Overview

overview

10

Static

static

10

DATA/OS/OKOF.htm

windows7-x64

3

DATA/OS/OKOF.htm

windows10-2004-x64

3

DATA/tv/Re...er.exe

windows7-x64

7

DATA/tv/Re...er.exe

windows10-2004-x64

7

DATA/tv/aa_v3.exe

windows7-x64

10

DATA/tv/aa_v3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07-09-2024 17:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DATA/OS/OKOF.htm

  • Size

    260KB

  • MD5

    aecda5ac137cf4d41c85aacc14871857

  • SHA1

    c5eec535c50840e48badcf51f8f486c6ecdbe85d

  • SHA256

    8ec77acbf9324dd48707e114988f3af931100d4fede03dd5210864f8d0e77eb3

  • SHA512

    082edee8fa308b89ced253d6eea99360d8ee5ec8c0bd2541a1c58ced27dc38c7b6d0b6607f472c4bd63ee75f8a9baa40996d37271cbd05a3f4c832111c194157

  • SSDEEP

    768:LYVz0Z/fX9zX5OiMYGxOFYMxOsMYq6IU5IxprilxIDxI6Mi4xIbidxIuI+F/xIkI:LYCsxZyCan5pgofoWw+VBd9885M

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\DATA\OS\OKOF.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3060
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3060 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2616

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    440e6e6d35fa5fbd63249d7633a02176

    SHA1

    389fd45b5cb1b8584248086b6ff3be246f2baacb

    SHA256

    dc7a95e67fed75039d8f7ebc8def94450ddd82429029b49ca99caaddef947b32

    SHA512

    4b73cdd18a24a02fbe57791d27b935777595b334141142570e9af12b933f345392ee190ea87373f832ae546e7194ba9b8a681663474b4a4c19870280676f2186

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eb25e7155e9f3b5b60966a09b66c482a

    SHA1

    2c445b4515fe2588ae3cb34ae42fe36d1524c4e2

    SHA256

    0525724a9c3ac2323d3647cd3b3902df601a6092f922808bd7aa1d2173f1f185

    SHA512

    85c917ebf496c0ab20950207d0de788ab09fd1b03ecba7034daa3c264a9f222be5a995359f2f2489b15b67ed7925ff1d4bbfbca3a0a9fa2277eb6f0da395e08a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c593e99f280f6df7e24602482f82d24f

    SHA1

    463a47ff30bacc5efbd2563773c4e932ba647a42

    SHA256

    39cd5b42b61f169fde28e8f330455b20058d3224a3701705454fcea01a55ae7b

    SHA512

    5cd64d8d9aa46169d1478e3743da212453e609e607fd2d83b255d4e364c43e4efa0986ddcd53c063d2f6acab3407e83ff81079f186d45abf656b1b850a73a3ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6dc3718e912c57e7ffcad85f8c5140cd

    SHA1

    22b8a35053cf1a0f90dc7a2c32e4185cb648d835

    SHA256

    c43f109a8e68619af6bb0a9edf3c516060b2e3180da8248e1f408f28ca88de41

    SHA512

    a29f5ee3c42b86c2a4dedd4801ea99a4c8e258ed9ea7c9f81859e5a4fee5ab5af2524d798270196b7a15ea18b8a7fe062a919fbbc805b6bb5723cab0952ea597

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7e5b7bffad8d0619e2aeaafa6647a58f

    SHA1

    c2af74fb5b213b0c03834ba36cf74a5ec993dc44

    SHA256

    53fc0747c6643469dd73258fe2730a582cc255692d427b84f6cb9952ff062701

    SHA512

    d14daf5c1ea0cee07f4c8922c1d366ad11354c3f230892f682949c3fd242d4bf5b23e42e75e08349525bb8a93ea47d2d4c81acbe2f231ca6642b2c5c34af8d4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc6cceadc382654f7839f4773c8a00da

    SHA1

    0e84e1da2c86b1183aef26994235370593d1da0e

    SHA256

    2a8c95b6743155c4789c34b81a6aac9a1992024e620e48d7b7cf2b41f351a71f

    SHA512

    4bb22ba183871b97a9c79ad28192c5e4ff960ad64a6ee13be4cb8b388fd564e084375b80b94d194df0ace17e34b23f405f8de85750724c87933dc97405d27fd4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1e3c014d69c9958564f9f2b781218bfa

    SHA1

    366bf1f164bd90b9617f8ce2efdbd3a8cc1d5b8a

    SHA256

    69831fe8729c79a658eb54dc7944d2aee7c75fb5ccd7464208b4469da6fdbe0f

    SHA512

    561e1931bc430c934d72d13d1efa84b3ac9efe9eb988abc3ced5d7517d7b08492772c4d58da080494f2535ef05e3a3404bc4371a3a5afe53d7db56963b45d47a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    91317223a02818ec0e06837bf0764cd4

    SHA1

    40f518cf1565f5ac9743d9e391cde218524ecdde

    SHA256

    39d785c6249d172004cc794369d4932439ec7504bb7d1dc4ca3cbac4663fe90c

    SHA512

    4cdac1a1aa9cc40336c09bcbb92c3cd9458ed4572191c82c05ac2cfb8f74bf81dc9aa7ba8e9edcbcde9a3102a87ad99d82d75956911bf983bc114434bf118a74

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e30e286014fe7059a85aa47323eaf891

    SHA1

    e1e2f4f727b17b33d44083b901507a6dd32d33ce

    SHA256

    e767cd22d1b7cf45c21a705e97f6b6424bb043ac29bd149085fb7a0b127a2c36

    SHA512

    00283ee00f450f804c137b18439f59b57c8d2c52f4ff376d3a9b16cea6abe6da41c5a93a5a6400418e6af2d129e9a69cc3334388cc7c7da29ba3bab32c701e4f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f7dcb65956230d7f7ff725b939c1fd6f

    SHA1

    bce7f10df9527c9714ecfb148acf1525570c5c15

    SHA256

    ac180c73ecbb7785f2b767086973f3d9ffa1e3778f21d2a9c8e7bfc96d904202

    SHA512

    cc0a0711a872996ea3bbfff8671b1eab906f77625da45c01e6140b57948621ebf9fbb4b864ad7f23a110f958b5e5a7d2e42061537ff15255a3e8c7d440283fa6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0ad377b46e61538d377b59992b8f2437

    SHA1

    8a0ba4fc705cc2f15f1a9fa3245029d9f3c67fb9

    SHA256

    a3b43e85376062199a3e6acf89f17aa4115ab5c21081cb81ed1fb311a7ff6546

    SHA512

    b9577da5c0613b2ae84276de8ed5cccd6eca769e7c1dfb49aaf838d2080ebb704122b1a4f8580c616902c4ae636a07b286216e364f93e01894f2573ad84bae19

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7e24f44d9a5c20e5410added7efe37b2

    SHA1

    1229df90a42b458741e0498754a48fd8367efb08

    SHA256

    e06008f95b24bf71d33d8d24517d2d0a32ba84ed1808dc6943d2f49005f69519

    SHA512

    876f7288f8d14a3279093eec69f45f935d574dc660a3497117d8ccba3f894bcb7f49c44a71d04e957eccc437877899f8bf119dd4814422c35601f1bcbcfbd56a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    45f41693a276fd06944b330bc9ff450d

    SHA1

    8931861503992452e623b2803bf20ee1e810161b

    SHA256

    f37ce8efdd2727b3673aec2db43595f6a207bfc07e58171b41cc4b033b096401

    SHA512

    7297ce4cbbf43093ebb163c00dad467cbf498be50682ec0cc142b317edb349cee339eb3bbad6310065debc311dec614778081d701271ba78899e91c01f273cab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e76ca120af61afef764b82ebb6ac931d

    SHA1

    ac99361f3324f28804b9dd6f14304a2ff3115e33

    SHA256

    20732bf36aae76ab056a0794b6971a696f5fcc6a409c1f27175a79cc33ca67c3

    SHA512

    9445c8f123382c45a974d8a475f6a1732312d6b98e1f20c278cebe6be1ea1dcaf82d80fed4ae82a37bc3afaf1db661f8b1ab1cc98d70f11795add77eb5c1600e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    387b151c5c5d9a5a476afff79c32b4c5

    SHA1

    c9e8de8cccc4afb8a6a87b36e1f42c92869b63d7

    SHA256

    ec6f43dfd3bf2d526cc2003089b2385ea903f83cf97c027c878dfe117af884d0

    SHA512

    3effecc9cbc8ebf1a221aec5d3b464a25a0be0d58c2527953623b33c1d058f209efb1951efbf305b7dac61c698cef0c50b45f28d05c2263ab33456b13d51f4f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    816fcb7f968eaad635ae3952b41e3a0f

    SHA1

    3a029c60c198827e6950884015cbf119056457e3

    SHA256

    6f873c531132eac6fe7da53afee12eca9dfd6d9da3bac27e73a5d6eb314545f7

    SHA512

    95738610d055bc7c00cac94fc1f30f72b1e32896c217bb41a859e4d4f1251bd5515bf709ad59d3557e81b06fcbd05b04d04ec7ddedb3f5d91021fca81c44725c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFD07.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFD68.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit