Overview

overview

6

Static

static

3

Forged All...er.exe

windows7-x64

3

Forged All...er.exe

windows10-2004-x64

3

Spieletipps.url

windows7-x64

6

Spieletipps.url

windows10-2004-x64

3

Analysis

  • max time kernel
    133s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14/09/2024, 01:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Spieletipps.url

  • Size

    81B

  • MD5

    38db28ad903adfd7ad4ad9068811dd6d

  • SHA1

    fc772f4b1f17abc3d2af950cd39a8e534f2941b8

  • SHA256

    b4b22a305d6cfc21da6bc22cf8f0bf00da507964481d1c0ea5010938c03df00a

  • SHA512

    01c7a2e896096d475f09e6cb6afb8219b55e308e8e6bb50003b5e5c5d1748ad5762c8a36504640df6e6579658972899795aa5fe8596330fbc22409d12f4b97fc

Score
6/10
discoveryevasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\Spieletipps.url
    1⤵
    • Checks whether UAC is enabled
    PID:1984
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2512
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2140

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    88f72375fb3a4378f6f1582bbbad0580

    SHA1

    8d41bee4b1bfe9e020f8f203243a0e6fae18ea2a

    SHA256

    07234661a63389a5a13de246292ccf666ab58d1d90686e2d8cf067caa8781dfd

    SHA512

    1d1bf3ac0161e33220322ad10ef7ec9856e91cdf38cd96ea26fb63c7079ef2eae8e6eedf2879ae8bada634ce79d46502cdedffb7fa8453e1f8c03c47bfad96b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    53e8cb174813c8b3183cccbea95970ac

    SHA1

    d78e3adb4fc166f26619a139d75309c4ebf2007e

    SHA256

    b93e935db73b78d7f2c5b79a9bf38dcd76b1bc7dd5da8d6e4c9056274f956fa8

    SHA512

    974fab64e00eaf78f424ed33fd8f877f1465a4fb7937f7bfe54029e8f2ed92c819e1443a7468a5b33cf2f1b6ade16f8beed98579966284366801f504fe0e38a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c685b67a5e6836f4a4ba9d9bebd15add

    SHA1

    b61c816787ea2445f104a7f84bdf1f16ecd273b9

    SHA256

    de60eb2c2f373ed4cd6c1088e41d17bce8f5dd680b394222cd144ec9bfa0898c

    SHA512

    291a7f365839a31310494d109dc42294e8c47ce618df5a08264045f1f25769c5625892808ab81296a8f04ef91ffce76e4ccc57ff14331f9a8b66740e00187cb8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b2f251dede3b8d8b05b783649e460738

    SHA1

    749e1cfd821b8ffd17af751432302b591decc76e

    SHA256

    991137654496f890968ceb463338dca8123618cbe580fff457c964e2af5206be

    SHA512

    c6c0b3fd83815d2a8d2b87f7bb6e57e5bce66098b33a9296625ad267fe7c18f0522dcd8a4812d381c85f46c0d7131974403f0920495318df5acde1bc5b35faeb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    55edbceb19bfccbcc9dd523a1b8311eb

    SHA1

    d3a1bc928dbbc9f4ba3f9498800270b18a8ab28a

    SHA256

    6b5ef06d9602a93c663551277fe411bd0794e6d87fb1ecafc67a4f77f90c5a6c

    SHA512

    e0c9418d48f2c28b7f41038f22518e6fec89087ce5325f160b9ba06c01297abc760d38808973ad3958bf8f2066e437d78b4567a59fb75f7c583b7e4ab1af085f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    befadb97802c79c7eb43199efad4a9e3

    SHA1

    3c88e71f9a1fd0a37e25994a4c03ba9eb69fd9d4

    SHA256

    c6bea5d7f948779504b83b82de7a1a10625f3fbb004c56665939efe04ae013d0

    SHA512

    138b87cc2c27495bd8de1c7ee515f1f9d0594e63ab8249f405d64cba3b13ba8ad34bad6f0add50bb4d0d35c07d7c5cd0a403ba11ff9e5fc7d67dc80a5b4b2553

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6baccc796d0452933b68662715c0f7c0

    SHA1

    413934815172fbb877fd7086b7e46e92366178c3

    SHA256

    c5f2c7bd33e5ede116d4f9e53e038ff7b865b5bb593aaefb079a781f391dc34e

    SHA512

    64cc48a5e71ca853eb887be6e3030252bf9c83cee92f5343afaa121ed69621b829b655888ee06d307fff81ac1714a2dc6a6fc1e77df87ceaec4227c054ac73d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d2989d14af3251f358a51108523db49f

    SHA1

    344b90fb30fec8cd20f8bf1117f2b84ed4c308d4

    SHA256

    5e91b5b312441756eac1cd800dd39134b2aa85ef9d1de79052d2b29e277dc633

    SHA512

    c0407fe0cf32f88abc1df1725d4e782132c327c8a9fac893fc94126f1d4dc335d71ada6123fde43fe511f08670a2c226a9971107d32c12fee919ddb31062e52a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    436b4fa5bc0fb39ab9b9bf78f92c24e0

    SHA1

    cc4c44e53a8588c3a9d73b5ecc8048726c27c213

    SHA256

    45439d9b68aaad7149980d1593b25666601a3df058c799016b91b613021322e3

    SHA512

    f087097b24e66d5fbf19d23f234e680f798dd6a70212c24173db66e6670ee7e9440f96fe150280cd17663bc63438a46ee20fe67d6f10c2c0b3db836c11bbf212

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    64a4026064a340ceb8570b8402899bd0

    SHA1

    41a6ad6d22992c60f9ebede281da395a6767aad4

    SHA256

    666f25dbe352378c98a51059287f9543757e0c6798fa5e1e28d7e46895f87298

    SHA512

    82ddb75f874107aa4dd6bcddad78363893ed51ec25a9641decfd2c61eea1a4c45c1ca8c2f18b6b6cf4aad55ea643d55c3eb73a7341836169b7c5050c6f51386d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    50d60569936c09e975f19caccfb1d327

    SHA1

    c0a916cac456d4ea95a0dfe3aab52f70ee8c1e6e

    SHA256

    fafd5dac9a9afd05ec43eb473fd10ff73c3601248f6a95eae5f5d93d8aefb6dc

    SHA512

    d2356b4a5d762c2d31bde74a202447c7f562093a7cfa22933930aa4656a23e4c3ef21b6f0f9df27abe818dfd3c175877699f483ad23f58de008f361b32f56b08

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    77a813c07cf94671b6f77d22bf3abaa5

    SHA1

    bd517f87dcb1f8ccea4255c53b04903cbe121777

    SHA256

    fe44eeb24b9534788e75576e4e9e4d932df93042bb7a60b8c1137b579cd1b505

    SHA512

    23cfc573eb4627943844caf78f6a67397c24fa1b780fa6be1ed0df784f2aaf6d77d7b438e049cc160cac46dd7224c8d67817bf64a600cead4bb85bb6887d56d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5f0fe91adab442d306810c6d850fee96

    SHA1

    393a5b2bac6b49e11135927cd54d4a2dd10ef2ce

    SHA256

    ccce70ca62400a9fa40189c45103acf82ca99be7b9fd7fcfd56d1cf4860d857a

    SHA512

    31a063e6764dab2cec31dcaa35baa0f9812bbe7c5708ddddc210c539ac62a7a847461a92e36e91ce0206a86ea85d952f2e406eb64dd5982d2387426790b433df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    57ef16b0926b254a94e6e4504a8d0f97

    SHA1

    901454896d6833fcb6ec70ed784fa7ad44d09d76

    SHA256

    fb5b5aa0077116460a99c15513e92f55e1034a7903a81ff869de59471f902932

    SHA512

    903258ff0149b52160db00fd671707e142e44166d7c5e5e4b166b2e94329deeb06d49c109b66e62dabb64b8c621685981264144a5f26042cee7a74034a9cf07b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    428851dd813b062a7e003ad7d2c5e776

    SHA1

    05ca514b223a8e323e489038584de023957baa61

    SHA256

    763b8cd349c46f8933846c259a199cb90e431702c42bc1e54f81275b390758fb

    SHA512

    1353616dc1f94f686dc97bbdd8e650b0f1f258e24a42d0ee039647e1f6e5779db18ff2ae5c5f23f918eb9b9573bb185a25d18ce9f2f293cfc9c59d44374cb8d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9355ac112392502d076f1d7772d229c2

    SHA1

    1ae69ed28e1f1f353402a89f7295e13806804ce5

    SHA256

    04cedd5dd55108c224d7817b82f94b9ee9d35ddb377390a47fa4c2ad6ce0a674

    SHA512

    77abf8715601bf0eb3a75dce2dd5bb6aeb175bc954811e1b4cc604017cee433c2d465301e0bc44fa592885b2e0d6fef9bff639dd9ee4f3d015504e1478191186

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d5c5803fa7242656aa820ac610ad05ce

    SHA1

    d72069db5b56829b1e4ed7954b683e836079370b

    SHA256

    f07280d3c7bbbb8c514c61ab49f108a6b88c5c7c045ca5e220be65bd29fa6eef

    SHA512

    d6550152524f729771c24b5ac133b8cf268b3116dee099fa5920fea5912beb991bbcc2df1b6202fb7639ce663ade40246686176203cfecd39326392f07be22a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    505c545974330ad8402ab3629cf815d6

    SHA1

    5fd3c3a85f833b018b50aabcaf91797d49e62fb9

    SHA256

    c5e806702018bc37bd95182c3a0bb10842b0a518e07812c4f436cde059fa6d3f

    SHA512

    283355ea211dfafbb8c8d964f5b64ce59316beeed2dfaba2b80da24729901d113a53535cc628d435b109e763956576b5bb52097d51c34a69894e63b992c6a88e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a5dead7a26473d93f4909bf2f13c7570

    SHA1

    a290588dd60d8389af52732dbffd2118db4b7272

    SHA256

    b0545412009305040c0969e97be89a80b4d8d2ec5e998603f5507507fb993b34

    SHA512

    06075e86be46cfd413abb262a76574d830b86ad4ac9bea44a55e7f30ac6f52005af6d2b7583922a2c05f4584e7e9d22530edaa181e6e4100cdef3777fe61df0e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC323.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC393.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1984-0-0x00000000001E0000-0x00000000001F0000-memory.dmp

    Filesize

    64KB

    Download