Analysis

  • max time kernel
    118s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14-09-2024 08:45

General

  • Target

    Leave.exe

  • Size

    21KB

  • MD5

    4f59c58bd4b78bc6b9b9c1cd1a5c84e4

  • SHA1

    9a04d93617c649bb19675c6141a78ac48d7306f1

  • SHA256

    63cbae517cdc43468f73c362dca6bd1d50cd5fefa4e317ed82fc464f7653f5bc

  • SHA512

    21f38d5b4c126690f0bd6331b8b9bde340666f8b6c368a6775c59ba1567df754ef1928002d897a09ebded3bf03af8003ab538d7ba8360c296d30bbd2d4553f17

  • SSDEEP

    384:59mO1MqaL3mFi/P5xsZyZbSJ0ULAgSXNp3G7LU7002hv+N0VL3LKLrbKHVt0vwOs:eX91AUr2m0pbWnKHcy2li1r5

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Leave.exe
    "C:\Users\Admin\AppData\Local\Temp\Leave.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2116
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=Leave.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2104
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2104 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a50fbc1b65bd0b6f8b4415d169e2e57a

    SHA1

    44776503d157818224378e8ef1b2a6541a799247

    SHA256

    2c77b4767941169967747612c97c836842810829580aea9da2b9e784816efcc5

    SHA512

    5e57e3dd4d1bcf40b70c8092e0d7822927b102b78821e1aaf86f23cb4cdf668594bde29e3d0cfff1d6f975b866046fd9bfa65b402a17d1bef12e1071f127e747

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d8f681a922a72fc410c1f4e8793ea3be

    SHA1

    58456196fd72dc5e96473915f8216d85a2cd134f

    SHA256

    f4ba55cbf9a1ccb90d1f036e8fa51c52a65e2976794a662afc674b84acbeb8a6

    SHA512

    fdd88b370f254212fecb32185760b6f8f6b36084039f2b9caaab552c5947a8b53139652d54d4013cb579b9b1ef89fa7e4b086e97d87ad2c98ecd29bde2ae55a5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e1dc28ffed98087bd4af935b2a06898e

    SHA1

    585dae894dc79e75d5cfab1dc144b997d903e5bf

    SHA256

    a1c750235692a7e3c01ea5bb27cb71dc4ca6b5cbc83e1ef46b9a8a08d00442b2

    SHA512

    5bed21f89449c14472fd56d03b6da1c155523aab6d990c78a02b7275772bc6c5907a9f8f8ee32c4b678f09e3b15b3979a4e0d5ec796000965f9be91d5ac29f83

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4f779bc40c2b5ee60c948de26a6907e3

    SHA1

    abc0594402c7778e878cae85adb9f022f7f1bc4b

    SHA256

    7438cb7b0529546f032ae0248d86ae64b8070a73e6b39a157a5f07c63d23c610

    SHA512

    5332cc177d2ece944d7bcc38604e84b5282dcfb5ac9769241ffa1f43870591ee8c806e887e6d192e1b7580ff6cad84eef9a28c184e4e3b9bc3bcdaf90064799f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    163c50ce013f9182c0242d4be769177b

    SHA1

    c88fe5663a5ce0a63e0aaaa34110d45c9d34f28e

    SHA256

    832cf23f7bc0b893a07035d4d4440062f1364214268f057ea81cafb3ab16f458

    SHA512

    abc9ed23a777d11ec43349461c88f858aabc62412b7aa2b9160c156896d3f169c89b8977801407a3bbc91e9e81a8b00b6254a84b0d55e734b2124759c0c81ce5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    79fb87f0ee01c27d52d72e908123354a

    SHA1

    1ad3cb0414b2a927540a0499a5c4541992af7f38

    SHA256

    63ea6a1bb8e586ba191f6b44edfc430e15a2c6aaa207c00945e2c4053c04a803

    SHA512

    c1cbdfdfbb1af7f556317a332b537cc7b2c8254e9099585a045e218f4cae3b05ace8abdd440e9aa0a779b4c02abf692f759d31f9ee946bbf703e4080b2a917b2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b3b04d7f559d2d3190c0344f889be130

    SHA1

    97a1cdbfa91a0cf8a505be4a57a2b6e08269adc7

    SHA256

    71465b96e6c38db1151787446f734dbcc1d0252d6d260c216a4ab19fe7d5e130

    SHA512

    0d5b3c9d8b87979c61eb07592a4876fb8fe6554edf7910393c12ff686249fd9b4a524f4489947a076024a624968255f02f4ac2469e2efe9aea734c4a6e4c3a3b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a2c67438de0bfd86d045d25b0491df8e

    SHA1

    e06e2250351d9019c75ec8618301d60d32b156a9

    SHA256

    a2bc97d8d672d06510fb9df896a9aaea21cab3d2e5f49cfb5210b3660332338e

    SHA512

    835ba7e4e231bca2727eb63d4be5eb0f4eaddb15b680205919d2325155712d28286e247a4ed080c115146adba3709ba8db61c8f57cd5a00ecf4b6a005c50d751

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b1343631da28a5345632df32cf134f90

    SHA1

    eeeaabcb2261acce4a21f43ede3e9b2d940371b1

    SHA256

    ed3b25e24ec2c5b1b0526d33b5904b9bfb6d005e7bf24c9faea70b439951e350

    SHA512

    add966624f2e39212af89bf4664b626c6bdee84d2dc58a4c6e867fb4adc40dcff6b1f9ce7b112cc3d1c6a872d359fb4aab9f127ef2bb146b68a6545e6142d545

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    51bf51f265e65013a5adf20764cba2a8

    SHA1

    8cfed19f83ab716df5039f8f1c36e2446c57008e

    SHA256

    d195f319f920c5523611d31990651d79552669aabab97cc1faef2e9fb3265f3e

    SHA512

    831f73fe5c46e17384125d101f3bd07304fdc1a68786376ecfc6de1cd85ae348d4905c5909e7f063247dc5db06e4174d078195f8d64ad65ce2c2bc9566542f1b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0f6e162c8b6ba99f7d18ac1952812c89

    SHA1

    541342c1d77bbdcf95b0b55e3909fe1b9ab5d34e

    SHA256

    a75baba4eb48481d4289c66fe0813b273482ce562624f2e05207b1fffc3bf9ae

    SHA512

    d6d1df28b7491529c04f891639af27cd7c6d9f9a736a156da1db9294d7edea6e887e64cdee4da051b8aecf4ae00f209ac094c67ea2fdc43c58fa88e0114cb0b0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1841bcbfa1406b5e098edc752a54f211

    SHA1

    efb9e3666fcda11370e1f53c0867ce2f376a4fae

    SHA256

    1665355172187bfee65959d2233a6d40526dafa2da04596e358b799a2690806a

    SHA512

    9e71d0f99b3346a2f45ea9ebd2975c185f3e158191bf123371452ca5545096e868ff9fa4f932ebeb39c9dbd33603fd718ca7d6870538959108fcea58521c86cd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    76bb12fb77b9dd8383b1851f892fda20

    SHA1

    3d7ce880d433400d2ef87363389fa0515e539e9b

    SHA256

    af2326d86f4d70eba319b61790ec7a3ff5c7f6f3c2caab5c423ae5b2a6614f73

    SHA512

    34dd7ee3463f6c06ccef0157001ff16aaab0e1d8ecf9d6865cbdf52b4ad5ccd6739b875d68443a7a71888c8d0c7c2f85d3d705d44155c21519a114b620efb13c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8696d006d431de1497f42a32f7327255

    SHA1

    a2433c0df705aa78560028c2c99696c192305d62

    SHA256

    aed9d513d2d6c5e5be2fdd8ce828994e20956fa2238f6d0f5f3c27d4a7f17a79

    SHA512

    a8cc1fc385dd20635b93f1d59b3a3c942867b969b1059e3f065e1dc5a8493fc9c82c6bd31f21fb9d505be57d636d1e971dfcac6f216848eb45d9197801eeb556

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7ee6d9d737c9114162c3f710a8bae42c

    SHA1

    a244601e4360e35b9e53b7bccfd0e6b8c3e8c579

    SHA256

    24416a3edf95b8c17533b4df26fa70365353b26d2057c927087bcaec88c2449d

    SHA512

    fa9d3d27d4a7bb2db55b4141d2b674095aab26f7816a8319d637e4e624fc4edb4f01cc1119493030870f2694f4613c29b747b4182869525ed5516ca5c5c4eb80

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c3a0eb215f31b026a1c5c8178eaf8389

    SHA1

    996748812e7c7e41cd39967adfdcaa979334b102

    SHA256

    9dc6e9387a87e7fe92b3d363443df87d0d0ea7a6130dbb468e83801d1def4fdd

    SHA512

    6719194e03d238e366fd6cd66b82a9f65f1396b82316be22f4783aa688f25b3dd1976246b7b0967acc9f914efe7a7b958fd0a094ad1f14d1e08334298d48abcb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dc115f8c8ede8f70d319f4c36ea9c57f

    SHA1

    8b74cb6596ef63a5c52641e43f8e81202ac9ddeb

    SHA256

    7dbe577c41cfbe2b1272795075e6a6519796fc1f2019f8c41d5d0e5f7167f3a4

    SHA512

    78f42408b3b34530995a83722654db724e71fae27821bbb45f1e561d156bc45bbceaa31a195015568bdb3da4454a83ffc35eb57f6c16764df99c0d6a85f3cbc9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    695ce9a11c5ca9b1b1a45c0721552556

    SHA1

    700852ed5d4fbc5e3812aac35dd942fddd34dfe7

    SHA256

    8af085f6ac7d300a9f0c39f4063b022a8f7daf3d4094702473c26b6c2a84e0ab

    SHA512

    29cbd27a49aa1407d609457eaa05c8292c592b96c6c1e90519739cb05a58801a7f43d93ad919ba467f8ce27fe5528829ab558377706c5e810f719e5cc9f30b7b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fb09b8597d229ea0c7202e82f45ad6e6

    SHA1

    57b16c83b4802638afa94a78886bf234793490ea

    SHA256

    8807e108cb3b1051652c36ca2f6e7e81a387d696cf522d1daf38e8ac52afdf1d

    SHA512

    82bc74c5de2d86aab7dbb58a91923c2d27d59fef24dfda6346878f38aa6d66ce0fdeade53bed84f9db689a56a3c5d914cecbe0f8dee2d79c848ed31f6fe6d130

  • C:\Users\Admin\AppData\Local\Temp\CabF5C6.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarF5D9.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b