Overview

overview

10

Static

static

3

c89fb8c0ea...18.exe

windows7-x64

10

c89fb8c0ea...18.exe

windows10-2004-x64

7

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

about1503524378.html

windows7-x64

3

about1503524378.html

windows10-2004-x64

3

blog.html

windows7-x64

3

blog.html

windows10-2004-x64

3

bootstrap.js

windows7-x64

3

bootstrap.js

windows10-2004-x64

3

legalStatus.html

windows7-x64

3

legalStatus.html

windows10-2004-x64

1

relevantSp...y.html

windows7-x64

3

relevantSp...y.html

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    29-08-2024 10:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    blog.html

  • Size

    5KB

  • MD5

    faa1781ef837c6bf4b74f531049babeb

  • SHA1

    cf0c581110090d5cce86ee4e45f6a62f3d26e9a5

  • SHA256

    be87e2620b70d0006d3c3661554a8b6b40bf393573d255646112c6080042e68e

  • SHA512

    f2dfeda11c2d743086f0a0dd4d23de60e0125fec689134fcedf075385d26312c718a5bd3cf729c095e8a874aaf29193484433582ee1362fa8b3e12ba7cf2de9d

  • SSDEEP

    48:bpQ7e4YK6WRuRU7Ht7gtPJbFdB6BYH3mBuUJjLa/uB+9UHuRMB35Isu8D8MFpuOC:KfWWQU7J4hbFdB68qASZ8OJa

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\blog.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2636
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2636 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2888

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f7400c71ae8480f0d021094bb600b571

    SHA1

    20f40131ba6ba913d837ede2700aabcd0a0c67e2

    SHA256

    ca53e457f8e78398c74760f60b3aeffcecd7d8baee31af0a28720898f0b6b4e8

    SHA512

    0cdce12af485b24e2fbf05adfca13406a98e582df72d6ee8deacb180225f1d06b4f7457964d1c2e4dba515a564ee3e3493e43eb8d616900afcdf762d7575d0f6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    349560d4068e8a901b66fdd5d07b276d

    SHA1

    8e9f4d57f7220646555446827e582b6af94c890b

    SHA256

    2b825ba60e86a769240501ca0f1374ee419a8dc7d6ce4e06127eb65286f6760e

    SHA512

    e8630ef9df541623c2ca5f47b28913b4b1c631166e2754eebeadad0cfc916398f3a35d235a510c9078191d9de35814be51b40eda8b2cb18ffd3f7accf1178e95

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a8924589ab16c39686f9cd65ea5b446b

    SHA1

    b29cb7a651d4a60cc393c921e070d4fafd603df9

    SHA256

    19ea1deb10d0711d4c4f02bb65c2134c81d0f4d2f545f931ef0301dd7ee44a25

    SHA512

    a89f4c475f4783f6f6f1105a720fa4dfd9c99a69368e0006f7ad228b919cb1870ba38b2d2f33176a8ab2b8af3735dbcf3770969807ba088de8cc4d18045656f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f6751249ca0dc1b423509fc9a004723d

    SHA1

    0c13a8a777347ebd88cc109c9f6d7019d3b84508

    SHA256

    b26dfb8e639b41e98efadf02b425244f697871ea2385e443e33d3d05551520fc

    SHA512

    bbf0b65efc4a9a3ba864802d0a896022b5d966fa9be4aff552a212111582fda8369d2313d4de995b654a024e146e213b6e6d1bc2785efa9baad71656ae434f6e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d237cab9b79674fc2cfc42dd9f134134

    SHA1

    e0aaa6627b31e4b4e85526ec4221f3b5621d3f44

    SHA256

    1beed8419c590caed5450d3d4ecb60895a8241188bea5b3866aa1b822be2dba1

    SHA512

    d98b79d18bcfaef8f8be0913d5559f5037082d5c97c8fb69138725f371daf92682b1ca7702f976d5b7eb2b024c775ea50c03b3fe48df10ee9c3b21547aab12ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    122ded12c47af6738bb00a5e1c8fbb9f

    SHA1

    04616d14d10d770604487ada5cd8a02a3f05a189

    SHA256

    ce7f4a85bb0d49264a76e41ad8d5fa8858cfaf585535d33a2ea6ea031cbbaf55

    SHA512

    4416bd2f4847f8de014f41e1807397d23800acdb0ee695f1e27fd7a7a9768107853cfa2fe1b161fd2c52528b0bfb24a15a32ce41cb4c13a9b87afd86abf12846

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c24f14202bf64ba9139a97dc12536e64

    SHA1

    4054b39c26ab12eead1d8b002172a272c0475683

    SHA256

    e924cacd842cccc0adf623cd3d43a3cc30511994974f104d4792899bb3e2b146

    SHA512

    8861ae76f86d4bd9cd9f0568e819283ed890309ed81f8df1f259e5130316099d9fb4fa11de2f009906f7628dc6dabc2d8ed12c5663aba982f169883720c923f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    154b9206ff903e015fcbdcd9d0dd14a5

    SHA1

    7b65a756ea44568ddc524d22b0b1c9c17a18586a

    SHA256

    6cc3e7f92705dca1eb3d960b43d4d37815d53012b9415ab76f3242199d08e354

    SHA512

    8eb20befa25abfb8a3caf88b52ab8586d50cc65b68a69ea40d39f82fbde54c9571fc85b23a8fa9c69f3adede77ea5c14c26ee50114e816738293182f93d714fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e35f7b5827fd882c30b0e7cf7a2b8000

    SHA1

    ede66b34dea65a00ee1231fd090b0382d4c0fa95

    SHA256

    f146db5f002ef3ec143a7140a3fb0679dd2d660d8571c10f1f73a10c02224588

    SHA512

    b3cf9df3de46b77b42022c44c35e8261afc6463f8812a3991be5765da91c5d16b7cef9eaea17ee09f3f23b8ce996eeabca13e90b3cb5b3aeee140e9605a7898b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4695.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4698.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit