Overview

overview

10

Static

static

3

c89fb8c0ea...18.exe

windows7-x64

10

c89fb8c0ea...18.exe

windows10-2004-x64

7

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

about1503524378.html

windows7-x64

3

about1503524378.html

windows10-2004-x64

3

blog.html

windows7-x64

3

blog.html

windows10-2004-x64

3

bootstrap.js

windows7-x64

3

bootstrap.js

windows10-2004-x64

3

legalStatus.html

windows7-x64

3

legalStatus.html

windows10-2004-x64

1

relevantSp...y.html

windows7-x64

3

relevantSp...y.html

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    29-08-2024 10:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    relevantSpecialty.html

  • Size

    7KB

  • MD5

    cf5d5394fb17549ba347306c9b79949a

  • SHA1

    b8d8db3eedf3da48fa43e92319fb381b044cecc8

  • SHA256

    c3777516aaddeae9112318727a102c19379578e0a5a3802f58012301e662c27c

  • SHA512

    1297b8764c866ce90e8ebe741f85f0f20b19d9b4ea9dcac37a8d535bed1cac63af40926454da19b63a8a689b42f4737b1fbe7dd75e4c74a7e9fc91b23d91556c

  • SSDEEP

    192:I6b5Zzm13A6hjqoXkwISqcIJQUs2LuNQp5pQQmwW:I6dQA6htVUZjmiIF

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\relevantSpecialty.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2604
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    78f8859dade0c706ccda3e738f8daaca

    SHA1

    d9218875e57aa0da728b703acfd1cf5290f7478a

    SHA256

    0fb24cfaa64c5819189af701ee335a5d1b48244035409c0d61cced37df0794d5

    SHA512

    baa59ec427c208f8d8d65c197ff523e1ddb51333b4336c1db1398fa99e4464925f552babaa5564d8d6c678389e43d70888583645f9684945c626211f4e7a93aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bf7eedc7431acf225e3ab28279bce58d

    SHA1

    24ea00957612e23062635142f618418dee4ccf23

    SHA256

    ed00771f89b74e487f1db7b8adfae10e8f00a79c3423af029a3d57b2d50145a1

    SHA512

    f4333f0ed38debbb852b4db458f2f6f441b4e339a5bd8ef9d045f3d88115ba1d1d40899caca385090d2e66833853fd8fa620385d65dc594ebc82f0829c553698

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    096d34131c5494c624a2d067af939405

    SHA1

    76d7f10eadc2a4a3b0d9ac55aa326882a905a77e

    SHA256

    530248fca9ac7528d0418eccce31fdcbcd351c8ba707097597522a0e75caa21c

    SHA512

    000458eaf5711548e57f530a03123b2bfe0ad26b875fe429a1b8286da50be97c137f7f21b5533998a52a9aaa078b9095451ad7660702f3b6fdb9081ead9d125e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    737ec4380a93e9afce31f00529bb2cf9

    SHA1

    ee3918e929fdbcc21dfac0a504b47bc93a31ff38

    SHA256

    2428a787fb28163eaa587a156063090d6f9d47d737a6f5be18b62df25bacb29e

    SHA512

    96bdc77863715c6b3d0afc16032d0ee17da8a6d7e36f4bd58c93b3bc8dd244c3b0e2a519df7b19b119152c1bc61b6103c1a7c8cc20719589ac0a53bf0e62bbdf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bcd72fca559bdad8a8709cd754273b07

    SHA1

    8d4465c8d5033c7ed1173024cf765bbc23f07423

    SHA256

    6998f62d204076ce75f44fc0a4d931cdd76cbb251a12326b38310003a6152b3f

    SHA512

    bc09f71e6a910b58e22abd513655e404fddd25301a16a79f735edab09a25f2074d038b5731b1e4e624dd650e73e5a2c9a94bf258a803a33f37fa05a5aa10b987

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    55b1e2fd518c97da58a33de4e8e5a3f5

    SHA1

    4165a240760e2e334f2411ce36e95c31ec966921

    SHA256

    1d633c530e4575e8992eaefc181fc1d2238a1e4dda5399519ce18aa9b1f14114

    SHA512

    af06c02eb5cde4ede3716ede901177384f56315f520d9b3fb6be1efdf390ee34bb2eb9c38a600c7043875b64cdb8cf81d6517194c3a64a9672a98691266ad7b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab65E7.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6677.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit