Overview

overview

10

Static

static

3

c89fb8c0ea...18.exe

windows7-x64

10

c89fb8c0ea...18.exe

windows10-2004-x64

7

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

about1503524378.html

windows7-x64

3

about1503524378.html

windows10-2004-x64

3

blog.html

windows7-x64

3

blog.html

windows10-2004-x64

3

bootstrap.js

windows7-x64

3

bootstrap.js

windows10-2004-x64

3

legalStatus.html

windows7-x64

3

legalStatus.html

windows10-2004-x64

1

relevantSp...y.html

windows7-x64

3

relevantSp...y.html

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    29-08-2024 10:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    about1503524378.html

  • Size

    6KB

  • MD5

    58415977fb6759592e62a665a5537c5a

  • SHA1

    e24e65dc8b66b3ef329812cb09a1ce28c8a1342a

  • SHA256

    18c7a191c6910d201a5f9c26b068d52db7e9a1090bd4be5674ddd2d9328c39cc

  • SHA512

    4393ba5f568fc8dba4b39017d1d1678d0a5fd49cda546d7c0f7fd142177e401da694629ed5ec8ca9526f85e370325232c1613c95decd6156edda349a0a967850

  • SSDEEP

    96:9Daj7Hg5GZzmxfJ1cql798sqiRXdGASMDqTi6EOMpt9aPyXoCdosYZHPYHSpTqBF:9a5Zzm13JlhjqoXkdgqodp2z/5FzpmwW

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\about1503524378.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2500
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2500 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2392

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b498a7d909de83bf738461cddaa5a2c0

    SHA1

    c0fb3d1b21052fff05454fcf572eabfcd29568c6

    SHA256

    6bd5a1cc640911fa6a0a4f5f3436a01b2371db54ced82a48b60e57cdd98d9c1a

    SHA512

    e437226d03ff35617b3f21414397c9ed85f5728db8c127454a6b75e82cf8a7f1eeaec92b39ea3674aea4ccb9e1688db2e8eb455dfdca5f616744b12a1ca0d618

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    da250ab86cb82055a117d05d8d600b37

    SHA1

    510f119d0f3c1c48f54fc6b9500c7d7f84176fe2

    SHA256

    e32d07c48a1b513c3adaecd1c1e26d7cd4fe1ea65ffa14edc97dba61d5a8bd75

    SHA512

    8a1c8080274cd85d32b29c385b4060b324c020135e9d5a018fc15d8d3ee7e02392e43e1ce1e8b348fc6ed393114fd6a2e816d4f117735fb190fdcec799d70195

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    89e8a4a9c306a446481cdfe94c3a5169

    SHA1

    d766beaaf847a51d15253582ea1d5f66024c4d70

    SHA256

    b28e1fa8fa4fa0947e812be9433c6b2d5300143ed1e3cba20d6e7a39eec6a4c3

    SHA512

    7a96b6d8626adcc01a57366daffebaf772e98a5ef6632a042c8ae14054a73029d933a556341b67302785bea6afaf99e6c1a2daacc8d7184ddab89b9669a38b0a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a6b49a3530b086091534bda7b2fe08a

    SHA1

    88d74cde2f23000aed77c986a5063b54e07d7c32

    SHA256

    667c434ff046d5ae02e4bddb3fc45c1b30f2e6fb103d178cb2710578de3294ea

    SHA512

    e19169b1b2cb0983f158c963585aefbc2d148a523390e02220ae5e1a2167fb85438eaeded8c31c98590507d7efb42b3268c298b7da9609abe4108af4b3392cdf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    56506275b0c3a0ae945839703b14209d

    SHA1

    1794de7f6ce1ebab41f68f0039579a30fd749415

    SHA256

    d6b21b49b60af922e037d0d05123196be5888f02cfbfa6cb7238fae3e8648ecd

    SHA512

    e6486e2f968bc40731ce216df9fee447b8e286a9c01991d1ba13ae2bacb045e7327516b0f7c22587ca7c1cab18b9005fe7f25c5f6ecb2e48d978124a09237d44

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd2f8c3de10da083500f4bfbd8ae863e

    SHA1

    5e24fe54c37114ca06dd6580637fd3a37615eb3a

    SHA256

    2930c8f432caa624633631e9fd1929b85fc6240f8d8e2c647cb913fad724ca62

    SHA512

    aa4aa4db9b503a2dc67c438a5f1f63a9ef123b9a05bcc71e7d5aa1ea178ddf86fc2d734fe728ac551df36009073ed6101dd79e0a364111c470b22a7a9d2e2047

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5de79fa9946ca059440d9c4737f37604

    SHA1

    5c506c30954eb278ff4e1fc6514fe57d197ccbc5

    SHA256

    a5e1b87645a1e189679315cfb8b5e6a3900d41b882371269b7a319f2d01e5008

    SHA512

    eb021754129bfd9d96c0bcc15c6599b85a2100c03acbc966bb3df2c4e4a00c8992a624ab3c7f6002895ac0fa49d1c7f8972321af5665b733f78db9f6eda106c2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF598.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFB84.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit