Overview

overview

7

Static

static

7

d0fef0a79c...18.exe

windows7-x64

7

d0fef0a79c...18.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

SlgClientS...ts.exe

windows7-x64

7

SlgClientS...ts.exe

windows10-2004-x64

7

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

aminstall.dll

windows7-x64

3

aminstall.dll

windows10-2004-x64

3

fmod.dll

windows7-x64

7

fmod.dll

windows10-2004-x64

7

gd204.dll

windows7-x64

3

gd204.dll

windows10-2004-x64

3

granny_download.exe

windows7-x64

7

granny_download.exe

windows10-2004-x64

7

help/controls.htm

windows7-x64

3

help/controls.htm

windows10-2004-x64

3

help/credits.htm

windows7-x64

3

help/credits.htm

windows10-2004-x64

Analysis

  • max time kernel
    134s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07-09-2024 03:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    help/credits.htm

  • Size

    5KB

  • MD5

    27911be4cf525e2ac3ea0e5b7c6d6aa3

  • SHA1

    19f6e80da537b6924d40a0f7e973cb705217a739

  • SHA256

    e5ccae407e45ef85931f38e2585c6ae0d37c6ac7da7bd49aaee06d754511e068

  • SHA512

    e173ddacd9d0c0720e25dd6de75edcf9cd5545f98f37d83f53e5478993802233cc4b0416ba26a8afc3438d9bbc5b1ef41d0bcfbdda42970fd73dc3da42104541

  • SSDEEP

    96:/hYAKEmab1SCL/RlqUI9k6ZZ7KU7ps1ld5K9hIJGWnEZ/EeTduIEY0WmNV+iCMC4:/hYAlRPmZvE1W5acKb

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\help\credits.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:292
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:292 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2236

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e8c6bb66cb443b531b4d3b79ccb00fec

    SHA1

    184bf8bb2c56a508f2039c8e030721f61d0cf059

    SHA256

    4d5ebcabcdaeed4aa1b6f2368180a5b3bb343427f41eaf46e89ca3e9b579938f

    SHA512

    e1d3f55164e7a888731c533b324873b8b5bf0aa518a63a15a1c78cd20d768d636e0c35288743025f04be19910d69b75dd5af6c99a1c46b6e26ee1ed7edd59274

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1349a3ad6c3b18fe153c2b9aeead00c1

    SHA1

    7858763b729f94f196dea9b36a7abcf530dc5925

    SHA256

    3becd61d6d184f6bc118f0dec81491f624624e896f930350c411c0c30a754284

    SHA512

    a5665b2c2c6c0577ca77eeed3b765ce34a65692473fdb024c227da1ad3471b92475f644fbc0217469a1550cac80b155b4359f5f05822a51bff36a202a990bdad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4b0f5bb531cf19206ec47a0aac289647

    SHA1

    e6dbda84fbe9954e3339958da56b410e81df386b

    SHA256

    0b8a1f8b1c24e26101d54d5780aaa328ad7c1d9ec92a006b3f16c7e60ae209b6

    SHA512

    f8c7c7fe6348158aafd2f17a93a992d1867927799fd0f21f0b9d12f2b7fbe379cd01c41bf56461253cb7be3968efb3f6f543be7be41b9b2bcdb29ed8f51056d1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    56985c57b723e3bb6867951a0812dc48

    SHA1

    df2ea47bb673c290690b748eb25f7891021f0afd

    SHA256

    6365ff4aef2481ceef8dcb7feee1fc03159315aed5ad78db432ce0f673a7d915

    SHA512

    a0df8f295bed0b75b81cc49e0a76f32a79222b0711e8b8ae98e097b8a3b4dd7c6b4a2cae3c30ab303390f0b3bfae5be997965871fece9c74dc16cd1fdb6127ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    40bc2b5e6f49ef17f41d5c37667d33a7

    SHA1

    fba2ecfa8e0f0281a77184f66347959b318ab21b

    SHA256

    d25d6bdb5307455132d40c23e933b6f2dfcddf015c10040e764a6feab0e7a4f3

    SHA512

    fa6b6d453eb849642f789d9205c614db932af9b6f6dc7dfef27b75d9034024d317fcfb6d98074eb2b8f68c55f54306a946ae2e8563de1581534ac1e3abfa76e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c726caf6e06fce6845684b9ed2fe6aa2

    SHA1

    b16feb0b25ecf4eb147891bda1aef747b0ccbe65

    SHA256

    15607854ca516e100f9c31620b704702060c480b35e4a95a36142231433f9d2f

    SHA512

    b2ae2fed5acf1a5d2d953500a14ddbed26b3e3dbfb4ca0ac479bdff78f94312c9a7a8bfff5c814487563121904b4b3a8448d618cc7aed5dba07cd8d1deb866aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fd93acce48b0c6cbc2c8e1189a9cb9be

    SHA1

    f867f3fd7d295d60ecc52f8d0405a07e0e0d4ebf

    SHA256

    64b2bd67f6ed743ec785d66ca35528b14c3fc6c96ccbba055831f6fa0282043f

    SHA512

    e0bdd853f157db3bb0095a4ebf883adfe2beed01dffbaecab5cc4763ccde54b471d517d65c3f80bf25b36c115f844827ef44356e09abb1fa20b07ad036042721

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    45564c5c21680f9586606709855803a0

    SHA1

    28b2e1af0de396c3212b12c232d40453af638985

    SHA256

    c790348304c55b0229bb7a6b55878c86627386fe2372b5e360e76f4338be77e2

    SHA512

    a1ce9a1d17af0638dd952e141f6edf1a096c3a9c05ab5ca1e9731639f0eeef840c59c10c0ebea124d939b19d1d50882ccd4a9505838ba46b8665aa73e4ec6c94

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    640cae90a30727f835b78653e8bddb45

    SHA1

    8d2647755028c05e5ad3006c2a0ce8d489dce489

    SHA256

    e323a095ad07ea4245ed657557782f845c37ce7aa5ba03a34801ffa44c3b3966

    SHA512

    f8e2276e50fa1d0bf482ed3f0a19a5861cc111ac42f56ba689e1809a36bf759438675b2931779f8d72a0b51ae9592df723444fb1dc4e668bdd0d66a82cc50c88

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    edf9d030cb963f1f3f54ead188d179d2

    SHA1

    cbbd66a6e5237db1225870be27602caefd73f91f

    SHA256

    09680a735c2904e18c11f513f68fa20faeeb63414623c78dac948b1c67af869c

    SHA512

    4f56615b729245bae45bf70a6938296bb0c7e897b634af6d5ade0f497d3c7ee18d6ad2d1618e1be96dbf132b2c8513bed0006ee935d2530efc1d3ed338f584ab

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabCD22.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarCD34.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit