Analysis

  • max time kernel
    134s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    31-08-2024 19:11

General

  • Target

    hubotio-hubot-b50c39c/docs/layouts/docs.html

  • Size

    4KB

  • MD5

    85d1ba2ea2357103f3e3814ca2dc74e3

  • SHA1

    ac2394e356130c6b14d50ac0f2af2f2cd707e3d1

  • SHA256

    b0069e743cc5f5448dbce1ff5f5418b71276c347a3e38cb50e0c54c7c8608899

  • SHA512

    3cdc5cb8bdca5ccf041f8c51eec76dd472a7bfe3e52ad2f3c0c448a1b0a36141500ac6e878e1b092b6b11c4bc61fcca4b6123a2dd6198b579a860d3ac14ab0de

  • SSDEEP

    48:DPUtlrbHpbY0XKbuLXvD2xNXRjD1XSDoXGDDXnu2+T/pCqyMihmFfBeY:4Dd5LXvWFR3dSKeLn0BC9MamFn

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\hubotio-hubot-b50c39c\docs\layouts\docs.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2528
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2528 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2016

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5fd7145aa8596f448fa2f31fb9eef9b6

    SHA1

    b74a05866f957ef6db76a64d1dd0aa6b01070281

    SHA256

    7d36be41e420e7f87a9401aca7cb024a76ca47012a9ae425cf1afd8e97084d94

    SHA512

    44c468127e50c0cdd3850c114d40eca176a08230ecdc19f13e67709ff077502f93c6649f090bc634f5901f9d1bec04cb9d7623e51e616ef158ae35cd603e5b67

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7b998f9e59d1c99d8da227f88ed7ce7e

    SHA1

    fa164bc58d64342705de020856f36a554385587b

    SHA256

    cf6058765d68a7f316a4f88858656843a96519e99f84076a8e015715d7a6eab1

    SHA512

    646ebe8530442fa6c800f594915c64b8310bb14babd377b6f22c1fec45d83416eaa7224e2f8c0a9c1fb2e67249f338d4ba75b6acbc04314d6825fb80168dbc14

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9f4719ace3da910ed5f3916fffaed6d1

    SHA1

    fa59e733ac395cdb10ab589027b018638b46e285

    SHA256

    b861abb3ba07a7b4ae5773a775d4971689d2ad11ee0fb1acdf48c0c37f103026

    SHA512

    45664d53156ffbe37d318b173712801d8abfb0508d62a1740ba534f49219c5fcf5d798104c8a00ef101ce6e7d2b40be25b0b75467a27de6953ef0f4a19fbdd85

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    984ff9c802da6064b36d2aa3ab3a2b45

    SHA1

    18814569a4cf5945a360e48bc1ee4a3447ceabe0

    SHA256

    565eb0f90c11d565117a1fcf53cec5ba454e48723da3cbabd81d0a40d08aabd1

    SHA512

    fe1264913eee7d20f2f56663de8d18cd6abfadc14b75aa6c23d074cfdd87c4c767ae30176f7c4a57afdc4ced3c13c277612a88ddf9055f14d2ef73e68ddba6a5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    85bda70720dae95c35ff44b96ee1f026

    SHA1

    f4ce0b446c95696acf8a816dd1acad4cd0fc21ca

    SHA256

    e138497eb7129ec8269e0792759f527ad840f24a005bf5d704f4e882957cd397

    SHA512

    5d2a0f320e71d411d6db8d5da06d66e6f801e63ba0470bc5be7e0a1b2e1a297dc49fde2fed10c89740d51c7bed786d16e632c17c3a33eec7a1cec1577c5b05dd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    404add157d5f628265b6ae49eabc6a37

    SHA1

    0b8da4b40881505c5a9b76b7589a4f76c2226573

    SHA256

    acea4e62e315cdb311a7102cbb6f13a750e2bb0742cfb0ae8d1dcf3811abab82

    SHA512

    a174b6cf2c5486d2d2fa67edd37406f5247e2c3d55a5ae6b0b392394f2f6e1270f934f51d2b023b7dfb87118e1f77dd26f19878612d42722157a62f5ef755a3f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    abbd71bb96e0e0b0ffc0dca2fdbe3d6b

    SHA1

    55e5ee1ac0d3dacb38370f17f472399800434582

    SHA256

    f0a837b4503822eea2ede6daba1f7ec4c1200e77984974cb503ad90eab9aad4c

    SHA512

    8b0f4b2ad31ce7a4064ecddc59faa0a095e6a9f7f41c0d69bd450353325f9e58b3044fadb93fcb5dc573dd1670bb5f925a60917bfda4277dd334a0e414bb3f04

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b29f2ed46a21dd9fe1ac6a420ca0cc43

    SHA1

    ccf90ff104fb67703a8919efadcd55be0e9f71e8

    SHA256

    0f188c39aae162e475efd41b5182fc596b0e6d2287bb4c89eda77013448bef6b

    SHA512

    d91cd944c7e9d19f2e48d7e0a4c021d7c716048b2c7ffb56558c66f4f555a1fe92af15481e22864c6b4e55cf7281da3b28c092e4a5ad5a7867c88e8ce87c701a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    355c1a81c70e4b64f68d05a8984c4f48

    SHA1

    5e286cc7043d570bb6a0735b22a51405f54bb70e

    SHA256

    74c3de00f30f30c01ee92204aa098a80e849b42e82370a94972a824ab8dfa91a

    SHA512

    7d37b83b82d3612eb0e419e736709abb646207f50b7ef92226092e70d0c4ad55130f3cd02a93df5786e4d66527aec0151fc1a897b97223af74587f64919e098f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    229072a09b01c07c3c8888e00a3861f8

    SHA1

    c48ef26d885867c700408c1855e0bbf75ebb7beb

    SHA256

    1e6a16226d000d4a5527eb52c7c8338087cf452819de534b94c5648cc0c4b4e5

    SHA512

    9714a2d10d732b36c867db947da0b7b1ced84d5fc132aec4656a65bda409ca67e854a2229ba3f45cf6841f1c8f86e7d9476fc07030f6adee62fc3c77c88a70d6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c4fae84a202def9357ce5ad2a037cc7d

    SHA1

    78fac208f491b29b3c0bd9f3f1fd055e3155ea3e

    SHA256

    9b286fae8af316555748a432cde5bef3f5f2d329db8218a90f5ca58435803d67

    SHA512

    d08c21cd5356cf0b3f5062ff22ad79a626727430d05724581ba1955ebe31e1c4d6ffe6f7e19c0d58041e994e1b95c453c00666b738cc07f1b1d33f6f7de78897

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b018785a3c31fb9d08d02ad402a03d56

    SHA1

    2886b9309d2acd53b8824464301b97d1caf0ee83

    SHA256

    a36b6f931ef73a4c64857de26acc08ab3cdb90fe7b957f58066a505bf75c96f0

    SHA512

    7e885c52dead3529efe59da77a1028d597d12ee480dcd4d875cb8682d18a5562229d57d5d1cf2298a506cb2762df10b1fb41b2ca5dae0b4888123cbc3b36f434

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8296b7b0f37940aa734561ea9c93de0c

    SHA1

    6c5608949771c93b3688ade5904fce17ec26e702

    SHA256

    c49ff564d8bbb4b6b9b139250e9828d0e4acb140c75eecf6005a9b375b054843

    SHA512

    131dec98ef278c1d7b3510cbb0d165f1f2ae33f93469fdc22ff39c532df3238bc04b82b1df191aa1361ba16eacae36e4bafb0b936e1f48f877be8b75f9524a20

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ded3c7bf148b8819fc38be6f81922a26

    SHA1

    220f102ffb0b2d6fd54826074ffca5aa5b01dfa3

    SHA256

    d03a28ea9656940440701a1dd7203ad9801275ac8b7b6b73a0c0a2d2a679f965

    SHA512

    b52859caf9d76fb1562f0a8b19bf11a59a45dd4fa40f84db3ee55f183083f763318ec42e36787245c5c7db607b0fa6a281d5a00ec8b4fc3fdeebe07a7c4d7818

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    500996feee0fb07d779dc010ed2cbbe6

    SHA1

    502aac7a393b98152cdd14d6ce8cfce72a019859

    SHA256

    da548adf7f3b30fbb552686d996ce406e8e669ca7f5dce3c7dd3c2b2bcca1be0

    SHA512

    670cd3ca7c411bac85c80b8a0de8ac728384dd9a51eb592cb9d5425e4a6d66a6ded984903580b59914ca3079de21d78b9557f3ecfbd0b7edfb91e0b39ba765a6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d784734a78876836bb002644ae73fe2b

    SHA1

    21bf816f6dbc4bd62598857ef971ae19a9cbc9c4

    SHA256

    37696c8720e9eb86dbe4aea96666be9e70daf6766f24ae68f320e8d130dc405f

    SHA512

    8b182a7a640f63f2e0b359a4022b21b200a866cbc86feb8cdade1db11e62b8b998aa61d386ddebb771e1f97133e84eb977fbeac426d2064ec6a566415ff9a885

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8f8b5cf2d8bfaf7f8f28227acdd67371

    SHA1

    eaf0b0e78d56fe349480c7776ac0fd8dd181ca79

    SHA256

    d1874158ac982090cf3f43047bb5de79f5689837571805db47d78f8a4592f615

    SHA512

    7b5d6942ce48d2ffdd41b13fd9988808cc98aba4a9249552240c63f7cbc2d8436197bcce2de147cf82192092124c1aff96846b29c33840fef4e27f6c400fac8e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9b1e77b945d36038f4f34aca03957191

    SHA1

    65baf61cdc8f0cfd230e2fced3ce81c5d010adee

    SHA256

    5dfee9a80c6726915f86a52e174e3f721c2b9e346f0d7ab557aee54a1ce24093

    SHA512

    c28efec04852952602a9973675ea00708280bf5ba2ebace977285720a1e8e15ddd5d6346233815582c561cf13226227078ec5e295368acce5064e47cde6fdc5f

  • C:\Users\Admin\AppData\Local\Temp\CabE63D.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarE65F.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b