Analysis

  • max time kernel
    122s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    31-08-2024 19:11

General

  • Target

    hubotio-hubot-b50c39c/docs/layouts/main.html

  • Size

    2KB

  • MD5

    473dc2c66befbbfa192d6719ea97f852

  • SHA1

    97906d7bfe973d17e99c94092f9ca26161d4fabb

  • SHA256

    bc7cc7fbf0fcdb884d1bf3068d7a498eba802c651d380d85e0a41087f72e3203

  • SHA512

    d0eb3a81977779945224f960c4d85d4a37280d0d82c5ee9efc1f9636f4ee15b2a4f7ccdddddc6a7f82cfdacd6381e074c8bad6ea11c7f2acbb1b622345db3d99

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\hubotio-hubot-b50c39c\docs\layouts\main.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2404
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2404 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7f421ada8c222f67262d46d6a5fa288c

    SHA1

    0437fefe5af7f817ab1de6553b2d446f86293aa9

    SHA256

    189fa262185b1d361fe1be5177b1bc7a36de7b93641b3e9ed68d481f9bda9424

    SHA512

    6c282314a7c7a77409a20f67f3e536dba54f2b0eb954c60f70e614d4d57832980c1bf8c3d632dc33ed6a35d620be5af3528d80b8c0819da817215c909c2b6467

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4c76f27b5d2f512657291fb2ea6b579f

    SHA1

    9c1e340aa1d879cab4a5ac72a78ca15f3ce8e187

    SHA256

    0fa0b98348b21f7a3500065691fffe2f0af3d1e1c03120aef0643963d4816590

    SHA512

    1534ad595c283080eefe6791ce6f105367d86f0fdf9a96ae3f6530549d7e8bd6146083f698ae19768698fb292d53902b9f6efddf6ef85bc830373cc22ed19cee

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ae1e8d1b5f2b31897fc5260203520662

    SHA1

    4814d08b2f684960a7e4ca2443eb975c076c7723

    SHA256

    22138f34a707c7784056866ccaa4640a4444bbffb94bdf6cc5bcbe3c7a357431

    SHA512

    9fb7b3599a906a4016d09f88803f54b4aaa1649296bf1aba4c0268cd9ac77ae9f01dde54bb31f3309b037dbd9c9b526771ce88dd93409b1a2745d8d570c951fd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3777be99bf451d4d5081d0c40b652bec

    SHA1

    9c31f7b60d5ee323b6420e9043119b6b8b4cbd95

    SHA256

    9598d92b56b0b7b18f378fbe926d7da8109dcc91f474f78710c6c2280ad300df

    SHA512

    69db662bd28044f700e6de012446b10d46e40872cab76b9d0df96358ce1e77a94f5bcebe6d93bb048dd583126298ef951e05deb1b81a50f0fb6c99d78229aa86

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    03e25d14c364bbfe634b5ad7c0590949

    SHA1

    3e51bb180366b3367e6b41aa414b68424ca1de46

    SHA256

    807380e38051a254f94c85db1019ebe523dbd5bf715db299f52ee4f79c17b93f

    SHA512

    61d8109cfddb10e48de35ef01067a9edb1ab98e562801995616a26fd0772a7d2dddc6bd75f63b7c1a0cdf1a7f3e2f1f7103c453b044281b0bf2f94e6ec6ffd91

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    57deebe5e535cb0963911ddcbccbf466

    SHA1

    9ec8fb4d701ede226e867ee23b476edb5b42c643

    SHA256

    f0124327f5f8ccdc5376b339d74a23a9bac3ac87207e3354ccf65c8e1802ce54

    SHA512

    fd3884fec88df19f20b5fd1e647a5b6e12c8f57a11f79db5a204b65fc16f03e919a028f16b5a82943dc92871bdb9f74050f77d5e8892f0de55923ddf959209d6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    610e77967976a61d9b778caf2a0600af

    SHA1

    69b619f05a32383c77960245e92d56302d207ff7

    SHA256

    5372e4bb18cbbca9c2112fb19ac3954ca292284570146b8f8ee232ba497ca205

    SHA512

    d74befcdbfeecdfcfdbd72c701bb1e2d78dbef5c553f0f490c856854b60f2d40fb08f75b97ecce81fd3e1e87cc3dd82397aabbfe4d074bb8be3203250595980e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    674ce560f281d67b452c4bbf1491195b

    SHA1

    6cc5a9273030f56355ea0ff9cb223c9b0fdaa5c0

    SHA256

    aee8a6bd9e816ffab45e88297f5baa1b321ae0ba74edeea5456c61597d10d177

    SHA512

    fc7d3c2e0e2ebe38b99948bd42e24736220fa2d8f8a5c951ab74a3ef91c460d20d4bb534fda0e97798628ce1dbaa22c7e76d125a85266338a6f10eb17c11b9f0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cd6f67e50427113718089b26549c5c5b

    SHA1

    f09eb07bc99d075ac4db64d641e04910d7d9cb2b

    SHA256

    91163e07daa71ab90e3f9895aaecf4ea4b3a27d2544f4a51aa08dc07d25e1df9

    SHA512

    9ecb617a5d116c8a9065cd82c682d5010884a9575c31d5861e0ebac196bbe762aaa258de217aa17ed5020bdee0db5abd3f0d3de5e4d4cf23aeee72ff2d2ebfc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    19fa7b11487f303745d7679df3d9f26b

    SHA1

    ece4ae6bb0a0825c4058c9e660f787e1cd9b0e18

    SHA256

    1651c6adb9b9d3100c4b7cd8f73de6b7503e055b435cb9f7b86b343b7234eb66

    SHA512

    c9837a546aff7b6009c7f09c6873398844f2f9f10b6b1d27e53ad449b03041aaff04fe20df4d138e452e0e90a34ec48edcf6dc726901dafb87f5b91995567624

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    edbc2acaf049212a0c4f472726902f50

    SHA1

    019474f7a68ed54f8e0e358ec77a3d24765119fe

    SHA256

    2d7bc2f1563f5b55b88470c962d646c90b454f3cfc37954a2d5f6d09266d49fe

    SHA512

    703817e3b139c4854b839877f4be9fe0128c18cb53554da8dfaaa63fc9610e025519c67967387dd06114ee05379fa1f802f2c5aaa7dea957b5ca01cbdf1143e7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    07d3c1e13f676a5bba036e328ac5bb14

    SHA1

    eecc70b68bd04c6b2afd0081ebf09ad84d6e891a

    SHA256

    8ba2dbeca747b1125c35e7d17c131b22d6ec70382ccf6320adb5c538240be9be

    SHA512

    742aad6ede06cf3f701148c34445447eb16aa375b37a7824c52ac14ef696c683128cce39bf557e8a02c30e5feb59c2f656d2e89542ae07d0ebd6869bcd00044e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a2ad29b43d30ed526e20d05c417b908f

    SHA1

    14a4a42af48acc10083d8e07bfd3171c6593b203

    SHA256

    6a349483afd3a6f5e2b2a437d864a2d0fc070c85244534d7a66f251a11e10201

    SHA512

    9654e326b16a2649d17c0fcac82e0164ac6bbb11e88c997b0bd33a125f29edc5b1edc08b41e73358eacea79bd3e771b78a20346256193e063fd313218c0cac76

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a70ad702fb6b7236a8f02b1f4d396384

    SHA1

    d6d2ac26a7eec8387d077c754d7011eae7af6049

    SHA256

    e5cfe00b3a936839785bf36a14dfff56f33c4ed9a1dddbeabfa7ed56b77bd4ac

    SHA512

    920edbc97c571df2777df88531504ad6600f0587b9bd7bddcae4584bd7a334296ec0b7c4994f35776a5ebe0302a8043a1102043f55f0276d2cd1a753d0a18789

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cf2099d013139cc796254c5c73ed11fb

    SHA1

    910b28693d15b4c45000b5869c0ef6c8628f10b0

    SHA256

    6f387946abf81c559e2afa45a76ce5d7a6ca2163ddc462860315fffc4df0a999

    SHA512

    62f9f08e5886501cbcd650f9ee0152ee5761ed19b169021e05e03af6bc02a8aed94e2611b6fc68b22bf489990a7b34fc4289d7f112755ea20adf51e81befb74e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dae4beb17e617ae515c41f595e200f68

    SHA1

    00d649b9b84af0dfd999122dc3f170b4c724570a

    SHA256

    4d1b89bab2381badd425995f64f5a5cd580df5891a620d6c843aa2a903d71d2d

    SHA512

    157b970dff5ed0a6f8cf67c915e73be9054c081fd5356896328ef1aa52b2f82a4faa33439a6d1779023fc43ce2af135e1659728bdd248c9c1363de22d81fdc50

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b9e685dbdf71d7f6a718db39aaf0ad63

    SHA1

    879bf0836c4e02712cba1f755889c2593fe3e22d

    SHA256

    c71511a8cf7cdc2457cd1022b275536ad78d4ebde21742d528f1c19c6a09184f

    SHA512

    e0c81628afc32076d0989b748843680e13f1d0e7c9b222317504e94f9b89fc83bb3ca0e436761a348ef8b43141e472aeb1f1db5c41a7a2f82d5b044707ac6429

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    38ae4aca4f857833cd798918b8614f01

    SHA1

    2961af79af66850fde3894a2005ff0d46627ff8d

    SHA256

    13927bbaf80ee96712fc335624798ed0d61c919e8097f9634328d765a55a2337

    SHA512

    22829366f0df9f2c494b4e4fac32be9a27df8600a77c4be8bcf2fe72bec400762671d75bd833f8ace3302b79aa1a8d972178983fe36854010360b65e2e916ebf

  • C:\Users\Admin\AppData\Local\Temp\CabD940.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarDA00.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b