Overview

overview

7

Static

static

3

rmaildxp_v...ll.exe

windows7-x64

7

rmaildxp_v...ll.exe

windows10-2004-x64

7

$_14326_/$...st.exe

windows7-x64

3

$_14326_/$...st.exe

windows10-2004-x64

3

$_14326_/B...er.exe

windows7-x64

3

$_14326_/B...er.exe

windows10-2004-x64

3

$_14326_/H...x.html

windows7-x64

3

$_14326_/H...x.html

windows10-2004-x64

1

$_14326_/H...d.html

windows7-x64

3

$_14326_/H...d.html

windows10-2004-x64

3

$_14326_/H...0.html

windows7-x64

3

$_14326_/H...0.html

windows10-2004-x64

3

$_14326_/H...1.html

windows7-x64

3

$_14326_/H...1.html

windows10-2004-x64

3

$_14326_/H...0.html

windows7-x64

3

$_14326_/H...0.html

windows10-2004-x64

3

$_14326_/H...1.html

windows7-x64

3

$_14326_/H...1.html

windows10-2004-x64

3

$_14326_/H...2.html

windows7-x64

3

$_14326_/H...2.html

windows10-2004-x64

1

$_14326_/H...3.html

windows7-x64

3

$_14326_/H...3.html

windows10-2004-x64

3

$_14326_/H...4.html

windows7-x64

3

$_14326_/H...4.html

windows10-2004-x64

3

$_14326_/H...5.html

windows7-x64

3

$_14326_/H...5.html

windows10-2004-x64

3

$_14326_/H...2.html

windows7-x64

3

$_14326_/H...2.html

windows10-2004-x64

3

$_14326_/H...3.html

windows7-x64

3

$_14326_/H...3.html

windows10-2004-x64

3

$_14326_/H...4.html

windows7-x64

3

$_14326_/H...4.html

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    21/08/2024, 12:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $_14326_/Help/advanced.html

  • Size

    13KB

  • MD5

    c1a1e63fd815f24951ee0c3677c2116c

  • SHA1

    1ea584b222d359209dcbc5dae9755dcb534c3abc

  • SHA256

    d664e3ce79957058060fff3652dda6a14856f77cb676cb924ed744f825b4f7dc

  • SHA512

    517c09c5b3bac2366be58f420283d92bdf5ce930f7f824f7f668261cf8603f7c313a30726a24d9be70df84cb173df395c557a94956cdeae48833f1342c1d8cee

  • SSDEEP

    192:ECKK/3YIqdJMaiLy+LwZPJdSOMsHJMJPClT5HTB:QK/IoyxXMCXht

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$_14326_\Help\advanced.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2604
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:316

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    39e9c0e1b50c296892faeb856994b818

    SHA1

    5ebe554cffdeaef9a9ce1eea257b4793da9758e3

    SHA256

    f9f084ada5f9a6dbb7a4c0ce6a4e5fdff5e45e8ac92605819f5f87506e79c562

    SHA512

    055798079a49811addaa9a7d84c4a38a1571e58ec00cd7d1c1d3699d9b844a33976630b5e6f0250d8d82f9c2d42f29c1d0474c90992731ed0fbcccb7ec6908b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    aac27d4d1e6bbe4646b32c11944831dd

    SHA1

    eaaffa8cec8bd95acdefabdfd6ae24e460a20e65

    SHA256

    26d94990b4f8faa66308ed55afe577a83dcae8dfbda7aff35f5476bfbded2e1b

    SHA512

    5c10eb3c32e9abe6468d8adb6a8d99f0dad1c5fead40160512f97c92ec73286ff806d5a2521b0ef5d8aadbaa26d6cf426d2007db205880998006d2b0f5bfd984

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    c2d8195496426a82c9eb2ccefac85d34

    SHA1

    ac0fa0e5265dcfab6faccd1fc4d7f788c24ae846

    SHA256

    efa045ea4af0fa8758f4c4fdc79f21ac054a598bc49d877dd440cef32776e500

    SHA512

    21fb5f3ae631f615f2511738775459a38b3b7ef20715f380a54009c8541284fcc338aff8be034289c781c6862bb2f8dd851b05d9e0a3c85e87ff527f50c6d1a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    68c34c67d892b24a23c98a233193cf82

    SHA1

    fe9179cbe297f9a90bac06ec59899bd25aa15760

    SHA256

    ed96026fc0cfff14d30d2aa31bb88337bcebb212b1b24b38609539e6cf9694ee

    SHA512

    be56f5bd0512dd10f570b5548d4264b50a1115362a9fe3765ce38c448c72d57fda78c512e42bf3aa903b2d2400ccf8c15b652e26a2676a59ba56d51b03f7bd30

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    f097e9ada8bb7eb6124d0fd610912751

    SHA1

    7fa26a575c418dca1be8d0e0a3dcb9f68b1cbbf7

    SHA256

    96324413fc002a12e2d4be90acbc75efa312bc750b1fa7184dffdb152b99b526

    SHA512

    759ca54fed8a33cf3ed90bd6ee8c864af2030e4bc8fbbea4a2b03a66489bb3db1b7f4322307f5f23c3e113302fd088e712684ed3aaf7f0c45460751fe89037df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    36edf818b51871287574d4ec7df37682

    SHA1

    a7fd7a7ec45e428ae846f147cd1b863295493677

    SHA256

    10f318be16d2725da0058f20f788cf1a952b38cd7c7578e7242fb8eeb2091bbe

    SHA512

    153a9746f58b4db23cd46cb241145c4ee58a4ba379204046f0bd22c3039308404d7ac3a6046fc09dc5ced6127b93d1af1e73e3917b115612a9273529e2874206

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF79B.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF869.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit