Overview

overview

7

Static

static

3

b1a93a43d8...18.exe

windows7-x64

7

b1a93a43d8...18.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...er.exe

windows7-x64

3

$PLUGINSDI...er.exe

windows10-2004-x64

3

$PLUGINSDI...ar.exe

windows7-x64

3

$PLUGINSDI...ar.exe

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ne.exe

windows7-x64

7

$PLUGINSDI...ne.exe

windows10-2004-x64

7

AdminWorker.exe

windows7-x64

3

AdminWorker.exe

windows10-2004-x64

3

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

WebInstaller.exe

windows7-x64

6

WebInstaller.exe

windows10-2004-x64

6

WebUpdater.exe

windows7-x64

3

WebUpdater.exe

windows10-2004-x64

3

content/iwa-ovr.js

windows7-x64

3

content/iwa-ovr.js

windows10-2004-x64

3

content/iwinarcade.js

windows7-x64

3

content/iwinarcade.js

windows10-2004-x64

3

content/un...l.html

windows7-x64

3

content/un...l.html

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    21/08/2024, 01:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    content/uninstall.html

  • Size

    517B

  • MD5

    129d0a4e13b0bbe1b7d09577dd6bc8d9

  • SHA1

    c72554923635e134de27efb5280108e6b09281b5

  • SHA256

    6cbe1d3f09a8f60f3ed8d44188aec925e597de153b3fdfd3d643be451d7c013a

  • SHA512

    e00537367c27aa0af9625c04990466218a599152122bc7d9af7b766749f6affec127ba190ef025bd8db296ce42a077e99179d2f267cedf0697cb787902a6e306

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\content\uninstall.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2628
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2628 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2484

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aca491cf343df32dd12c20753a9ea581

    SHA1

    7d25bbb5f35bc82b63ba0b2fb3e3dc5dca5fc91c

    SHA256

    b855c1ac3fbb57f5c05d1583a742e6479e35d647734ba7c1a9aa4d40f722baff

    SHA512

    0631d0c9e7687f37f1f9e39c632ed5b2558f9d2e9265258b30bb5544de22f7b57afc02fb97fccc6d9c33807196b2cfb78543eb7d0ea1d3a3fd84c3c747958339

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    466400e97a87e10cfb5e54152a9d2740

    SHA1

    95b1023b13b5e6abbb40d390a708f63ca16ffd9a

    SHA256

    95db1c7b0d7eafd3de127a34f0e90705ad85af9c64f1a4ff727502251eeeb0f4

    SHA512

    95532e19122c6e446a6563f4e7df3220bd2b3e4f7b60f541c5f58db9dcd200912323c982b39bb70c2cc4e6d89c60a42646e6c2ac51a2897bdee2f874c51792e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5923c456680160dc889687c95a323199

    SHA1

    2a9ab1b53d693783c0a0454aa7899bd670ed503a

    SHA256

    0e85309dd144cc9f37c6b0ff2b6b9260421292bf33661e9dffcd1ae08409e3ea

    SHA512

    09303843079609789dc34e0b5a9ce01b0bd4f0117461f839139f69833a7dd248e22a0767059a4dee3777401a577d6336ad6b5b29857bd58874177d4488623f53

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    345ce9e76777e3b1da4cee927c68ec8d

    SHA1

    1d7484dd6553aa5745b3d0bba4c014591ac7d97a

    SHA256

    6fd3ac5a98b342e5c6030528c241bb6311c6a419a5b61e78ac8d8ce724abb684

    SHA512

    15526896813d35bc247ff43b1fb7d943032d5066f116ae9ade5e29e83b1509708b0c4f7d80942d51356ffe872767ffd889a0459806cd303844ed0197c45ac6cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be14cca6b7e0ff8ae95854ae78a68692

    SHA1

    e8f75352c95bd6f86b4097bdfb6bb3dcd8039847

    SHA256

    c4af11e0aabd17c82c98978d59dbfa97d06253b4ef8a1460512fd49e2f12e328

    SHA512

    e995806c8c81bb67edb8eba2e024e8f561eba23ebc04826974bc1b903a4a3d58e7b26bde84e9fd19a56e699a3b3d9c5df34d735e3484d690b9cfa41bb57dada9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    06ed230b8c2a1ab649a848da8600d892

    SHA1

    396e01b505294b8861b6cd73b11057d62036bb41

    SHA256

    75ff755985c198304afaf9854989b678c9cf91fa606e32a51ca47ae57208d745

    SHA512

    915a171c2d647db689af53f047d7ecf03212b19fd49af82ca734c6d2daf534fefe85c812e38e556fcdc6e617487d279293c2214f7a674a7a7f1e7e8fe4aef2a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3abdabc299b4095cceb502063c65c95b

    SHA1

    74c8aaec909ce63f60e0612d0de36a7c5692a045

    SHA256

    d23383a4a931cfe2024b0c3e7de4ea30131c92a9c9725203de59454c0a6db411

    SHA512

    e86b1a946b666c93caac94c2a04b9645eba394c88c40ce1a28cd558ac30bde842d56baaece541f71aa77d25bfa43b64f224b2c1ae3ac6f0608291bfecd44292b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    901e874b8570bd3811510587b863e588

    SHA1

    02b0fcc655f8d52561716a26d37bb63edcf4b8e9

    SHA256

    f09e49a98685fc124e27680dd1005b184ff99b46bb3ad061ac5213963c7c2e8b

    SHA512

    fcb4bd5d2358289e0c99fa7696d1dd034a5623d776ff11fe2e91afb8bc340d7eb2ac9c95ca4392e20e8d1c7ed0f52da000862cebe585fdb438dfa14ed3079313

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ce5a266b94cd3c15a434809bc9f874e8

    SHA1

    bcc10cdd0de8f97780453273d4b55141fe612972

    SHA256

    b0fd4751fe25e8d00dbf60720896650476c465473d77f9e6c6bf648cf46062ce

    SHA512

    e7ef3629c3d4945562bf030b24871d571870280999d632be36078028ee8bf558466064d305c2cdfcbd9b374575d0b2964fb81e009b8d3a8b9edd23a996791c58

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8d3db73f06927907567523a0a2670c47

    SHA1

    11e7e752a2ed37df9f1458ac707a14bdad64bf6d

    SHA256

    b6f742457c1620c528b85ec0e12d14770d5c96cc0bfc95340755faa5a8e16282

    SHA512

    a979af7649422b57fb088df9c0832e76a84de869619cddca0ab494bbd88630da9337b81d9b6bfbbb2179aac56998254a5b5ea0966e59ec8d0c26d859d9e9ae3e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5714cc68e9de5633c56da493030e0a45

    SHA1

    33572a0dbe90a5e06d1b6e55b67e05b63cac317f

    SHA256

    5d5b5d64a61513772acfb69a1e133d11d2c6311b89d244d9fe1691e416a4c70a

    SHA512

    54881d7bd0275510d297009ea66aa8bfb090764814ef2c333181a087242a9853bf0ee3bd11beac632ff532352e5de4ff95d7389a4a60c08d765539f6419cbd9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    226a167ff162235cd51264427c05f66e

    SHA1

    e12ebae8edd898b6d6c127dc0bd096eaeca9c908

    SHA256

    d51e79c85811df6e4a3c6b1992427169d95f78ae602a29a80b8194bd9aaf7442

    SHA512

    4c2bc8f711bc4f685dc2fce9c7acd6c6af41286fff9363877c25738b279a7dcaf34e019db8c9486b6be950ab3550d24598690d52ddd3728da13c7039a1709f44

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bbe4afa3854e1a2cec77f0c77fb81367

    SHA1

    5a516c81b5f12b10d93538dccdcbc0a9a5aa5888

    SHA256

    1626d1374a965d36a3853232ba655e7d55d4086d10ea58b150e58853a80eb267

    SHA512

    d49b0c7787feea69543c825700336adc865065777ffb118ff7f88673a065f384069f1ab0cb1839a832d4ab5e616d201266517ddc48cb313d9300190c7a91bf08

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    100cd5ababa563697673f4dcede14912

    SHA1

    2f50e1df81cefff295111c1082bffef25053164b

    SHA256

    79766a8f49ea50e882ad09c29e910287798470c0a7243eda73563b32ce5d585e

    SHA512

    b5277654f296cc46876809d9b4d89ea328b26a65801c8370567e661fb3d560d1112cbeafb58d3b7bb3b9bb02bd769d8a6c98b773b23b8a4bd5eb8ae1e82d0e63

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5eeaee49b6d8ea399ced886237538209

    SHA1

    845d5ffc5b46b41deb1fd405b2cc54e787b8b051

    SHA256

    fd57ee4d03c257a52c8e3a677a8f26e16d9219a4d1dc97fd064c034646b6a2d4

    SHA512

    ed30b49075a39c6d734e585a3abe804e9ee8d576d69654da93f91a4bd64e1f863ed5d8fd3e55255a21671340d61be5ad7cd8db06392974a75e575008ddf7f45d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    818aa6eb69be07e13e087ab36eb8dc48

    SHA1

    d6302efb68beeed9907050619cd468a491f093af

    SHA256

    53ea64e05750ff0e56b0912e407c32e58524f5259c6d0fcc081707f6368be14a

    SHA512

    1239fd825352d2153de0441716de1a11016ce1d90526be9095791a286dc7b16989e35cc0a55e6872cd75ca3988983902bf131e782664efadeb139fcea43b8308

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fa81b81dc94d949186163b50e488d47c

    SHA1

    59f606c6261bbe9983d678e0fb4c79e0086e55d1

    SHA256

    c69324243f72a796980bfea8d11969eda8039cc5cd69292ca2c8dd9f8ffee658

    SHA512

    17b3f3cb87cdbead91bca1158df42f4b9df5d0f847e0b34f24e1edbacf0e5c93bac34f19786f9a3dd9f244ba30ee783bc19c521eda19ec7aafadfa4815d43bb3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1996d8dd814f9b9af0ee48949de45be7

    SHA1

    c7833c2e20b98876c00ddb6d889d9ebf62eb5eda

    SHA256

    e4ad078725a0a8c822e7dee71bb9f6696e32b665132f2ac2a5a6016064619538

    SHA512

    a92ed248ea647a344c96168f061661c7a9baf480948330e5d45dd86ebb2a0c5dd40aff30467d19054d5290c04007e6b232197d30121da5e889c77a226c62d665

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4241fcf493148d0fbbab1908338a0003

    SHA1

    1d3a4bf19cfbc494a8e2dd71c9e1e35da753bc38

    SHA256

    852d749894b341ddb47223103c6261ad4d13de2dd72aae9c0e2dba7f6eaf4ea3

    SHA512

    12b666cfe30c7600cfe13730dd23c06d666b9a74c14b404ddd75c6d3f2f49b1043ee025152cd9a37a69be5f5e973acb9836fff4a7e5818af2b9401cff0ce8acf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFC9A.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFD0A.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit