Analysis

  • max time kernel
    117s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    31-08-2024 19:11

General

  • Target

    hubotio-hubot-b50c39c/docs/index.html

  • Size

    3KB

  • MD5

    16fc12cdd553a4007167192dc7ad31f9

  • SHA1

    7db5da93c999833b4ea3278b6c4bd24608541fd2

  • SHA256

    9708bbb1bb6d8c4697a07222a0a0e2edccedaf0040e52765314fd8ee3275c7f9

  • SHA512

    3fc321d6df806a162048134f8a42456e5c0b1b74451d5d4ddbc4bf9fabe8c62c9165c5aae41c6c0b5eb2928550dd30bf171687dce8aba143733b5eb5b7f660d7

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\hubotio-hubot-b50c39c\docs\index.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1944
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1944 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    805e93c0d5f717e5948604218e8a1e10

    SHA1

    4c028719a8c8a18782d6e0280c146948bb14a7fd

    SHA256

    cfd677790d91f7bdedc3859e486e19a7ab7051e3afcb1fe03efe146de07e6258

    SHA512

    832bd26ea3333b44b05c32d322fafbc9815dce420501ee8eb37c8107204720e238ea646654c520f58fe3edbf311bb1d3821a21f2555beca5e9971c43d14381ef

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    cf1564762288100fe526dd71ad947dff

    SHA1

    6bd56a816b7eb03d41c39f0c3a3e2d8faa3477b6

    SHA256

    333137b45e864c8daa5d0d8208b6caded56d0d93bcbba2dae5077649f859e4ca

    SHA512

    154d565c5e6343a0ac73f1f1c0d3ec7992828a07b2a53dd1452a1c3b0070d517eb93d2931ccbc0df4a7bf063a059b59925738d60af965a7576feaa771dfbf90c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    59703a87259d8a4e43d7d45f8ae64981

    SHA1

    4a91314e760f0ed3ba8c6f59f4a9fba5273859b5

    SHA256

    77d53b0f5724a502998fd56884610b38fb062c5f525a46c3b5f052728974b344

    SHA512

    822997741f8f7f72d689d04cc3919c1ac22ca0197d1fd427899fff029343eba33d318b233e41bfa9b61c9d100b3ef56c35a58e79302408b57a9f61a2c1986377

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    8eefb86089d1f8f1c245507c67c94fe0

    SHA1

    a6f590a4313f2436b9bcb3a75038fd367b1ee124

    SHA256

    e53b8c35a84e6450aca7fd5d5244d1aa7f15c8137575173f0c97008c69ee1e0d

    SHA512

    f6d76a3e0d4d8f1f9ddc1f0d9241e891dabe5b0148c889c0f7270f494d90928157ec70b78a8ab7c22661333ada878c1e0d8a2e3a029e1a831521cf4b308b8634

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    c0c2547bd09fdc8cd1e66444068fd062

    SHA1

    c8b8012010c0f1d68833b8e42bb2dce00801d8ed

    SHA256

    c3f0c2b7887e98859c6c75d341ed2a12838a992d3c8e0eaebf7bd82dddced0db

    SHA512

    1520b437d7a0515e55850855b4c9563c2b78f3b7cb5efd790d57055619f320e8867e567f66716f31178d207fad2e52277c2dd5fab3fdab38d2da04d341bb11b0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    a0caa209d11e5eb0adab13315c973422

    SHA1

    447a99d4332ff63f28d8251f7f040a263ecc704d

    SHA256

    e8172b04dbf8ca2db3eefe056d5a3b93c0c6f499fb64a624fd100fd828a64052

    SHA512

    4882cf09d084a9584fcae09ad767ecae2aa08266614b43c8adc3ac7607b3f5c060af95a497e8d0b2a268b4431c597c513fb8b51cd1860eb8197106c5e27ecc3d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    88083ce1b50115b6561a4a7f6fc21b58

    SHA1

    c079e970fd6482d0e5c69c6fd79f01682a985a9f

    SHA256

    7a7dfe2edf448524790aee8a13859c1e9dd06eeab6bbd333edab9ef5e8c4986e

    SHA512

    ecc303818836bfc6b5e7fb7c6e24e6c4a79d546c407c3dc177b9870c90454f744ed348b49849c029a77172111bd950b6a5ff6275dd629cec6cc16f63f47a1577

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    90b7694c8faef7c1f21a5d781ba79fd3

    SHA1

    badbd016de1ad6512e9328dd375c266491f4b30b

    SHA256

    31b756f7e11597d1fa315e76c5331cd8c3da3e0d7401212174dc5abe38e0ef7c

    SHA512

    6a92c2d1ec1f547fa65d1f4c55531672095963af8aa3a08271f206defaa202bfd69283d2d464bbb96db754606dbc3cf577a6ba5fefc07b60f6538df9dc801b88

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    b399627a910ad29e2fe73ff87944919e

    SHA1

    e648a9ba33e988232a73f246efb5d7b2fe14edf8

    SHA256

    a96a17b96ee5e8f4be38b85da37fac4d9a8221156c9b91156b7e3b29db94c7fd

    SHA512

    6d53817876e778364e6a8649e6c8d188873c74a1f6dd2c48f93557e7aad10915a72b1735867dd3c30da57c243207a50cab71f01b7b416604e8c585dbda115ff0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    b24c5247e298c3552c02fcb8f0613e6a

    SHA1

    eb00349dee4328736a311f4d2e248b41f2695976

    SHA256

    c3814dfe8e30cf19d9ad8940e6a43b88778264f2c70c49a17f0869e268d72408

    SHA512

    48638bc88ac74bd9aea0d9eaed8e9df91297f2e1f986e21546e73d86fab252d37ae3fc0ab20561b8aeaed11f747bb2e036c26d6f315e9707a8dab6d07b416ef5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    b2a89b6accdc70c4d6db49eb2770ad02

    SHA1

    20fc4e87b3be30ebb8960531e21c62c066541f2d

    SHA256

    7271caa4cedcbafaee67ae97be19393c1a7df95eee26606e652009996de8e005

    SHA512

    e4cd5d52d27eb2699ee8574c7da8777827eb456386b237006bf1feadf0d48aac22a424747176370ebf7a46fbbc4375d5be91353a127d8a60006b7fcc58fb72f1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    67c031a5d9f00c271c1961c8299568f4

    SHA1

    9cb2b9b8623cbbbbb456882038343d3969e5d956

    SHA256

    476d5dae00305c7b2c1608d0c6f9f78b47aa7768f732a5a219b3d04f42e4d85e

    SHA512

    d8d3ac77b9fcab4ebba2f2639b6afa81d5b0d3d575c24726c8ff8beccd38532e03bb39c2ee337db7f6d4e97b4b9f248b0cadb95d1571a875856a031c64d1d1f5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    e74642b40d4512a60b4d94d2033dc75d

    SHA1

    7dff55a29b4a370073f3bba7dfa431b4a1603031

    SHA256

    68f24f9bd38921ad10ab2f85eb5fdb2bdb12c51ac7c81bc3831c9a18f85cd7f6

    SHA512

    fb85970e6df97038eb1cd38b79cf9ee468ffe72234f2cd06d5603e8c0cd9d12015febd99288dcf0d3d071fe271ea7a0e913d62073ecce1fd47daf4cca5e80822

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    eae2f449df666a54873e3cf1b7a5f28a

    SHA1

    2eed9e7c422d36a70c65b73d8bbab9c1fce6673b

    SHA256

    6516b5339a18e0ece055913f2fdd663319cebd37d8914e87fbb39ec279956d45

    SHA512

    872b15246d2e22bc0d4febed2d831d2d61d0d07238aa84ceda9bfd2f00a7e4db12aedb8b5306ae594cf1f128573aa3b11c4ca0e2f2fedda838f3f57efd38f91a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    47608ed26caaac55299cc1e992e2def6

    SHA1

    0b896110969965e30e60b0b85f306e8e700bc7be

    SHA256

    1dde5436a748b7626e70c669648a14fb6578ea95e37203414ba2d13675ecedef

    SHA512

    6150489d3e17a129e37883868dbe62057c6ad537f1166af0c4525ca7a75e8a7412f277859450a19221afae501ba5fe8d1fcf956140d4b2520fea10bb2da781a7

  • C:\Users\Admin\AppData\Local\Temp\Cab1873.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar1896.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b