Overview

overview

3

Static

static

1

tigre.html

windows7-x64

3

tigre.html

windows10-2004-x64

3

Analysis

  • max time kernel
    48s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    13-09-2024 18:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tigre.html

  • Size

    15KB

  • MD5

    517136eed2ec7225cd026814a48e4698

  • SHA1

    c1e8d8d39319d3b8e0c0744efd84465186f02e33

  • SHA256

    a66bb7868e23191a5e9668ced227b877853395be7862b911abf6724162d26a24

  • SHA512

    07027ac62f95c7ae27a0f8f8d7f8308a157f677c9ac7b6eb8256cd20b0f70c9b1edfac8fea283df57af07add2624610b56f8a05bd042c5152d2d6b0ee7584d0b

  • SSDEEP

    192:PNxqvrHA1oqTJkNr+8236vKe2ZmRhF2u1i84ccSyFx3t74qGFUfny2N:qTg+oJkNi83ifAhF+4cSyeBFSFN

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 51 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\tigre.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1988
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1988 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3048
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1988 CREDAT:275479 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2860

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ef26fe715dec6f24539e7d3add65353f

    SHA1

    b9d558e4584e0548b5cfff05482abefb92237253

    SHA256

    b6bb288ba00a10e2dee08955278e0cbebca5e5f493529e3451162cc2de818bc2

    SHA512

    1c8888b854ffa99236911dd517b6cb059a974c1e036984408781f0acaabbdf9baed0e1e05f202345d2f39ab846331babc68947b55928278f86102fce06eeb877

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    64737894a8c6a4de0ca91b0f855f01f3

    SHA1

    863dfe49c0546aa0bffd838c382d787b19d67b0a

    SHA256

    09343508bc2b1657e3681393c840509f6d64acfa583db7e9ef060bff84f748f0

    SHA512

    148405062ea60e7124d877095f2da66439fb6a7ab6cba2987a279bbf08e678cc44f3fe5811b6fb2ad28c84992b723f227a45e4e18a8485df1051e73a25025f79

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b961b1ec8740270c746c9fef051cb98a

    SHA1

    864ebfeb7866a38d3b22cfd564839f44132f8e67

    SHA256

    4364add93f6e45a2c6733d68b48f4f22d709cba6eae4f9206d90617305de7e9f

    SHA512

    9afb9a4fce040600cd2aa29d1285ae62f0ffcc800267e8e48cc7dc1daf7e649cbb2cc55a7ceb90f4b2e65e5a000fc72250de78087198ffa9099544ccde83b39a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9f73f8cd39fe50d90b4c40a9fc1dad84

    SHA1

    9f2889dbfd8225a3f2eede37a2e8979bcfbd11fa

    SHA256

    4ed461d12fe1a5509576461177047e72169faa121ff2a934f0d46f6c387af7f7

    SHA512

    fb87c0403ae9f5e0ba0b168f77242da2697ce55454d3fe06c24e260689a37a731aa28285cae5bf820e5fd283ff6af2728b5a55aadf221fcc299d496ab3c6d7e7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a37287b64cc86430d3f6770540a15e46

    SHA1

    76db915c941261c469561e2821f0a246f0af7691

    SHA256

    8b54d08c06d42921aac068dee99fe1e19f66bbe420a91e9842d075272a2635b5

    SHA512

    b46f3cf2abf58875b50c45e40599c062fd436f421389fd728a402f8ad831b1424246b014ce6635327afea5f2d6c3ec2a1cd004fa1fa62868b0bab4f2f2b9e2eb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c67ac2db255b0aa821daa6925dc2ae4e

    SHA1

    931479e0248937eebb3a10dbbe286f4231cc316c

    SHA256

    0140f82f6861ef90d4712c92e319d99e6b7b0cce581264c0e842c81ac225e794

    SHA512

    1cc69f36d5aadf3db65dea3b065ae97c300f3966c35ef05ff86114d9bdcb1ee035de8767aee29b829d7e5c6968ac2990ae955c5bbe3e3510f14dbde895c447b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    662275d72ec33823a882fb6b22a08e39

    SHA1

    b52091c5944217c526fa54199d5ff2d7aaec36fa

    SHA256

    7bd298f0de2f56baac6a4299bf5f036ddd448fac50b17e6a667689e77c4122eb

    SHA512

    45cf6cdb16cf0a978d13463e51bd3f7d2245a7002a9c4dac871e4980c49e0392b0e4d8e0e25dece6fcb7e7cd7f77b91c45b4f59653813f8df1d42ef22ac78eb3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d13d80e1546ab7192afb84187bb35c3b

    SHA1

    47eb9847b3059b739f71b5446aaf749d57883646

    SHA256

    bd10af996d265e953c36b545bc40324291b49dc73c18ff1827d40a76b61de1f3

    SHA512

    3113202d0ca25fb56bb4c23ee2f67e4fc1a8d86e07fbd2dbccac5b960da6e6a6aa3c474e7492b76c7becb1d3902226fce091156a75b4ae3ba50a866be661216f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aae21c138aa41176b695155e760c9fc8

    SHA1

    969a07b936caa7ac375295c6243e5178f2a91edd

    SHA256

    4cb1ffd165b3b0664a37b4664207c32b780ad61dc6d4d0fd6f7b239d80eff8f5

    SHA512

    0b8e6910ddf3bc00180050c522bec4668e9702b0e68bbf8f0d7677bedea7f9615e1f21bffd5c9bff7781b49279ffb8320d1e9ad1d225fe24c4b504b5b8bf25ff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9de974437c34c6a7e33e0b096b2a0e8a

    SHA1

    6d5f692571d5a1db85de1749a794df1c83faea0c

    SHA256

    ba0def152a3ba7a22e1766f33ec555d73b2acc3290fb724298da40e7be9adfc3

    SHA512

    d6e317662e3e5db50d2ba812e5612177e2d1dd4ee99bd973e983dfdeecd3b8d46001dff93ce7f5e1a9c3883321b71fc0db079e052b841dab86fe646d59c699f0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\85y7ywt\imagestore.dat
    Filesize

    4KB

    MD5

    d6791f633be5ab49df9762465e4429e0

    SHA1

    11ff672d24e611f655ba27c7b7eb210f103a0c7b

    SHA256

    083926ae87f158b1018fc8b1d769d2d1e87df1e9ee750a1f7e5e8e1fabb16cc0

    SHA512

    0132e7c3c5144d1b33316aa2af41777d21366683df6420526cd59e249e26506e61f6d8049709b85f49f029a1ceadbf3ad36f49f6a3bfdd29dde13c7fb00733f8

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7FHNNOW\favicon-trans-bg-blue-mg-png[1].png
    Filesize

    531B

    MD5

    c7a1030c2b55d7d8a514b120dd855cc0

    SHA1

    d07abbcf44b932732e4c0b0bf31e4283ae0f4b5b

    SHA256

    7c5bb9ca2fa67fe7851d145305e17a8370c4aec9d09f54e0920d32f6148f12fa

    SHA512

    1b51972a1ae1be2e85b9b125d7e2443c1b47abbbba9492d4ad52bdf0f9cf82513eca3ce436f9beedb7463a6f7b39ddd87245daf790226255a2b0d478dc380b81

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OX8Z8GR5\qsml[1].xml
    Filesize

    582B

    MD5

    4126118f9b966c9f6638a9aead0802d8

    SHA1

    03c0bf2e154b55498efcb5f68b179b4e2ba31eef

    SHA256

    9982f26a79de41b5230a9104ffbf3a93df1fd2b1c23cd818d14ce23884ffdae5

    SHA512

    25ce0a241adab8833ec1277602f77822689738c185e40dcba4bc6d0ebfc8938b86155c3d0c25007e14900e512b635d42c6b10813e6c2161e7aed061e815ae3b0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OX8Z8GR5\qsml[2].xml
    Filesize

    587B

    MD5

    56475e392e4b60bfa198d3c7ece4f2dc

    SHA1

    0a587d2cff22852742b2003bc6de8ce90ddc6c03

    SHA256

    04ee549560a317f7e01f1741622cf6b3ccb3fcf294e3f4c260ed3e1c333ffa92

    SHA512

    ec10ba0290ab65c48bb603b4d03965f3c26e31496b1773418f7645b300cd017db84006bb794cf12c290ab56b4c6f4452d9ddd5bf6b06b6f87fa4b5fec6961396

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OX8Z8GR5\qsml[3].xml
    Filesize

    603B

    MD5

    49664ce78f70f1f5c56c6421d4107d78

    SHA1

    58e95e8f9c8f7907e5c1605e1ca2168ca79a55e0

    SHA256

    3ee1f3a2b61619450b8bf6118532dce9852c98f77bd3e42e613eaaf2ebba60cd

    SHA512

    99b4caf28fc08132f115e9f064cc2795b3a16e3b616f25936bd30b465732bc1ee544461f4cf47abab33d533374247e9ec7f8250b55ac1be5cf5dfcc474726dcd

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OX8Z8GR5\qsml[4].xml
    Filesize

    591B

    MD5

    44f1cade7eaefb315847d0a4ccdf6c5e

    SHA1

    4ce4168d9dbb6f35505449e2dcd90b5fcc1f3532

    SHA256

    6aad215e5a08b561dc5c0d98778849fadd2e3eee24d91eaf768e22bf35172ecb

    SHA512

    ee498696a12dc85ea0b70711ac14e9770fd4bcfe698c76f4e3b99862e0178c09a765c3a520207f14431426236b98db26b85d8b69472fb625182184f84c57ce0d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OX8Z8GR5\qsml[5].xml
    Filesize

    612B

    MD5

    2cb92aba8f287f611fa422f805ce9f5a

    SHA1

    25c3eaa12df7bf958941d9778a5025962d15c1bb

    SHA256

    a7a0339c3cf6c993f4400d3c0eac83b073bb633174f5d87b6d6da77a855cd466

    SHA512

    a2d227b14d6f559976e5a273075b01bff55c18a609f743587d2e2199f606d70e512275d671d51e4d25e26330d037c38dbf6de42f316cfcf5dd1d3ba44731c4d2

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OX8Z8GR5\qsml[6].xml
    Filesize

    613B

    MD5

    f8dae85c0a28673ea7c7b104f3d4fa1f

    SHA1

    9a162d4d87ebfcf5c83b5e2c5f3735fc47714263

    SHA256

    e2d2caa792ca65e7bad2643e13257b3ffd1942847cb8590b2604ea96113bb9f3

    SHA512

    a7ac099e7160d7deab9de6b9c7a84edce7b847aef6a5c4dea7dd7ecf7563f3d01dba1f579e047caebc003f29fa291de71a037634ff163428d7ee0aecbd5cd3c6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFBEE.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFCAD.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\2V20M79Y.txt
    Filesize

    967B

    MD5

    0801460e812a9f260f9334d4a156765e

    SHA1

    c18bfb46afbbb380b5144ab9a3f97a5e56c3e495

    SHA256

    76b4835d4dc32ef075970dabfb5c1706faa9fd1cfe3548e73d42682fb355b659

    SHA512

    e8c374d967f7692c0f26bed45feebd5ea9888cf2d33437fb3025c952c6ab819d2f4e5c9baadf7abfda21128f8d777e296cc8b469110c7c8228a7360dd399277a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\WZPLEPYB.txt
    Filesize

    1KB

    MD5

    bee9a11092990e104ce83edbfda811f2

    SHA1

    aeaaa9c2fd449ccff8d7379c9ecdcddad76e37fb

    SHA256

    eb71585e55e7b507d0303120b543f76b16ce251a828ea005a7aba9cd493c6bfd

    SHA512

    0691cca0e326205eefa172f2587ae7f9564646fcded560b720c14d3d2712f96d85dcdd31cf47545baa646288edf00dab9a99ebc2d12d648e867dbff70de0a7ad

    Download Submit