Overview

overview

7

Static

static

3

b3c2ab438c...18.exe

windows7-x64

7

b3c2ab438c...18.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...er.exe

windows7-x64

3

$PLUGINSDI...er.exe

windows10-2004-x64

3

$PLUGINSDI...ar.exe

windows7-x64

3

$PLUGINSDI...ar.exe

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ne.exe

windows7-x64

7

$PLUGINSDI...ne.exe

windows10-2004-x64

7

AdminWorker.exe

windows7-x64

3

AdminWorker.exe

windows10-2004-x64

3

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

WebInstaller.exe

windows7-x64

6

WebInstaller.exe

windows10-2004-x64

6

WebUpdater.exe

windows7-x64

3

WebUpdater.exe

windows10-2004-x64

3

content/iwa-ovr.js

windows7-x64

3

content/iwa-ovr.js

windows10-2004-x64

3

content/iwinarcade.js

windows7-x64

3

content/iwinarcade.js

windows10-2004-x64

3

content/un...l.html

windows7-x64

3

content/un...l.html

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    21-08-2024 14:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    content/uninstall.html

  • Size

    517B

  • MD5

    129d0a4e13b0bbe1b7d09577dd6bc8d9

  • SHA1

    c72554923635e134de27efb5280108e6b09281b5

  • SHA256

    6cbe1d3f09a8f60f3ed8d44188aec925e597de153b3fdfd3d643be451d7c013a

  • SHA512

    e00537367c27aa0af9625c04990466218a599152122bc7d9af7b766749f6affec127ba190ef025bd8db296ce42a077e99179d2f267cedf0697cb787902a6e306

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\content\uninstall.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    12a9ab52f18dcf4b8a181143c1dbd8d7

    SHA1

    4df6f10c4ad1d6eb452280c4bd4870c96ca574e9

    SHA256

    4db6bdabb193dfade51afda21d2de0c9dd5416eaf08dd4ba8f9d994635cdc498

    SHA512

    e518c21822ed93f9e6baa7372dcb97541f5d489bd8c902750ca7b05eb4debdaa5a85bdef04ccad852839d122b2095fe7853f2c06eefbbf163d929bdba1d84481

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aa9296d7cf8defdbc3c76d555e059631

    SHA1

    18082aa97ca71ce0a797b06fb172bc449ab62010

    SHA256

    424961da19abf691ac4e80dbe95253636117569939b01b558066f566df39b6bd

    SHA512

    860c38238fe959f7d811859dc3c76b7ed047527cb14b120a1d232ce1d8bb427ea525b1f4b8342e7094d4f9788470e38079f7569cf94e1f52b809f4e092d2d750

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    37783ffec7fe1e938331000c1025698d

    SHA1

    3378ef9f4e913d8c281f72b6d5821dcae80e7edb

    SHA256

    6b699e311bac9ea5a6e799a27f9796f579b3d7993d58d2196ad8f9dfb3d5884f

    SHA512

    f82d9fce197409e3d3284836100c2e2f4c2b7ae299791aa237ec6fb1cbef591e80a42c14508972c7974f77b89f0335f721af852bcb500309c4c305a47d5faf59

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    55260070019db6e01af7cf33a2805183

    SHA1

    e263078f37670fd019ad2702bf314a247cc1f5b8

    SHA256

    03d7667a01453887bfb99a9cc17aaf9c8cc467726b907e6f89dbee02e6dd697b

    SHA512

    dce4e9c15a4e0ea76a9193065a9b536ca35bb19a7e3d4174809a518866e2dd21f55011a010aa8aa1b5e279135911c0350052ee48e6514ffa7e13b326848048c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ebe7267c770f9b873180f98731c6fb72

    SHA1

    9488022c094d4c07ba3bad71b931524712f24bca

    SHA256

    46fed6428d49ac125dfe014f5a59490045d69bf8600183e408ad509b63da4413

    SHA512

    feaecaa8f59ef389c5d309d4cfa88c9c02813329edb77a989a058ca5ac223ae33800338195b8bd9547cfb842f3e1d90f7c3050c41afd01671dd25a21f0eb97bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    46648c35f42ea56f812150fe89709aa5

    SHA1

    ccc2cb24740eaca75a4cf105c3ebe84d6d225e3f

    SHA256

    e4e1d99bcb908c5cfe751ea4c81f2ef8d601993706e5be029806ad901f7f216e

    SHA512

    110e32d12f7bcb26d2cccf01917d6f20bdfbd3f0b76b3c62c5af878495dc4d4e5a3f38765a9153eb5e1aa2992d1b3b3c8021ef31059864c3bcca2788350010cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    80337467c39c3fdf26e3cea3b63b8880

    SHA1

    2d18229ef1a938136b96c18cb252af83dd0f64d9

    SHA256

    a3af1b0d034f96913f53f89e537e90a58e889b1c279d7a693c46e53aae60f3d4

    SHA512

    9d5c82ac0018dc383b593fca658819fca7569c11e1707991068da6826441422db66b13d134c828c04be78d86f4779373d60b9ba38398f8dcef4662b1967fb189

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d84f156d4ea3ef6545667aadfe3ecf0

    SHA1

    f35602197158e69b0baea00988e281de2631828b

    SHA256

    619faec5be16c6fe6f33426420c2cc35f3e6551e66add4dd73002e0615224842

    SHA512

    0011df3dc7a3ccdd8abf8aa5dba487b54a36d3bb9948b5dc0218201442570d56ba48b1fb1d113e4aa9109aa0efa81d6038772d1a832405309c39f8776a71d1de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9c9ad6c2a1f6fa90fea6d15aeaef95d0

    SHA1

    1a254dd0d391eae16667eeab91236d65d49058d1

    SHA256

    0e4de4042ef9af54ead6e3f34661a18e01d635428dab91beb9310204e95b4e85

    SHA512

    7cfc89731ac313fe1f3a8db14ef8a387072e497cb18e722f0a094713a2cdab28b1c352d780461279c6ad004a59a60a1be4c400a0f9ad1994efc955a1e3152d81

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2d92213c8da450a7aa82db740b5ebd28

    SHA1

    91a6a35c39c33f074ca3d894005fe44cb8393f1d

    SHA256

    b0017aa13faab27e2a74c32bdd352c7d77ab9afc31a0d104cf50311d8d03dee4

    SHA512

    df9b6923f4d9aa3732b02f4127fc11eebf9431781a44c22235ab98c76c5b4c5f9e39b58a35fe51caf92fb233a2d0220b1562a02a340ba62d78f58420fb4d123a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0bf7c51992b63ed1bcb60e432f353381

    SHA1

    561d8db4d472eb2cde20b32f278fe8e10830d6f7

    SHA256

    5e7847deebe734b9f5fea48daebac7f7d51f1cc1b53d5f41245eee5d8edc680e

    SHA512

    c0a2dd407a2598e5d4fed868e1a063daba4400c229a59321f067c595b13458cfd1a085abbea995468e8a51c1a249c7cd28c9b5af9f68b171fbed409a9d680c1a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8c6a05991a74e04bcc26811e81ae63b7

    SHA1

    2dd2d4843731e49a6782486ca493f8c57e3861e1

    SHA256

    cc4e8e546f78c5c02705a9731919587c42573e0079f20545b53bc31412f8aa36

    SHA512

    01857d5484d2f6393619298d67386b01a0f6614ced3b8ca06d3b6fe469f9271fc4a720dfd7807a812974a593e37a9c1ca2fa86c9b5cf5360bacea05b3dc2fc33

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d1d234265f9daa6820f4ababcf319c42

    SHA1

    232bdf430d2919d05e50c6e606af5dbf309204d8

    SHA256

    dbdcddda06448ed68b93e77d880496423e1fec4c029702d705492993f518ed71

    SHA512

    7c983e0d44d48379a3ce2c73d874c96b515de800f1152137060907f32d503026379dc960101ff9ac7d3366fa876322171991190046d3c631831bc186e7ff09c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c730ca8eed1dd83df16b0a058757af5

    SHA1

    c9a777ae4456b93d012418c4a38fe59ff23fa352

    SHA256

    ea85bd1f80c31a38d65d6bbdab4303cb304bec2f5b514f27a61f50b4a2a2f2ee

    SHA512

    e5eb2a21943ce024b8271b5cb64ddb4341b6c70cd8fcc402133f8ff826bf1b8dac4be491281b422c8b7a8a31736230f65173da732195c5a66697ae81bf37ab40

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    80ea031903aa8509a684b580485de92b

    SHA1

    0c34005bc3a264a3b2f13f69002eef84054ce543

    SHA256

    90ba7249d31c45480392da00d49a7dfb0608d2463b414360946989eb7ed2be14

    SHA512

    5ecfda21ce4df87e3f80b24088d009b638944031b59f0838b6840db79b932e7bc0d79698845ea002fba3c171eb3ecfc1df7c7c6d0860e818c8999a74fb3b6c3c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7db756b759acb90ba2da4532ad891094

    SHA1

    927e83baeee78b7ba01fcf0cfefdf01ad23f6927

    SHA256

    0c8ed482d8ffa6c495afe42dc2d148f9048170a22e5d3c2db4d4267ed77eafa9

    SHA512

    1301aa05979eaee8dc27271e606928692445a1eba891bc49186dc65b62dc07e50fd54d3e283279617f4fcb6f1aabfa3d5d76a3902e97dd5e6aaf5c8ecd8252f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    871a11b54cdde41832d5247f52eb5a3d

    SHA1

    d5a363b6de0a984288ce9bd554920eea231d2b3b

    SHA256

    b65744ba261754660f67e733b4a5ec8772a69b14a45cb4c7df36ebd2812d4b56

    SHA512

    36e6e354b624acc43a55e022c32fdd3a9919f90380184dfbf9420c62ced454e088047b1372ceb246bc546370d9603c1b23ae3207696c7e2ef216008e956c129b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5860.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5863.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit