Overview

overview

5

Static

static

5

epigrass-2...g.html

windows7-x64

3

epigrass-2...g.html

windows10-2004-x64

1

epigrass-2...ut4.py

windows7-x64

3

epigrass-2...ut4.py

windows10-2004-x64

3

epigrass-2...el.pyc

windows7-x64

3

epigrass-2...el.pyc

windows10-2004-x64

3

epigrass-2...new.py

windows7-x64

3

epigrass-2...new.py

windows10-2004-x64

3

epigrass-2...lay.py

windows7-x64

3

epigrass-2...lay.py

windows10-2004-x64

3

epigrass-2...ay.pyc

windows7-x64

3

epigrass-2...ay.pyc

windows10-2004-x64

3

epigrass-2...tor.py

windows7-x64

3

epigrass-2...tor.py

windows10-2004-x64

3

epigrass-2...tor.py

windows7-x64

3

epigrass-2...tor.py

windows10-2004-x64

3

epigrass-2...or.pyc

windows7-x64

3

epigrass-2...or.pyc

windows10-2004-x64

3

epigrass-2...t__.py

windows7-x64

3

epigrass-2...t__.py

windows10-2004-x64

3

epigrass-2...__.pyc

windows7-x64

3

epigrass-2...__.pyc

windows10-2004-x64

3

epigrass-2...n__.py

windows7-x64

3

epigrass-2...n__.py

windows10-2004-x64

3

epigrass-2...__.pyc

windows7-x64

3

epigrass-2...__.pyc

windows10-2004-x64

3

epigrass-2...out.py

windows7-x64

3

epigrass-2...out.py

windows10-2004-x64

3

epigrass-2...nel.py

windows7-x64

3

epigrass-2...nel.py

windows10-2004-x64

3

epigrass-2...ect.py

windows7-x64

3

epigrass-2...ect.py

windows10-2004-x64

3

Analysis

  • max time kernel
    144s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15-09-2024 16:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    epigrass-2.0/Epigrass/HelpEpg.html

  • Size

    11KB

  • MD5

    355cfdbe65010cf0e3f2ccb12fbe76ba

  • SHA1

    1a0bd0a70771c7f5d52886b8ea1991e92419415f

  • SHA256

    6e311725003393330c0593157d64b74a6a7ca4216d4a781202d80bed4eeeb935

  • SHA512

    233d4516a70c79dfd8bb95955dfbc885f7474215bf5407026480a8353598b9ccaa0f4485601f75e7837edc226ae186f98bace2b36d19a2d36ffd1b6fdcc52bd6

  • SSDEEP

    192:TL1s4Zfb/6DxJ1gnVy+LrQLiNJyQA2+ibw1WPn8vV6ZH8PD5y9Rn1dcDRvd9Vk7a:H1s6j/oxjgnV5Ki3A2+EFYV6ZMd6eDkO

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\epigrass-2.0\Epigrass\HelpEpg.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2920
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2920 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2616

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    688b1e5f71ae28c1d1fb619e72d299f5

    SHA1

    852342ae781a84826f91af3e2e8aec3f1567ff53

    SHA256

    f4e40a3d8426df3045a3c70149cdeaabd1b8a3657482449a4d2652c26093c177

    SHA512

    f3ced0839c581dae4a4b8764cfb80f3927f46d68d3ca345ef73dd95aafbc1ccdd0f9153de9b434d51a23de2b970d5ea7e59a63d3c6c5bfbcc1b56e3eeff77acc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7ec66fb957c7044e280f0431edf78aee

    SHA1

    0bfb97ac1ebe4784372c8e28ec55247ec5fc7041

    SHA256

    6a121d011ae6c4111b7db2663f9686ad22f919a21cc23ea26d562a16d536bf62

    SHA512

    c894dee053a88e87b762924d9d9ed175bea0f79712e898de019b6bf35d5b9e5fd0da0feed9954e6028dc50ea3f945db4d003e883a3f55aff6e45c1e9968c798b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7eb9908f0dfe701e722074c0be93b43c

    SHA1

    24b258aaa27fd58e0fb919b89a3f993bd80308d2

    SHA256

    25c0a4045f488965d8cad5b50ca09b577b5a5818b6a8532a136ec2d6ed02d926

    SHA512

    e36f6266115a86b3fcb17913162dce85c60730d1a0144914e77fb5264d6e353aa2bba3745c492fe4ab3fbd23cd5588d08dc08b961ecd35d4e0c42e6adfdc2e89

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aa6faee34bc5b4fd07e140ca5762bfec

    SHA1

    5b6487e76a9e3fbce2531d07df981ae5e7da32f4

    SHA256

    7e8a6bf23ce6c9de710a974166e61efb34943b1e1e891870d6549981f80d6eca

    SHA512

    69857151343e576e854826b5f3247d794c5e167e6cfca4b91c0d2b4cb863da8f9414f9c256164784727e1328a2016bb82a3723eceaf3b5d5b6ff22aaed2fedb3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    53b5a577ed64884ffc97f550d62e7f38

    SHA1

    47a84eab174264a3691cb51e079cb3d715f1cf75

    SHA256

    6bb489a66067bbeff3c3b73b4e63c591d9bb22d4393dcdae704ae30a6b736a35

    SHA512

    6093655e5fb49855701c5d1933dd6d4bf4def030e9539c10aee9067e1b77bada0924643cb4ee6b0dbd42ef18a2bdaa51a7d4c8999b0928ad9d02d4d12f9c6f0e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1d061bd2a3c20b671531418c3a5ec0be

    SHA1

    8c363a29a24b0c35b3f44abb03aff24271c8edcd

    SHA256

    12ed0d4b80f7ef56c0ad0fc5a33d6c35115f74787cf1f0c1f218d585974e1954

    SHA512

    d94167ac57f1bf14505ffd1d678e7e5efd2028a195daaf172279dc7591665c9ad5f81c404a171e9936a66653d6ff59f77de8b69b6534bf7eafcc36f1c53f2e88

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0098abe3975bd4a3d64a54d2f499a185

    SHA1

    3b673fb2bbc805611fbf0cf53885a84acb11232b

    SHA256

    238156540c2849c99c088799fbc1dd8c195c5d38041ee7f829e00fd854af6e6c

    SHA512

    860f8c30da817560fdecfee012ba783839c4a58f789411556ca3dfaf673cef153b36ecda5e95606ad5a1a85f9014d7a28c990c14e1f3990a2d4fffdf536ac05e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    79d8744b9d47ad81c6ddc8c52e258a39

    SHA1

    d604204bb4f2cdbe9fdb33e3abbcedccf856e517

    SHA256

    ff242459f28328e14f0c229d921829a524a9b05cdb1d291e774cd900f7e748ee

    SHA512

    59f627c5f2a5f4d11e8618fede0904cf64d01a2833cdb5d364fc8ce2547887c4384246fffcd06c24ec2581a65673a66295b961b1f91af329ff94fb6fb01910bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0d190f59794227d3eb418b7c5b1f8a22

    SHA1

    8a583062084be0464e812c5cb408f4dceb77519e

    SHA256

    51b5b4488c47ce39281a24aa9d1cb38332d130e878bb83d83ad162ae4c35f5a4

    SHA512

    aadd96173862cbe6515c0a7d54033764397d0f58d8fbe120a53ac789eac25708863f6ad19a14714f08e920b2c2a7e9162e6190bbbc777f4cda2d224ff4dbda66

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    602a3b9d499e30bf8b43e50ee1b40252

    SHA1

    14c919de674bdf5b3b6f001b4f5f7b71aa8a71e2

    SHA256

    bdc78795d3943043a86b4e7af5078ee47f7607da3e320518e4ddba6fc854c2b1

    SHA512

    c0232a57aac1eb5b4129d8b3002e303f54d46a92779a5da7cf016ae59b76f79c390c9082ef677a2ec213144ab68b9d34315f193d41b7c65da69dac452f28ca13

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca4f3bef50b93663953d78f7b77b7189

    SHA1

    09eea35cec2c5b3687bb332da1f2f8bfde01a7f9

    SHA256

    e20dcc8d46140e358b00d990ee2b4a35576e391e8a60afa6cd292ae79421dc9c

    SHA512

    beb026abfb01fd5383f44842beaf20b330286faa8bc99fdefcd58dbc2cff287f106a1eeee53041e5382242187b6b173712b05ec0db67157ba230454156b080a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f201478bc8913f4610f04de296bfbe2

    SHA1

    046d916d84267e8c328254256a77f631b3d7760d

    SHA256

    3825a0e66509cdb2f611182e9eb8e1a4c3a463ea266f4e9898e3ece56e78f2cb

    SHA512

    69e2f3372d623121f002a5893d341aeee074f9ea71c3568d75f0a88090fa131b48b7238237ad09083e26510187f0400034fc119d03eb1cb509e4c79bd0272808

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    920c5509796dce59e4b7ad5e2c6a1e7e

    SHA1

    21174c16b06abb99f6f234988f0e25f6794e3533

    SHA256

    5d0c86cebbe426060428fcb722faefae47f678f10582377da2477fb885c7e715

    SHA512

    be5077b402ee3d1573cfda8ca86f1f6e83e89ede748c02d621e303ee24cf144179e15337be2d4b8443cec66496a38a68f6d9af0c1eb06c8250c935cb61bbbcfc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5a700d59ad8db1c938d6bc6e77104d74

    SHA1

    40f87cfbbbb1f59872b001e1108fc219f1187b2c

    SHA256

    7924989f6ad1614857d7afd236a236d441d035f42bc065869cad670609e362d3

    SHA512

    a8dafe8f33c95b1fe7566681ed7c4093dda939e49010ca87cb9edd2d64abb75b98657d291e9cdace884634d9ef044017adc42e59afac2007acb7c1ff6ec858c9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab736C.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar742D.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit