Analysis

  • max time kernel
    74s
  • max time network
    74s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    14-09-2024 01:54

General

  • Target

    8c13d2fd7836abcfe22c00ace0061d40N.exe

  • Size

    5.5MB

  • MD5

    8c13d2fd7836abcfe22c00ace0061d40

  • SHA1

    3c9640ec84a86cb10e87f2b2d8217f034aab1d5b

  • SHA256

    cd665494b4a760a948b940d3bbae302134c282deee633f04343fe34790406001

  • SHA512

    3c192fe7231e7c0306521c2701a3c9eeac0fd0091f6d59ef0f35a2dca193fcf5ff36008065838b2cabc92757708525a4d500e315a5502cbd8d7a6e5850255285

  • SSDEEP

    49152:/WFnhV6qMFnhVSr9JkzvkjXa+FnhVSr9JkzvkjXabsBFnhVKTTFBySg6etzcwp86:/YrkzgXyrkzgX9orG8farR1

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • System Time Discovery 1 TTPs 1 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8c13d2fd7836abcfe22c00ace0061d40N.exe
    "C:\Users\Admin\AppData\Local\Temp\8c13d2fd7836abcfe22c00ace0061d40N.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2084
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win7-x64&apphost_version=6.0.33&gui=true
      2⤵
      • System Time Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2144
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2144 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2748

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    15479489985593a64fe435ed5456bb5d

    SHA1

    81fe82250c34c4a973b8f978d513b01d1ba0dea1

    SHA256

    f49cc98389ec70f52993823f722cd1d86d3a83f847c35b7c1bc6f988869227f8

    SHA512

    8f417886800fca76460b895f6010809223132b7b735e9ef43233463d325922370ea33a0450c81249350c4472baf33d3f9d1da58e697c35ef99c83fc53249b99d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1d49fd4c7bcfca2500a2ba545883b02e

    SHA1

    c985f84c5cbd61238cf9e45423f4d3e867f076ed

    SHA256

    aa7dfeb8d9bd39c5b520a83372b1166eac4458548e07b0f033cdc40e159f90d0

    SHA512

    3c798a0b564a0e4a39b98bbfcbd01742adb60af968773c70bdc1dc92c1d76af78e34a6bf86903437e6e04b69d287fb0d37dc5e254d6f0ad7c33d1af84731b75f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6ba65ffb75d524d8508b1c5d84389b93

    SHA1

    1db63708fef11c28ea4743034be3585d111b539b

    SHA256

    f4985b7344772d9f32dfe4636b1bc2668b5b55ca1c22d7b424af05eaf9d15a78

    SHA512

    f135f0daa8ada173b799b70496051a8cf1e449d9e883906e14d08bd5946dfcbb655f73208f079a1facc1b338f6a1259aa62170c12a59009d82ad137ca3c60de8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    98a237a42797f0afce3fc7cc7ff2f831

    SHA1

    a965d153ef7c291318cabda2c146b07a0632b915

    SHA256

    756169e4e1abf32c909df584be92185a4ba164520b35b6333916528c566aa11a

    SHA512

    e0b11500656a9ecc227a5fbdfdbdabb4ff053527606157aa6c8d3cbd92188e1150d4d54fd1dc3c80523feb7d94df819176854e846586e8e2b40a5e6171f6a92f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    86dfd538dd6891d644b58c816fc3f431

    SHA1

    276c8bbc3a0741e80a9126754ad40e356a626008

    SHA256

    d5dd7cf724f33adda616bdcae7b7f361573d5da29c28f7186b55a20b18aed8d1

    SHA512

    9394b33b7a61b13ff493163359ceed2056f78e80f0000cccd39bdf58be35eb14a934ef814d62ae458a4ceb53d35a6a4fdee5bd8f58cc6aeac05492c9a99383f1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e2d6ddbd137547487f8d1503f0cb54d4

    SHA1

    df88d5762f5f73abfdc1d9bfaa20b6767e484c87

    SHA256

    7fb72388935348bf277a5086961cbed6c6ed09a088bbc4330d00dca87a6037dd

    SHA512

    3f56296884bf023829c45dfaefbe2ea0c949069225781544d3cb62086e09a20a717ef7e513bde8b2b177be845dd7a719450d81e9ed3aedb69d42c8ae7831f35b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4cbec6134f1d103a7a5bc7358dce0406

    SHA1

    d01c43f5d72d485c8a5c635489513c9e3f985398

    SHA256

    e4b566d2dc338f3b1b9dbe7e391627cf8ef895d8baa1dc1d08a51811762db54e

    SHA512

    b40f98ed5876f5aadfacb60bad041be3d416728214575f5461ad6a8b5687ed87b547eb1f67cd370abe08eed27c8259b4c6c8d43087cd15cc397f0609b77e9740

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    af0b9631b1174f0abc35366fc3070f17

    SHA1

    db221dad9da0da95c526ed04f0e9a04bc3d7d42f

    SHA256

    317f45d093e506ea0c7fbee069021a68de79af161d8fb0dd2c21728fdc37fcfa

    SHA512

    fbda5258388022069501bb51ef619a88b9d07f600ed1cbc2c641de092ca3aa96450e2f00573388513d5f095d92d50dd354443f578b53a23b92145434f81d2e1d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f1fde1f71a81bd5da8a1ac740d236e03

    SHA1

    89d7ff408494941aea43de37a2f724c734326f44

    SHA256

    01f66a70d4646943712b8a575f4fce4fc859d8211a01e4db8bae380049cd29cc

    SHA512

    56fb4db5a229cfaf9fddd7ac2aea80fae4dd48aee4ee7182b08ade32dded3f5a234b9cef0d0b370decb53ed63b36147edd8ac14880bf1c21740aebe1597e42bb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    eb3ec3802c2702eec9f32efbc7f59804

    SHA1

    d34f20c1e384e753483b7f68e05c6b1fbcea2339

    SHA256

    10961d731f507515149ad13e82d6c3ecc41aa3a89b08f2f618bc58fada1df0df

    SHA512

    b5ba8cd8995b80b7d592f8f1704df0248a8380f46092190d3849d6e523c7089f85b6c0f33424c40aa0ee9f43cad2757aaf8e5fc6e03c7f9d5a8504f76be2f390

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fbb21114357a429d52d56ce42e53ec6f

    SHA1

    a6fb3c0111a597523d6ede0d747882eb06e8d682

    SHA256

    0305ada7c80b33bb3b69b3768d5972101409c736bbf699cd39a597f35c3dc0e9

    SHA512

    25e56b2b30e93854f0cdc56ae06ae2d4e2d810f67ceb8f071be9109810be69a8d16acbd7d014352dc5a174666a282706274be92b4b96206616f77a3d117249b2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    51f8bb5b5eeb1ef2df6e2e2e44cea462

    SHA1

    d1e4dcff915ae1d7d0d6db56971d333190a1f86d

    SHA256

    fe11a0ddc7f05f4a24507238da2f07c95d95918e8a52b13ee178547f5baaeeb6

    SHA512

    ac63e0dae74e16f4f8bfff7e114048f853ce634f6350f951e46f1322f5c2b9ffa82bf76aa3e5f575896f9abfbb62c5d343bbe467bf727ab9714ee08c3bf8c2fa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    29063b15ec7293ba1608d03f8323b80f

    SHA1

    e3affca8cf240008f57afeae4b5c73e3a96cd901

    SHA256

    c497ce61504bd3648c42eacad378811bc8ec0bbceb0f4aacf2e5ac7caa6295b4

    SHA512

    5fc35c67c5cf6c8d5a733086aa4721ce67e0caa2e9d3beb06cc9ce4f842d1a3eb9e6993b0966cb6dad5c713c6da5de007b3eacb04c9e61df0673666b3fe30ef3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e7a50e65aed414715ffd42bbfccd7f72

    SHA1

    7c56e4da20f7ad78850ccc418c27033ffaa88194

    SHA256

    789a213dec34d4ac9377cf74d98deb5ed4c7822ee22bc6a34244e12b904d4dca

    SHA512

    6f015f19e48931d9883f4fc083989a4d339e9645a3f8a44f08f200c7d92c786eea0c970fcebb817524ed0d19485accc739410a5748eab80e8d4f335d5d053a52

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    95a2713b8991943bd98edc5ef6925f2f

    SHA1

    86fbf6345f10d1c8079784c9276890a77a7f875d

    SHA256

    3b3fa10d08cea0b47562b35d4e966bf0b13c8d4f99dce472f1f48b9dfa1d8602

    SHA512

    1c518f5234fd1099a56e6fcbfb318d3df6da3d34ab5d1938dc083d5b1bc1e6c4e63bf4f1cd5c6d6ad8f7bd0c7fc9705ab24fb8307fe891d2a055184756f04508

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    556190910f13185757b11f742cf797b0

    SHA1

    b664ef4eb90742be2de9d112c26f55e40572a7af

    SHA256

    f461f847745d4c7dfd95a6f6c9b151fd20be10968c52bb54fed2520d8c8e29ea

    SHA512

    5de9d3ae1cebccd44b6e79ae4f7bb6599c17be14c654976708742152684f04e756ae78a73b86c738c0a9cbfb058534377d0acf4a3d2c6254cb38888513ce2381

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8aecd1f3f2cdbcfa13d064de01e9c296

    SHA1

    41a87a112c9bc949ddec54c50dfcd8e806840c0c

    SHA256

    c0faf290f42a59dedcb7db59619ce180c7696a330b954b0023a55e016173606e

    SHA512

    367bc5d8fd8574b68c5cf550a51551b50e4ef8ffcc707cecfe8af19dab9ca9e66445d0860feb04def193204c579ebcec14bcbe25ebe01f43d314ee154d48e258

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3b52a7d5756a326f69a07368b0e29326

    SHA1

    db407215ee2f51dc5c00a59022a89227784d9ac0

    SHA256

    482324b09aa91909c48ceb4bac063ce21a1f7f69fcffbd0f174fde3b225acc30

    SHA512

    9287e85227fae904af8272052f0a380e345ccea5a199d7f6ef3b6a8c893cd3d001b5affbea67504715f7f1e7c4747eaf34eb8d23c5c1c31502c00fa186e54771

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7e3040784f8c7b80fba9f0413706ed67

    SHA1

    71c61d76a158a1de08a9fbd1b61744b05e789071

    SHA256

    23ecddf4aedfa9471f2304e40e2010a7c58f548f0633f0b45f6d3656a764d673

    SHA512

    cac3f9493a24415d6291229563d4915e874059bda600f7fe964d4bfa3ff438f225f800a9c5c5a0b1e98ec6faf3626a8d8d52e6f2acdb853a5beda44bebbbefb8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d2a883bf22e1a8130fcbdefc77a8f92b

    SHA1

    ae02aff4d49ea16d999343ee923483304a54f810

    SHA256

    c8b68154f75acbec08ed428589bbf9d477c0d1c648756ec977297f26234701c2

    SHA512

    298ab5717c20767db4ac1875aa56d51c19d5c1391a0135d27bcb33cf2e9905e9b294369a357f81148398271bd0139e119bfefceb61720442c8f547a657a574fd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ce2a3417dba00994ec00613f83786acf

    SHA1

    6e020bfb26e59c4cfb104abaf1ba5d200e71a2ea

    SHA256

    7db284027e08c5ce534ed7fee4181bc3f4c2ce9d8a62e71487e5ff1e6d5fec3c

    SHA512

    ea37af29b3086605e8d13f582d86fc58751818712162b59ed1c0d94b629d782220b5a6d6bb206873578407c128b903de5810ee9f86ecd541cb67695b5d998512

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3eb03842c6b24f801345b1512ceec952

    SHA1

    5daaf4b551ec33a2b68dec4bb8554d4332fff552

    SHA256

    eb6cf9fae1243a1b945cd37002199fe2d5a00966f72cdc97773f5631a59ff91f

    SHA512

    0e799761240e7dad7211c50e61004ddb37f1d3828848e27bb1dc8b75530c197e71147ba31d008bdef6665a9d7c41767ccfacbeb18536dbcd8f2f31c7159bc564

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1252baf0a9766cd04383f750b92b7392

    SHA1

    dd4d6df4f5c5e2d30436885b910e820202bfda1b

    SHA256

    2a9712962b3132cff55a380d5698889a0bb5833e913622ac75e5d28a8e95c54b

    SHA512

    9d5396dba9b3847b5abe02f814361a83d263a93f996d22e2d79bcbb3b76c329f0e0a6c93a9d0553811d405320ebf8bf24d9a0b6aa6f10e03576817a1e020eb1f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0b417f2cba22a3676745637c15f597d0

    SHA1

    ea4052512e619d11c6f5c1fc9596b7b53ecd5f63

    SHA256

    ef712d3bad46733b745936622d1979ed7f0f9243448b3ec7b75663cc4293b406

    SHA512

    80ea127bff924ae3b4782f33f20e3dbde66a6abaddae8fcf100f62ed08a0436bc7370632f1bc8b83ea41e20458d87dbcfc536f8d1b22d244ce5522f2ac769ce9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    31b6d74498542e66785df65136400815

    SHA1

    24cc28285c5adfa2908bd4b4bd1da33d106206a2

    SHA256

    1078abe6fce3e1a6c2f4966ba2ef7fb27ae6ce92a6288e4a0a16461df5c7c1ba

    SHA512

    0fd8759a8748acfd87ae579e9dc67081d57d6664e07d348c8eddc0956a9a44d9c6fe9826c408f548ad0a7f6cf5e546192a1346107b6876e31931bf4e23a3720a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cfe74bf824dea2c0691abcf75269e4f4

    SHA1

    47f68177adff919408c955ce32e73413784195bc

    SHA256

    c30f60a5a8c08af7ac76fed68e54dc8a0d62a6602b1b1b7fa357167b7c4b2e61

    SHA512

    196163cc8dad0673a1b597304f532189c24ff8249113912c3fd93394c3707ea46fa74d9891ef94467fdc4ec73aae79abfdb64c2800d1f5696cec971bc948ba68

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5a1440d56ae1150552f20ebad3734f85

    SHA1

    aed18fd3dae7b6fb764020c2709a8cf2c6d7e7ad

    SHA256

    900b623c95a790515c00970cb971be03b13bda9685afa6785c0d69c346ade171

    SHA512

    2d859f1b6124b1188c7dd568f4193ec4878461be51486a65f9fa6693ac6a4f657e0c068eee672f9c10f90ad6a8a9abc4dd55953de2464cb7ebc19725d70087b4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8567dd163a87531afc3c271cdedb2792

    SHA1

    413f706d2783630f597dc62c34284c34462d95b8

    SHA256

    342098e4eb5eb3ad681cbc85ad06406a39d33e90c26de4a5513b19c778162cea

    SHA512

    a52227b2c723ea56f03d90c996f9e3d6af61db4fa06fe0edc1966dfa4b487f150b023eac94de43fc3281b8f360fe7f64ec3fb4ced4aabad3f4db389756ca73d9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    07e11db0b6fc0028941907f87e918b03

    SHA1

    9bc26ef47a14bb72c31fabe24377ac57592190e9

    SHA256

    515a62f7bcea0851acfeacfaea4ed29817ebaaf868c52170602c625ede76ebb8

    SHA512

    47a6adcae7cb0326b5fdedee1ec21d384193a05989f43ccecf2399a98cf1455d726b4c0b186b50fe59e89efc4c78bdaa40059de3ff458c7fe0659ee8e59caba1

  • C:\Users\Admin\AppData\Local\Temp\Cab21C5.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar2283.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b