552061cdb5d7b99f95e700814b316b61adc7665d3555795b174cb92a50d55ab0d2b8876b63f5305d2427d21c99d55e8d6f758bda5877e712533bc830d34b758

  • SSDEEP

    1536:JxBrpOEISkPah90c2csT9Y4E1z+P+wI7ZBvs//Z5Iv8M2:zkChyys/p

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\NERO55\HELPTOOL\ENG\INDEXPAGE.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2516
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2516 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2388

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    56ed3078710c9deac6abe46d60be04a5

    SHA1

    041cc116b1b6f019571b7355fe23430ac7a4a892

    SHA256

    e81b51656e29d8f7228566946869ca43d1942ad529d1ff81d92d41dd59bda28f

    SHA512

    328236cfc319dc848104bed93241f7ffac7da05b4a13aa27b69f1ae12f2cc5371cf2c2a50e9aa2d06906e4e75e7f737cbe1166e6640c01ce9fdef8d13611884e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    7a4430fe1f0f6846e56bc49bab3b5cf0

    SHA1

    416d55c47eecbb9e98252826e5d1123270ced2a0

    SHA256

    c0ccd55a7a61b430a727094c493c04fc56cf5632efc3bf62d3e61609e37dd87c

    SHA512

    fe460b8bbf74aeef6625370cc318004a69e4ed056a6bf0b3ea4021275a1c2a029a2f90e490a74bfa1ed6e47eb4db7449772c1cb5e3ea61329a7e59ab77289f00

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    82c92074d2d8bfd3e79840859fee5377

    SHA1

    6d117c842b809b7890ecf51ee004d84958f59216

    SHA256

    a1bd7d2d4b13a648ac21e1ae4f3dca4b3d9210fee5255d3b6f39b44d7a86864b

    SHA512

    1c23ee812b2598e70a247551a2f426d5a3bd5300d1ecf10f5a533f520f7505da2613e5b8bb6bcd2d16a80a107aad259366355bc89396e266a68d0b82322b32e6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    0b71a3d8fc0db1bd02ca0ecf6056f56b

    SHA1

    d7e50228cfdee45b200d4a83ed76fc86d52e9c89

    SHA256

    e9058b92d6189a6b3aac5c32cc92cfa2c322464cf511ec7a2b0bbf2b1a678f82

    SHA512

    b533d59421c48f05847641f626b6ed1e13275b542f6515bf1edff868aeb7fcc6ce5c3fd3bbd4d08f84517127d92616951f9307a9cc3f33e00d79114ba101cbf2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    eab46dca97092f952a512fe8ec4bc0b2

    SHA1

    3b99db1f40544283aa771f34c67c125791776f07

    SHA256

    0c4555b803b6cd9f0396d5b3c26203ba6bdfc7bee1f355674cd03f00e2df2e53

    SHA512

    27217a2179b5385150604555411293ea50d20ff21ceb303a0e40e152f2dcc73417f85b2bd76f282a22435c00a30d2d57e1d7d332cecf04095e5d7bf50f34555e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    fd408c328d55e99af49f1e49a65012c5

    SHA1

    eec32f03f00dc3dba34465a53cec351b3a305676

    SHA256

    bb0a088d8201ec64e231c74ce4b55c979f53d449971b3d5a51e2153e65e4da0d

    SHA512

    a1b963b19221e41456884b3e541733e7653596ba1dc99d89cfe3082530c7db761ea8ccaddde08180304f06b52923f310ddc7fc86faed9caec451c99dbd3315d2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    22afb974b75f33c78dc075f89717bd2e

    SHA1

    1b4135196d3f058f4be76fd009d781407e9263e7

    SHA256

    4d03a8a203d4d293f201573cd366f8ebdc5e281e7936c536b0f84f67c73bc0c5

    SHA512

    6ad214c5cd4e7966c1621257d2656d475988f777ceafd4ab67621832633c88044b8a20fac0efb9012fadb508986b1178ff5286de0b3115e00426fdde2fd9c9fa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    9faa955518440400224fade1cf22a567

    SHA1

    2ba68ffabcaa4753c370367cca498aca48821345

    SHA256

    debe56c49b7935ef2873b238ccb5f2bfb5650a77bdeadd3ea657767ad69780c3

    SHA512

    57c6e75cb2b777ab2bec421e9d506b227f9189dda90294915fc1fe78bcb39283b4b857cd933b0bd0533dad25dd456921bc229cfafda64879a6337a48a3e0cddf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    94143e2b71b715a2efda8eae710e84c5

    SHA1

    344f742b1f70530ef2f659bccbac4f6b8739b46f

    SHA256

    0b520b64ad8b3051c762fdfb200d35ce26bd0b7394c92cc630d45f555361118d

    SHA512

    e1b52a72ce413e3bf220aed751fb665035689b7e045cb2d397b580e0aa42f9fbf70fdfbf0d029b8c4ff0d07e7927a2b48ceb396295587cd91d7b19e4036982c6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    9bdcc264c178d03d64b4019fda0e96f2

    SHA1

    30379ed8c8f3b01d083503c6aa8890fd1a03601c

    SHA256

    2f22409a97845d163124ed07816ecd7b427a1b21c5fd15a53713e39a4c12bb9d

    SHA512

    4b45a05bbba552269448292f0efe8f6754b2dfa9c1e742710ba8cb3095b0f604c915f6264ebc77599a04724c1fbb646817dca830b3d1be0a8974dcc8a434936d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    d7095d2cfe80d7e641b6c01d982544d2

    SHA1

    fdf556865d297feb2e676f6fd485bdbd8d750ebc

    SHA256

    c5ad5a9563724282ba8e44b23afcbddcc96788548f02548f16cf68ab3979b3de

    SHA512

    e85cdab9d22fa2d0f853e02cc25892c81aa69881a3d7a151ee8662279764a06063fb04c5907a84eb75830d3fb9bb90e18de88588cb400f1616f0ea11174f29a0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    a1cd77791d46985ab1792c4e3a0b6ff9

    SHA1

    da263ea5af189da7582b0b6098981465b27af07e

    SHA256

    4a418e1d1820f7de0c9c8ed9531e9118eedca6948c865a4bbe26707ce691829d

    SHA512

    c3404ff6ed92ead8f790402792a57b8e15195731bb3d98dbf65883b83066a5f4d58a0975e0f2fd4a3aa0bd335d08f11e1662dab8c6027b42f55677e27c807390

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    a2ac7fc4c738a136d6ef7c604559dbe9

    SHA1

    95f2cec46f28314ad836d36a8ddc9c7a31c68fc6

    SHA256

    ac024e1c7d0d66f2442c0cd8f95cda58be514012f5318bcb6eabc09beb12a4e7

    SHA512

    b29b0b4350f9b9968a884b0a96a25e6d93c990bf52d4ff3ae8664ce78bbe94ecc310a45f5026984e09453db8f3e2210c7b686b43f132938c140fe8cce6c9ae1a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    6bc3803fb0fe7df9ded010a785989060

    SHA1

    bd3046a3e7ef5f1f173b189239c52397543eb906

    SHA256

    56f89b01c63c4be210bd4751448fc55acb344c55f4395aa2fa60a00da68b774d

    SHA512

    e5c5fa31116f1d634eeac5d0e017ddb2e9e8f865269fb05fb36a24f74f9c827ed39bb36e2211589b740bd2ba3f0f3269b087152e3a6bea951bfbfff6c51f9674

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    425869cc35bbeb044ea89ed9125e318e

    SHA1

    b42d9e51386792984dd3128c9f35813047968d7a

    SHA256

    866370476486b51efec6dab0861149acf8b54d8ae41e912c9557fc6a3234c9fc

    SHA512

    56ffd7bc9cb1fb28409dc839fa46c347342b80176f100dd9c7778961db8c4d440adf37f6734fa3fd1c3858da4c8219bdb445d992468967c4254ef898917dbbf8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    d21eae50ffa0988f8b80d741b22be637

    SHA1

    0edb470c39eb2602045bd7314d33828a94cc8b9c

    SHA256

    6d66ec1c21ffa9c4e0b9b1f49fd8410114b8ed75df3f4b9d12f08060bb907b0f

    SHA512

    44dba88d25aee583453f606d71e71d1ebd787179eba8dae2bed4d16e619490fbc6f302b1234871f326f99604a0d8286d13a26625159ce852dfdedee430d1af9e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    a5ad1df28b3919ce5bfb370b3851e414

    SHA1

    2cbe5cd7b9fdb8fdf92382d6ea2142197fe9b853

    SHA256

    6531f1d3382e2abae30c3ee33bb49919152aab62e0fa035a5aecfeb3708e180d

    SHA512

    53dceedc4ce65976eaca854c0d0ce61356a3947bd48b8ee05653de2046f2414ded0b831a6ec6756c3e3122dfb6f6b3e909dd47fd148cfb609abf2d318f4db3b3

  • C:\Users\Admin\AppData\Local\Temp\CabE18C.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarE24A.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b