Analysis

  • max time kernel
    134s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    26-08-2024 06:04

General

  • Target

    sample.html

  • Size

    41KB

  • MD5

    80b76002182eb2ec2fbe93c8e483c751

  • SHA1

    e0cd6f385de169159c9051050dcb4d349556f404

  • SHA256

    396d90cc5e3ee8feee68d391b8fbe49dc0e0ebe7476b1db8a3e7b34257e94762

  • SHA512

    3e5b722ea780c23c9d3e5cda16539cf9019a4285b876135bb72531edc397dbd2e7997054bb37dfc0745583d1500eb630c394d27ecce64df5f01dee51c90609d1

  • SSDEEP

    768:Skmh0OG0m+sTUaJGqgexzBc3Z8vfMS+ppB42iJ+wcaoACx+yGkCUSj+hqkl73y+R:SkmSyQUaJ7XxzBc3Z8vfMS+ppB42iJ+p

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2568
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2568 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1944

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    883ee772f2999ff45782a0851ae89484

    SHA1

    80441afb665ed05d543c3d45c20c246ec99db195

    SHA256

    49a79cf1ee5c7293e5deafd8466626578d8d3280b0725a36b5a90ee1143a3edd

    SHA512

    31c6b083cc8ab5b6eadb5ed82a9f9e20d335c480a98d7f76f09f5e77bf3a95d1df55b4b8fbd3669ab1b8276bb726e19f505897e813bd7aa7d0ef7baa0059a9d6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    94b8912ed6e7f80f7105ad73cb78ffda

    SHA1

    45e7724b489ca314e147369c127fa9b9ed5ee149

    SHA256

    076f776c44433a9aef223a4b77f605b5c1d916596b35f33d31d8da7e4cdd2078

    SHA512

    604c7f4a3f06caf0b0327f8f3bbe19de77b0a4fd17e34ab7880204176ba5e52dd60de34121b4ef0889134d902f1d58daf4cdc0f3bf287cc673dde6c916d00d48

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    96dc300733431591398da5c043587296

    SHA1

    f0e3611977930767c5e022ad39b8033cabf42c60

    SHA256

    9e499130abc98b5af1a46b659f468ba5fa88364547edf5f471da6a444924a1e9

    SHA512

    38ea6bc4f0b8915d862066ce526f55999572677787fb7a58745e1ae814ac5666228bb244ff595ab74fd97ec9a670f1aa271e19aeb3eec527b89fdee0d4c22f0b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9788c84d33cd2b4ffa513aee1ecc6107

    SHA1

    e72f8febbda8cdb003e1d5d00465abcb95a51dfe

    SHA256

    a3c13d046efb78a639c8a988436ff903932da97617020ceb5a21e264049c19fe

    SHA512

    968ba15d80174a06b77a5064933bf34bb5577278523c0ff179d6b06f1fc0207746e5245337472282cd22468999234342d116e89201acce3f3a6dea542c7fba06

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1a96933695d65ddd3dd7b71414745d5a

    SHA1

    91af6e8bd9cbd1ccebe4c0d5c94a18d9c31ef53d

    SHA256

    6b476f79ff421f3690731d5f87d5904137946437d860e400381492f95c74e6c7

    SHA512

    4fe34be791e5438ccdaaf270da469af5b897b6ff4e386ff3f595c88eadb6c1be4699b280f71f434aeb9ab6ea0d1d0bffaaf7ed663806ae239284e78639d6524f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fb395879fed861fc03208c065fb0831f

    SHA1

    669fd1b2110a59671a06346de76c2d0b83e252cd

    SHA256

    c69d7990c7a32bce144f7895d67e7ecfad1a2e5b1054a7cb698f8761466aeea8

    SHA512

    b1a7cbe60d7c64d3a824e9c87201431b9332cd37977a9348c29fdc1c72fab98ebfb534736dadc80270494ce340f814ed71340b2614615fdbeb223225eae02227

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    aba183c7351731238d6a50354c2f5a60

    SHA1

    b8e4a0e0627a93a8d703610b0d3e445318fdfb89

    SHA256

    4c33b30a0f323cdf778bb53ffcd4db6194005f6dbe3fd63f2dd412653812e62e

    SHA512

    5f83b49e1f79ed5928c28ad4affd29f21cb24056cf648eb08a852a147a49d1a2b8e711e552d2cabd9a9dee8af57514bfa7f33b5f6ecb4c5c104594ac7ba68274

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    addecc82eda23025448e8b3616789669

    SHA1

    066d2ec2dd7d7616b625841f8a3bb8fe5387eba0

    SHA256

    3a63bc15a0cf1e4f318959e5f5f205713cb48ae7dec297dcdf0f6519fe4771e3

    SHA512

    563600b526619ffe2c3c695ef01280dc55e67add9fd350a10694e34db1e3ea7d36b261b75ff296f818dd6184ae932329861c731ed8c4ff7a6d6839e4af8d3b8c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8e20d848647609c48336b62d515ed019

    SHA1

    58c207b378c75bcae6f341398d7651e96d313086

    SHA256

    18a94275be404b15d61eaf10dc9b97420ad5ffac9c50639037e20bb3e8cb9999

    SHA512

    e536bd5c6195c4531fab7d0e5fb83dfc54dc2dc34122632c546238770910d866382115c7ce8039a05d021f245ef3312ab1da9f70167cb99276f6bc7b0c74d9d4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5d6b11f390199c5df40473eb48d1fa66

    SHA1

    0f6d8cf728cdd532e343264ed76deec77817feed

    SHA256

    5ade9097a22e85af3b67078892e005cc7a1f156803e4ff2fb02988d93da33fd6

    SHA512

    b642360f945e76d6e81609396329afc9806e214d0ad2b36308531aee13028ea9bfa596cb9cd3d5c7c0eac2d66711a433c9bf05010e67d07436c0774b83a1dd3e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6eeb8c634d3c3254309cdb70dee07dc1

    SHA1

    75f6c25f0e5ded9580c4c1650a380c5bc3b99745

    SHA256

    8402753200c56a0a7019ee07bf948bbaddca0ffe836e98489e9646733a88f943

    SHA512

    a2d9772586c0f3d3fc86beff2c112dbf5c5f39edbfa6c04371ef22bbc03f5b9481f40da087e3e7ca329164be84bdde903543aa26a168054d14ba6ff676b66d09

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    860f2f5a4c3dd9c04e1481af6cbb1854

    SHA1

    4bb85439cfbee5c0eb06f31c9e4e657db35e3dc0

    SHA256

    5208ca086338b09951c715ddf9d210ad48d5111a1ba91ff10fc9ab62ce34a0b7

    SHA512

    4baa83199282a9617e39dc6bdd7f8472fbf932fc08ab6953976bfb0f9d3b10afe9e40575882a9765694a35e46ccb6040c93c3f0c0cc2fa1b2e71b224a5aeb99a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1a4e2af16b835c3e2eb09308bac113a6

    SHA1

    ba66eedccc00ca713a95b8ad2bde5b87223492b9

    SHA256

    d4fbf69fa265cfbe488f1efd88b5c0a9f9e48944197562e1cd8dc86dafc4c239

    SHA512

    2fda0624a3c547ea1fc5e70051fee788751cca36c6411d4b2cadbbb65526251e68e90c7458e18a4699fe77b5ef22fd8b9cb4faae16e66ebc2169637bcb469c74

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5896eed6d7cacfa5b5ff95864e9925d2

    SHA1

    06d4065ca2c4900897937a0d733eda93630ed2f3

    SHA256

    c33e7ac5d2f4198b30a5ffefce8b6d8039373d82dbf5b4bfa42dbea532b3326f

    SHA512

    0842ff5e3ad8107153a7fa1a813afa757c7554532591470321b9e665ddeb804ccef8f3b8a76e851353625e6b9aeb853152f53148ae625babddd2887a152acbcc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e76918d7fda3d3c66a5150d9751008c1

    SHA1

    3273d46f22118ad0ae02487dd3c7922d0d0304b1

    SHA256

    571652bf552de4621702b31dee7df334b7024cd0f9b9078ee97bcf0967d2bcd6

    SHA512

    b8f8dfacc98524a8519d752b1f4f86986accd82db1de62c048d6770ddf9808b515e819c2761d8ee87a80b336f6c56f56bb50ecae8ad52e2c9cc8af2b16da698e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fc8753052f5a8351aa3ed54498a62ea4

    SHA1

    41763d8155be0a24bc707d6bb16d500ccf818eb0

    SHA256

    7aca0e5cedb94d3f1a7feced5157dd4d3e5b43473d4f817ecb63cab145b31822

    SHA512

    b325e8ab8de679fa22003e00f06cb719aeacccf055eee9464f7357598fd548f688c828643b6568a6afc303e3e60dcff6514c9eb52cc3ef46b356e438acae9cbc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    59ab9781de0855f6e8a3184dc5ea2e03

    SHA1

    88dcc41b5a4bc10fd7f841de21ff6571c02aa1ce

    SHA256

    c73176a818739b7c088412dbf53f482b9813ac501795c04b8775c03207af00df

    SHA512

    d217b4fd5ab5555bf2a0b4db6d0eb38cc562787b2fa1614729cd5d2b7983303b9f274818a698f77a73c99e4ac33ba16622f1252a09672867d8ff7c32c0f651db

  • C:\Users\Admin\AppData\Local\Temp\CabEFFB.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarEFFE.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b