Analysis

  • max time kernel
    135s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    21-08-2024 12:10

General

  • Target

    $_14326_/Help/help13.html

  • Size

    5KB

  • MD5

    e4224e4700374ab4c6a4fa45b9d337bb

  • SHA1

    5db8d1631053fdd1968e57be114d30e6e24efa58

  • SHA256

    75233e5e652d4d8be6a87928008d14f98d4321b6dee06447daec36d5be0a8397

  • SHA512

    dc5cef565c110e83ed779434074c5a89c724e9b7580f7b468d07827762734ba10bb3578db5c557e6af24ac7cfe5af7e9e5c8a4bdfbd91aaa6bf5c3c18c261e00

  • SSDEEP

    96:IPHCirLtXL9q9uBFh7gj8qQzP5e5c4i8pORpB2qQzNAQz6eAQzUeAc1MPyCJy:EhL9qYz1gj5aP5e5cXaaaUaUTc1B

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$_14326_\Help\help13.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2764
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2688

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    83047dcebf3d9713d67d95d8d3a956f3

    SHA1

    711ee7e390fc27aaa732f1b5e48d3f86351dcbc3

    SHA256

    c19e58889a48818fbf5096b3af6d31580b074370dd8c5a529e5474c54df0afa9

    SHA512

    0fe01851df22d0fdef33fcf0481454b0c91830d2b8852ee9f813561395f84c0c855777f7a4c00827a1aa27591db128cc09a8b6cc55aa5d0679cdf51b733f0829

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0ee5057da8ab173df345fc43e0f656d9

    SHA1

    b303bbe47f40310d69d8a74a7ff515c0b8ed4fcc

    SHA256

    88bfa9dd2f777717e9de1cf1d1633ce56a77d836497992b3475cd7827c72def3

    SHA512

    9bd19dc9e2ae94f28b3a3a832a4a126b1e66908f2e31c6ce9822e5cad443ff169601f62b293df580a141878ae9875d868659d228ea1e091085afc14d4892276d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    24769e7107fb24d6a206ddaf2fecb1f4

    SHA1

    4807a1cfdb4e71278884a7914e272cdb2137c17d

    SHA256

    713d6eaaa4a1cfc70e4ddaa8c2b50682cafa5a562b63982ffb809d8a2b03f6de

    SHA512

    10e2ff81de0413e98fcbfcbeb3a4f9ee280b3673402e6fd31e11e07bc2bb358c97ca793a33e51452bc63203082549efe9e1c92c0b2aaf85ab8aa4593c8e1b2d3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    357efe3a9435371d59b0331d355c4b1d

    SHA1

    936631c11cfdc61d5824f895c307e25609bc7b6d

    SHA256

    fa9ea377e3cfde6cb60d73070b8459c9ef58a0f1ed7370b2d737451976873750

    SHA512

    4d5bc1aad6e07f8b28c8d9daf76bc84323980821688a85a29e5c5a05b1b659f2776f78ab6b9b15f01c88f003503265704c5ef656c3921d8b55881bbabb42e8b7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5a3130c12a733fbf6540514e6debe0ea

    SHA1

    4ceb88a4e39ff2ed6a273985016b4f7e62a79bd7

    SHA256

    d11fba98a164ef615ab6a67d932ce924936050a3445187e4beb3d43dd2695f18

    SHA512

    9ac31666ffd4890009f78a07d2f51483463d6758743c2039a95171f725f86d2c82bc1d00288fbdec70dffa99c9bf6f1b383b00e27a63a8889a4321c981e7909c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    825bb06df47ede13cf907f883b3268e9

    SHA1

    572c6510614493e6e9487fa4e27cf75178153db8

    SHA256

    8df1c7809f265b01e9f4c5d5f11b2974e6fde6daba3443c78b403c50f0f81480

    SHA512

    c9286d6dab78033de75d010f04b804d6e46552012420e1e3628afb6a6677a27988f0479919ed68ed9bb3fff9be37b57254381066100069d4eebe6c37b77a3575

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5e756ffbb037d2a93c0d9cb7e59bb5a5

    SHA1

    6800b7188d86a3e5de9d1fa9fee73c3f62b47cfa

    SHA256

    c08fb5e212824c6ba463ffdcd0cdb0554f155b7e3678be36defa5180e176ad31

    SHA512

    06ea8c802f73884e4cd04df8d6da357cdb6f7d58c9f8163aefa7399727509c17b2fd152f475ede6d92a5a72e67fda36609993a6958cabd374eadfce543d16a26

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1e958cd4a70d9961ac4364e78ac81235

    SHA1

    e12f192cc0ce37c24bc376e0144799cc75612b20

    SHA256

    34b6dc6439f9fedd75de210559e288f8ebb35309dd4c3f156755c24cd7775072

    SHA512

    d533e1a7e2248aba426c62e1896afec6d9bf7696f26052ee2c38cd1f5e82f9ea5ae69a8b38ed1dfd15b9de61074c705b67328283ff37e42062a8b374e7d452e4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    838028f345ef8d4f9cc123f99d070def

    SHA1

    63718d7842854ba127c8070805bfc24843270bb3

    SHA256

    e9199714bbebf6a919bf1f0873a51008f88543783aa094ab14d7e8803c13fb35

    SHA512

    b70c5e97414ed5ba9619a209ba464998b01da5d4c6fc19e71e9bfd178f7a34b8f2af63f073e770c434a3fe16d738aa1824606922a273573469e77295d2dff435

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0a49f2babe67f3cab0f22f6d3498af1a

    SHA1

    d091136fbbeff1670f490d66195cec7c4751e705

    SHA256

    6530700cf4c980548279f3e17d1a320ccfe1cd7f0e7f650e78a93e8e420a0489

    SHA512

    97024f632a327a159ddffc2e7437f2b4d5226ec5b7d9fae38ea5ebbcc23b79d6046160e2076fe6f8bed7c96887275d8a61e13255042b8428e4480315a0269fce

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4b326cc5251ae648b46a5d3c616adac0

    SHA1

    58b838a5cc4e0c37609179f89563b1f8923616a0

    SHA256

    b2176f547146d1d6f7235b09fd92aaee06715aad9eac26644622205858e85c6f

    SHA512

    d559d230fdaee16c9c7d6ccd5d79ca87ff9c2861710383e19374ae49e885537d9defacbc4b7f2dd2eb77785287b442e02e91751d6ca5482e9e4807eaf1ef6412

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    544cfc912477e5b9f557a49b8372097a

    SHA1

    7256393257436609d91a2392a8ce44f97227f53c

    SHA256

    f15fe77c2ffc129c6ba13923741fcf1f2a187c05590b4b3cc4103a872ebd8123

    SHA512

    4e831563aed326aab8d530c7d8cac3f74fcdf4f3cd8f7b47f8bb3de8ad4c5611d98fb71c38a5523869af73aea6fc4b51ed1580fa9e2f7c2b0e12fbab2a44d547

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    608537ce3075e921373f3bacc6192294

    SHA1

    1749979173c95d0c88ccdd00cf133f62f53217f7

    SHA256

    fcd3c41fc711837a5b2ce22d4674912079bbd55c7a0b4506f60d08177dba122f

    SHA512

    6bf408904e81b223244e3df65319c8120d58fcc06df4fa42131f6b440c612ea117922544c9b0e7e1b2280f29f86a7fd0350fa004d1a1a47a9a22c928fbd19a44

  • C:\Users\Admin\AppData\Local\Temp\Cab449F.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar4521.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b