Analysis

  • max time kernel
    134s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    25-08-2024 11:09

General

  • Target

    Combo Editor by xRisky v1.0/YouTube.lnk

  • Size

    1KB

  • MD5

    c7056a1f92245eec9e5ca71f406c4811

  • SHA1

    dfd0cf087771943aa92e7e88114e993234425d8b

  • SHA256

    bde117478e44d3aa7d55122cf450f10b5af74cfb4ce82ae4fc6fb7dd414c2469

  • SHA512

    640987725389f98a39892bdb03dbb59f316227b6611c488665f2d166bd8434b34b86ad1d784c9b750e9d57b031ea1c1522be37822111683e2e8762213cfefa2c

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Combo Editor by xRisky v1.0\YouTube.lnk"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1944
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe" "https://goo.gl/u4VrES"
      2⤵
        PID:2832
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2688
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" https://goo.gl/u4VrES
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2992
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2992 CREDAT:275457 /prefetch:2
          3⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2844

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ccbd639c0a9c0575ce7909e2aad162dd

      SHA1

      b5eb8b1826feb60034c5e7bfeffa2408162bbcf4

      SHA256

      07b9d0bcf8f058c4d3db6a60b6fc227b45f514ab1e6627adb5a6b8c075d12115

      SHA512

      888ab260b478a5a6a13723a69f3510c8b5fbf48d626196b17d8c6dfab60de29b283e0e5c0802d194d85391da2101b97221375fdbb3b126554f2e64edd0c64a82

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bedc019f8f756d033000dbc52d8b7ccd

      SHA1

      257b41d5342685fc3f0b664c8e131ec83268059c

      SHA256

      1f2c03300d7f8d0ef89a164383e0ca3eafbf85e71e5a32d8d6d0919f93002cf7

      SHA512

      262adae4b27897bc027fd02410c3deb56906b2245d4050e6c36b3f5e5929f6b6e2009f52f22bcbef75903e4c08d4acb53794ce9dec38fb51b43bf785af99464e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f987ef1583cc2a62e01dfe552b0e6f5f

      SHA1

      a8189db60f2816eb6183d5cd2b50caa0e4b74194

      SHA256

      85695ad1c3ebc0556493908e524437b53695b47babdbd540f0d3046c73405f74

      SHA512

      609097a7c1601fff5b4759f2a8fedec5caf23f208e6b7be0566ba27c840041889a608602d40b78b4acbd93b4a390d0de1dd8e2e9fa89c13c058d20a2c894df65

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      a2ec48b22bc51dde3bc7bca6718f3382

      SHA1

      acf434d573feb741f1d7350334d380a79fac6e37

      SHA256

      0cac85226e336fad001ab12688f892bae7bd94161b0abca0a486296049b7e4bf

      SHA512

      f6b053289a76c940469470eab585f5fde47114babec21b6a2a095d8675140142668d5d04f02ca476730e878e7a53ca80414f78e703be07f5f7684bb427bfc199

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cfbe0871abbe8a4bfe5a1bb8725b2b11

      SHA1

      3d9ffb7e96c911dbb064478b0c9633c049b04509

      SHA256

      e7b91438ba746dbd9286a4f87ea1b56f9ce480a37d7504ac8e58f9daa2966a7b

      SHA512

      435dda742e02407954b0d63fa8020d4299b412ea5997b3174cc6ff27264ee90dec485104066887d20e50bfbf3543bc62747e7599d856f89ccfd24d34d8895632

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e1daf49981abc53c341eac80f19e33f8

      SHA1

      97bf948fe6be4f50ded3f454c3cc65ff89e6fefb

      SHA256

      ed912971619a69677a3e56169502029e9ae8d13154f8f9ede5bfcfcdca528c42

      SHA512

      abf98a966012413763416ae23385e7b568f6cf23d227c683715d9279a6548e409418a06653eb47d7e0d9352bee3fc69a1e72706d7e18aa1184d37368c704a27f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      93c011d09e99f77da366903345f6876f

      SHA1

      3a608930711bb4e7e2bd5aaf22f375b56bc8692f

      SHA256

      35b6a3e4d1f2ea6cc991ab1f09b32fd4ab448dc416586d09c7c924155e8bc2f0

      SHA512

      5304f776804e62de4356815aee440e24b74967623dfcd2bbb62ce72dee44fa6ec7df96430d5bc2bee3bcebc6b45a01c996df8139e91b7f65c3a0d079fb13031a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c525b712a09a282f1141f04c90deb615

      SHA1

      d8679fa3a90db59262d7a903832d61077751c174

      SHA256

      ca229dc288cbae4cc816fdc4761c32ff8ab5c3475e314abbb8d036e99472f99b

      SHA512

      1d57ba58cdfe5cdfe64f74238bd695e5386840d1139fd996819d1eb2801bd0ff23b974dfc945bf07383ac29728658da8866b9fe423e1b9e626e50eef18efe848

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c228a8584fe4f1afa20c4382b326600f

      SHA1

      41f590cb5a32c9451f0624687d0ff1aa18af4023

      SHA256

      77b975331b2fd7daa7b5792241d74fb68cb0d052465340f0601322212985f7d0

      SHA512

      b63630774d8ba3377c8200d747c4cff05b3dfb5ab44623e71cd60506337a92832bd2bd64183c7e260fc27aca81b78f9df4b9f7b611fc03b398e532bf4f019434

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5cac5c29881e90823b190956d5745f7c

      SHA1

      cb05c8e7e18dbf6d8513c3df9edd07795e896a2b

      SHA256

      8073165d388b162aa3436acbc54f0e7589e2c1bd45896f918e37f7f5661c7017

      SHA512

      7f703ace220b8d0a9126273b693e23f8cfd05e8cb6f1557941032925da5de04e28347d6f4427087553517b433d486d304c49d49fcece0dd23ca2403c72bfa76f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bf81e5d43aa01bacb625122a60e751f9

      SHA1

      2b42a6a4620cbc0493292170c78936d9d09323a0

      SHA256

      c3dd70ea490468b02ded3a6f057ed8edfb63a90179304079ffd26645d648b6b2

      SHA512

      38969281770cf397912f40d915515b9a64c0476f6005baa4588f2f960d7db7f3e0ad088c0e938d078389d9dc24a107821552d94a0c8cf9962e580a4edf37ef8a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ef6733ac1700887f38608aadf6530479

      SHA1

      7900d8b7ba1b2f50c857a259203250f00d3491d2

      SHA256

      7890f8b7611e086326cc7f97f998416e5317f5c499b36d336c51956c2cc4f83e

      SHA512

      5e7ccf1bbd5c2c82ae8fa77de0d412ae57611edd7b78347d46b330d09b91795585ea60e3b3bcaf8367605c17537e7feb9fe3a79f6d53d88de4c5d4412c2bf48d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6312925febafd85ca10f28172ce8ce39

      SHA1

      c97e81d4643dcab62de402fc87bcd282eff5c42b

      SHA256

      5a7eda44f0f96123258e6125f291807a6520e208728fffcedab8cb01cf7bfd3c

      SHA512

      8f24e6db38d7baefa9f8caeb53dfecaa0fc8833545bad120f6d3b06aa290f3ee0070b08c68e9d13acf4efb0fb4e9694bb0162fb97408df1f6765c2bce20ae209

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4ab5cf5474527657b8c065ab9039fc82

      SHA1

      309cad19188f6a76c39fbb449048c95ad633d2b0

      SHA256

      4269a4a83724f61ff6c9665d6c2dfa26a51b2ca9f633bd6bff467c9870ba443e

      SHA512

      9ddc50db08d1253d7312be9dc7e5dabbd392c0040bc98fa528132c2e9f9ef99133910d7cfba7aad5e2e4e9b48e1b3e3b5ea56ec47c9bb2188cef4cb6dab44746

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d463d79ac915b1a166dde35b4b4f8127

      SHA1

      5c28cf0649602d407ecf37140ab8a317db530b4d

      SHA256

      971f7a63af46d6875272350a56fb6e691ed9cbc3529f25277b17e56f0f370001

      SHA512

      118ae6ddb49535e93d0b55ce4ef1703413b35a4e12b080fa0ecccd6957705dcf0c99e460294df63c8c0b9a0b991ea0cc1ca0fb92cbb0e5cabfb16ff9f7f3810b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7d54434f209f859bce7a92cfee014088

      SHA1

      0be128cbcaa21fc557b75b93d19e339b336c5ecb

      SHA256

      488502c9f29a6896ed64e650bd75982ce9923ae0363431fddc6277970f7520ad

      SHA512

      83e3d8c04aed05c9f572022070971e5b6d03b59ad6de23ab63c2dcc9bd80eee732b02e6a8398f37bcabaf88bf79a18c717398269f6ba989023f920e5890f3045

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1881099e18a43cc9cad81a82ea14e431

      SHA1

      2e45a1c3b9af24e21aab3ef740d3b79e7304ab02

      SHA256

      7a6dc5c5c7cde2a376da60dc85a6a5804c283aaa09c4ce44050d6a1d06c8fb2b

      SHA512

      46e2d6d41c1d3f4b3542f09c1fab5b8fa80f4d62971423296eb6101b320ed72e75aba7db8b25a6146dfebe0be8831c657700f45a6ecc3b12bfb485869fad14fa

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3a36c9e68ad983f809194c24fee603da

      SHA1

      06ff08937b7fd673065504668f8ba161c03c4bf7

      SHA256

      68832bf6f24d893bc7564f40d167ad362d7575df9d3a9408d83466fc892fa675

      SHA512

      963eda02cd75c01000ca89d24e2a6483970b5e3d3acda962ac3825bfb7245fff570db900e97468b221a27a4ca98c8d920178cfc96bbf7624cf89577d54759cb3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f8afb31f8f58754ef40f8f863dc82e38

      SHA1

      66ab1542ae1edc9aa53b5c76adb5fbda16600871

      SHA256

      fbeef94c053b7d7ce2b5f60f3ab018bea1fab60c90e4a0f65da1f4d9da528247

      SHA512

      aabb23967985fe5f4eeec4b3b33d4e06c488723251459e62c55dfa5f6a68593d3ab7126a1f83c8e410cb8685c0b887aedc6abb6e083211b5ac664b34e0d6e76c

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\0WE921W8\www.youtube[1].xml

      Filesize

      13B

      MD5

      c1ddea3ef6bbef3e7060a1a9ad89e4c5

      SHA1

      35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

      SHA256

      b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

      SHA512

      6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t6u9s4b\imagestore.dat

      Filesize

      1KB

      MD5

      f69bf9ec4ade62622c63fb8ed0639157

      SHA1

      1d415914c07444c1ae2590677f27c1c9941c3a54

      SHA256

      ade3f3f576c0ad779487f57e9866df0008c555bc2b1c0417d4fcdbec3cea99e9

      SHA512

      2be6c95b4a5e572b923e23373ad75cf91176ffaaec5c3663923209fa78909f9ad5dca950b3800a661ef54198c1c29122e122dc142783eb27b20d0898d68e68ed

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q98GZSGI\favicon_32x32[1].png

      Filesize

      1KB

      MD5

      12430f012c4b6b4a91c63cbf1369e1ff

      SHA1

      a8502ade0c47e23230e5da9d5658ec1f1da309d6

      SHA256

      079919e3400ba9bc0d569f5634cc41b2fd1b8e7a721b2b473d21f10fe2fa7f6b

      SHA512

      17b7564088e12cd64ae79e7179ef4b26941370dc442528cb08320fc0d40bec88d2b77124624685acf9ba974467e27a7051703761c6fffe5468c90217cac5a4a6

    • C:\Users\Admin\AppData\Local\Temp\CabC68D.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\TarC68E.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b