Overview

overview

9

Static

static

9

d213c111b8...18.exe

windows7-x64

7

d213c111b8...18.exe

windows10-2004-x64

7

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...om.dll

windows7-x64

7

$PLUGINSDI...om.dll

windows10-2004-x64

7

$PLUGINSDI...ry.dll

windows7-x64

3

$PLUGINSDI...ry.dll

windows10-2004-x64

3

$TEMP/v.vbs

windows7-x64

3

$TEMP/v.vbs

windows10-2004-x64

3

$TEMP/xcmd.exe

windows7-x64

9

$TEMP/xcmd.exe

windows10-2004-x64

9

$_48_/$APP...md.exe

windows7-x64

9

$_48_/$APP...md.exe

windows10-2004-x64

9

$_48_/1.html

windows7-x64

3

$_48_/1.html

windows10-2004-x64

3

$_48_/3.bat

windows7-x64

1

$_48_/3.bat

windows10-2004-x64

1

$_48_/3.vbs

windows7-x64

4

$_48_/3.vbs

windows10-2004-x64

7

$_48_/qq.vbs

windows7-x64

3

$_48_/qq.vbs

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    07-09-2024 13:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $_48_/1.html

  • Size

    321B

  • MD5

    4981db0e61460d215e67ea30b2ccb115

  • SHA1

    9adcce6d71e190518363785a461f4874b1cdad22

  • SHA256

    b42ad407dd50b045ff838c26c593e04c275e2cad50b194f887c2fef6b2201e5f

  • SHA512

    650b47a1c93d34f2c66d174317da67c813f537c593ad37e84a410a5f21812f1a9ebf85c686180c9782c9db213175b336d130a504a3a212e28b21eb2ba4fe3820

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$_48_\1.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2160
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2160 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2836

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    db78dd04c048c6ee0c741a2357c5dd73

    SHA1

    70af824cbba94fe62d04af3d5548566c249a2bd2

    SHA256

    2fdbf9dc0abb885141e1d624a6f4e4e258a302302c17b38bad1bae3381bfbf86

    SHA512

    97bfb60a34d2a6f896fdd2bd39b122be6f76841e499def982f22da844d9a0dbf38a95f480cab1a40bb6afd5d63caf081284442b71c527e7a11d56b0ab921bb82

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be61fa6e81d00e174f47213cfae27f86

    SHA1

    1f4232e79307c4950d20cbee9955cba485e66e99

    SHA256

    38ae75b532474db3cf2660be085b5ad130a52d864067d7b90de85a9aa117de6d

    SHA512

    08d36550415b40d16cec57a06f8e7dd2767253292e88705ace84c71e3faaac04c47ca8097997d06ddb4259fed5d6c6183c032133eaecd064dba532cf119b24da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    82b5f01ed2608d6ac0b1b13f8bbf2812

    SHA1

    9459560c5725d487264d2c56154b137eebf56261

    SHA256

    b1bfc018b7aba4b06c34fc3c32ba50f29f44cb3e32c032fdfb43d39b3b3a7ce8

    SHA512

    4846a8c920f0e176097bd8860b8f3bb80e8bb6ad124fcdf0e783c39c0419b2c63be975c2c3c54ef46da51542b45e667d40fe73f8b4884a5cbfc10caec888fb7e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    08dbd0ba0c4055478c8829fc817b4d81

    SHA1

    ba5edd140cc0a5b8a0de84f62864f9fcf390e998

    SHA256

    5ce2293a4e41754d5325a449bb0870ef54e9fc34331025ff65e7f4768c65e985

    SHA512

    033f1e6c073e60afd68b561e63ae40f3e51a10ca67c8a4e13b9c6db4a5cbd0197f09a4baa0bd7f27c38572025e859da87845b5074a5a1880d41930fd5af358a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3f9f3baf6af16eaf6f04746c8cfe5c26

    SHA1

    8e6c8d9c7bc7b68b6a32f43af33890f3f6a2314e

    SHA256

    b57ea2b65678f6c4fb0d4b9c29ba43a953ef738ccfe22e826a08ee678e607f7f

    SHA512

    f23dd0d03213f14030485eb3e6011045dc4a8e0675435e2874c41ef0309ebc0398bf9601948e568115d9260f2707e4dd29e625b3fbae02f69fd5d549bbbf91f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    12040430ba0d05463588f4e6b5c950e2

    SHA1

    8a3a57e90f1ff28901309fda0abb1a7440d7590f

    SHA256

    42e57f5354cdf6349a709cf2ed33df483d74a42b5600dadd6968df1a86eb6500

    SHA512

    3df8955a5e072650db84a9af8c41d3dc2a7d3d815f0dabd298540b08bc8f00a60ee86c0bac0af0ac06205a30d9657dc9d05dcdbf768088a44c67196021294732

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2dafdf57cf3cb3050530dd03440f7294

    SHA1

    c93fa5a4522bafe8a7cc27d828fed6b6956086fd

    SHA256

    4f65642602ca91f5f2550eadd28e90e5c987f13acc069d3c29e9c0132d255da3

    SHA512

    62dbc253008b698be0f504f6cb50befd1b1979473ef0aa0218896a709d5843e779d14eef14bd9d707771cd3cf96e85b36e6352b30b51c701ad5bc42cb5569f53

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bebb57dbe4931f5be3ba76999560cdb9

    SHA1

    dd5e7b6e98c86054fd5db075cb139a7417b78f4b

    SHA256

    8499147963915a77fb9d4bd454e32bb1f452cba4ed9ada03cf98d89b744b8937

    SHA512

    e8b31e6fd7784180ff9a9f0a4628eabb4a74164e65bf779f44ab9c733cdaf0a6836404fc27b3819c3686260f8ea52e082c85175e24c234e8438a9a0b7774e769

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a701dfe2fa18ba5f544836547001ed4

    SHA1

    0b4519c77fc27973954729aed59724bf648e6355

    SHA256

    3beb1021b2252fa8b1909383d82482626936dedb6c07976c0a20021d1184b422

    SHA512

    1d43ac7cd1ee1e143656aceba4dea13d894147724a962cf545aaeaf11281cfbcdfa832394a1816806a2adcd6212adb2ffcdf2093ea7e75c5cb84ad53c781bbfe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c9a030ccb1dcdab61743fc12377e2788

    SHA1

    17231b09053629cb00dd3d3b0839d7f1662158a7

    SHA256

    c8a6f20f2c8e1f96c5acf643dfedf907ee87aef9242406e698e72036b1c3872a

    SHA512

    f891f4537b3cbda7928f9e43988d0076a85c10f5adbcc3248dd139d84854a4c83f1cda1c8ff936bf069a237a301e8d34e6c1bd755aceafbf8b5a9327921c2af8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    11c145e4d86d955ae8c5bb55a19019b0

    SHA1

    f6fcf69e22ad64f3fe1b049e2e75bdc122a063fe

    SHA256

    97af7664de01d6999bba57c39bb91cefd0a2196a50bfff74cb68905aa69b50dd

    SHA512

    be1f71b2e3d7611d95106910813ad5dd4a8b30d191eea69071140fab3264d8aa0e332d94c70725d5f24fbeb8679e0608c8521b1fd9fefa256d3891de07034018

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7984.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar84A1.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit