Analysis

  • max time kernel
    118s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    24-08-2024 21:37

General

  • Target

    admin/fckeditor/editor/dialog/fck_codes.html

  • Size

    1KB

  • MD5

    2aadf4f941c8795a1a6438830f0b51ac

  • SHA1

    6c9582b5aa4bc6a7a57c4c26d69fcec7cc346e27

  • SHA256

    b5816028b5ed27a1e22b3802e8befb51eab5c9b61d4a3da3c8f84c548d083842

  • SHA512

    83be8423070bc528f765982e22e0e9616a334945e08855dd77d89d624a05991fcd2756ee4665dee00ffe26a8c0a0aba3f9ae4d2f4c3fe1c82005628ce38e57d3

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\admin\fckeditor\editor\dialog\fck_codes.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3056
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3056 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2432

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    96345e3f9a9733884c92af279127a92a

    SHA1

    7b46e0cd54fa955d6978c19883100248e7a41a36

    SHA256

    d684edba8d4508908c8046af46e03dcf85c1a31c9f3307b98a2a6643c4f4c90f

    SHA512

    721ba8737a220b0c1b46b004dc13bc7ee5ba0fc7831925c733e4f52ac648f459e6a965776990958a2dba8cb7c4687194c8a5eaa3085203b626ed515813b3e49c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ef4be7dd3c0a8baa366b2be78aa438f0

    SHA1

    6c11d29ae1e43b3bc6fcce8849ddd36095021a85

    SHA256

    494e3e881e8642e55b431c3d1cc19bd6298827959d673cd7ba2383345ab54fdc

    SHA512

    5932221585c0fa2bf4586ac22df374fd141496677d8874fb9930d89a1811059db6e48a5173632c669fbc74575870ad35fcb85fbc5c03255d34bb4adef04d711b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3faf3003fe427d2ae03c0fd29c27c102

    SHA1

    0ea5f208f2131dce5431d84e9550201f232ea18e

    SHA256

    d9af7691f5b24d55b198056e8d0d2ad2e4e03f13d3e68eb616f50af9cbc5361d

    SHA512

    a8a2e3c769e2396814fdfeebedd8593ffd555b1b2dfa8a0d17f27aa024e6e5434bd3260c01e0c7f3b9dcd45ac9c7081f8146963bcf7c7e9ac442e4997bda7b45

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1725f161cef311a556e3ddb4349836df

    SHA1

    e8ffcc4e315077f83ea7d29b23fb7e06bee82091

    SHA256

    6daf91cd00f404c8d89aa9b14f57239a7dc92f0a50d105f353542299710c4052

    SHA512

    64d58543d152d855f47d22e7f579ad64b369c5a7c2d8580399e6b9d9a1ad5b04d89910425010b535f04b6e4cf4616a4e9d3be56101d29674d7f38639fd7d85d1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    770117a1c72809a5d93f7283da5c3351

    SHA1

    02354742df9d3386b0dbf28a779da5d4299f5cea

    SHA256

    e3078d7f2f22ed828523550c8f20c8fd8f4e3c1f5129a6628ffbe05ac57bd6a1

    SHA512

    d6c95ebe66196a8a07fdb140337b57b16e0990ee7e43738fbb908af89ed1d26a9bf8c033da9bc5ad36099f60cdd6836527480947a995bcbdb8c157b23e5db921

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f040cbb498df7b7ffac376d69f5dd4db

    SHA1

    8c1e12356024423dd310b0dd0e3846e12a9e81f7

    SHA256

    1cab3678a419379b4097fcaca46ed8026ea854ade9804c5a6dd2399a13bd34fb

    SHA512

    3dab1fc2702b5ae6624ad9cf3ee40dfc98f026dfa2982bd3cd9c85811c69ae76a7dd78e4189af22616167338c284497342b2f99584b3869aba24d73fb2860c3e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7420101720d04e868129035e173ff940

    SHA1

    2735d9c35e0c4369855f732a67d3fe421b965cb0

    SHA256

    8dc382d345a41971c4347249e97ce4d9f07c5a7bc84e8ff486b381c5c5432ebd

    SHA512

    378bbbc6058fc4a8dabeeb15fd0a2ef8ae05dbdbc155b1cd84f2b94d358447765fe5acaa56450ec1d9e4c300eeb3926be135fc4340f1d2aea955a7d38160bf2f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d4abda83b23af77854e81fe0a1c423d9

    SHA1

    41ccf31476e8aba267917af17ae5947f7657d3a7

    SHA256

    ed8b613aadf363df8386f3767d63164744b03f53b6209817fd8d5f1f69b7a91c

    SHA512

    0f3dc022d2387c8c0c9ef5d420923310c2f3df5828b4a4382abce538172293516126d6cd3bddc82f056ed158017bff6743508c1d52374a22e07edb5989c526ee

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6b1a2240c870551707126806e227673b

    SHA1

    7116be867e9bbcbf5b4a4f761e2107ebebbf6991

    SHA256

    e4729417e506fd72a80549f6f1693e6e5a7e82fed68b69ec417238637e340246

    SHA512

    2e2af9cee73e21341b1356e08cb647af31b860f12cb2a52ff9b93768b6758e100c57492458ad7a4aaa8a3dd06429ddd35ea02ac82b7381ac76530df258352a0b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5f74d3e4b3654f91014a27f82631c9d0

    SHA1

    71e74578945eb0e7f4683330e503399f408ca528

    SHA256

    fc7e54c4f0f0678e884c3a819d78b2da24e43fc8ddb3027cc48bb3d5b96fab67

    SHA512

    182f77e07f9b463ab6df5907bee9a9c0fdef6a3e5a7353c5ac94c50e01578a9f29fc503dcc6602b06e322b93828fbf1076f41dddd79f5db930e6eb848777a5c6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    92040b06e971059c1dabe867a75bdb95

    SHA1

    ae2e60e1af9b95241ed03f8169ad8738cf7197c1

    SHA256

    a043c7103e11c7d87d3dce941859324d1c6951803dd5920a1898697ac9b103f1

    SHA512

    49ba9a777efedf22adebd1041d790f4ad5c0f2e2899e08571c4d6839f7594e2fcddc722c836354e20b7f9b40648ebfa005fa97db0e0f878903d3370f295c06c2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    61ec5efe120114e77fdd123528edc49d

    SHA1

    1cf4b6bf6bc4cd4dd731dde50fae99cde6236e92

    SHA256

    43c63e2dade1a71559e8bf8284d6e7fb8e0d3a49b46d239c5d90b48e8b475905

    SHA512

    e116f83b37d57663b012ec28d207beffd3b8a90425e5c07637ca94073016ae0c7d8f14727c4c325cd2878b45493f4d8752482734aa1ecef07b634663885d763a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b1466a3a3994dbaa387c6c71f85dad6b

    SHA1

    6c5dffe0327837050503771e17e268d092c28c49

    SHA256

    9b7170a5de1455e70a13da2ef2365ecdaa503b613413ab184353bf222ef106fb

    SHA512

    4e027234d072df21a4f986ab838646e0bc9d35cec388976866226dedf0b57e56ba3a56a587795457ca5a7bca2742ea0a4e32f81a8aba2e670247f5916c31a8af

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b82d5136363cc5ebe198d86d94fa18bb

    SHA1

    08f37b6c78e7ecadc89f97614b4d3162efeaf7ca

    SHA256

    e71b72e4e0bea0b6ad8a021e5b143e98c882ab5c17d99f481a4fd43dd8347f4a

    SHA512

    f0c8bebf68a8fc152636ad183b2a6148bf8315d6fcf95e37c451f3777e92b65e980ad56f28fef89c7c18b8e70d4ae5a6dc48b8ad3a7e44f9742c2568ac528377

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b294b526ce33e7291b206f558946c7c9

    SHA1

    ba4f260eafc3438a1a0431404b89025334496d40

    SHA256

    b71314f6ce6e34ae3e809fe0f76cce04bff2958c0a8a1b94e3493afce5ee2b22

    SHA512

    c8bb248f60fe52ca0e85c823d0f1d14f09e04d35d31fcf3ce0430cea396cdb747b81aa979f9febdd9dc65df747f888f79a4355d92d546374ac7825d39d7f8247

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6530314a0f40e169f5edc76af90e9f3d

    SHA1

    c5d66ebbcc521c4cd18fae31befaf9046880f614

    SHA256

    c423e337af9f3ad54bd35c38addb86af8b38441e8f65323e20ed1e941e5e3513

    SHA512

    74a043985aa9b3c8ebfbeee72a357c8afc68f7384acfb226da3ec6cdc7612d4eb7215f6f7c339c310c48713ff15daffa4793e7a751703a822a319e1b4d6cbfd2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    23c0b03dbea5031a3e9b2d06c41fd095

    SHA1

    68f616eb4498697c15b64e79d5addc92823d52d2

    SHA256

    2ba77916e45e585a30a8796a6a44daeeff04e4b68b17c2c7b7e0de18df33bf00

    SHA512

    20491116f9a8ad00210393a0f9f9d58ca691420ee3a7edafbfd5c9ce72ca508490d26efe928bf694e65cd554b36df66a4bfe972eec9b1bb10f3734b51f812c60

  • C:\Users\Admin\AppData\Local\Temp\CabD1F0.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarD2CF.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b