Overview

overview

3

Static

static

3

Salad RELEASE.zip

windows10-1703-x64

1

Salad RELE...6x.svg

windows10-1703-x64

3

Salad RELE...6x.svg

windows10-1703-x64

3

Salad RELE...in.css

windows10-1703-x64

3

Salad RELE...te.svg

windows10-1703-x64

3

Salad RELE...es.xml

windows10-1703-x64

3

Salad RELE...re.xml

windows10-1703-x64

3

Salad RELE...ms.xml

windows10-1703-x64

3

Salad RELE..._1.zip

windows10-1703-x64

1

Salad RELE..._1.zip

windows10-1703-x64

1

Salad RELE..._1.zip

windows10-1703-x64

1

Salad RELE..._1.zip

windows10-1703-x64

1

Salad RELE...s.json

windows10-1703-x64

3

Salad RELE...as.hyb

windows10-1703-x64

3

Salad RELE...be.hyb

windows10-1703-x64

3

Salad RELE...bg.hyb

windows10-1703-x64

3

Salad RELE...bn.hyb

windows10-1703-x64

3

Salad RELE...cu.hyb

windows10-1703-x64

3

Salad RELE...cy.hyb

windows10-1703-x64

3

Salad RELE...da.hyb

windows10-1703-x64

3

Salad RELE...01.hyb

windows10-1703-x64

3

Salad RELE...96.hyb

windows10-1703-x64

3

Salad RELE...01.hyb

windows10-1703-x64

3

Salad RELE...gb.hyb

windows10-1703-x64

3

Salad RELE...us.hyb

windows10-1703-x64

3

Salad RELE...es.hyb

windows10-1703-x64

3

Salad RELE...et.hyb

windows10-1703-x64

3

Salad RELE...eu.hyb

windows10-1703-x64

3

Salad RELE...fr.hyb

windows10-1703-x64

3

Salad RELE...ga.hyb

windows10-1703-x64

3

Salad RELE...gu.hyb

windows10-1703-x64

3

Salad RELE...hi.hyb

windows10-1703-x64

3

Analysis

  • max time kernel
    131s
  • max time network
    151s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    16-09-2024 03:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Salad RELEASE/Microsoft.Web.WebView2.Core.xml

  • Size

    611KB

  • MD5

    6c5c5290bdd2d4072d64a3f8aac6d02e

  • SHA1

    a610567951bf885e11ee5dabfd87dd1d37e4f50d

  • SHA256

    1cf4f0c0994cdb65fac609dd19755541ae109d917695dfca9c4acae08ebb850e

  • SHA512

    a77ad02fe706227712c231e7ccae084f8d74bfa490c8879117109746c3cb3bf77feb818e0de03880e03b46d22ad1b8cadd9f14fe2e69b34bc2770632a2311a48

  • SSDEEP

    12288:rV/cM0fctDZuwKxzdpeqKgan2xqfcan2NPPVeLoBWkO4am+7RufDufBSCspK2sSl:4pBYvfVO

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 54 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Salad RELEASE\Microsoft.Web.WebView2.Core.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4228
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Salad RELEASE\Microsoft.Web.WebView2.Core.xml
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4448
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4448 CREDAT:82945 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
    Filesize

    4KB

    MD5

    1bfe591a4fe3d91b03cdf26eaacd8f89

    SHA1

    719c37c320f518ac168c86723724891950911cea

    SHA256

    9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

    SHA512

    02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    48291c0d253961e62f01d3dc9b199465

    SHA1

    15cea8092bc3cc2b9e74c1b6a67ce6e0288b3f17

    SHA256

    555224aba07474f9decff68e4c8118d8ed0d835c3db3794cd78a02246893d626

    SHA512

    f081b5e0e55ae279c68bed2207fdceec9deff925f58deed38e43687ef68647272c1f7be52a80335c3af5f3a2c38ef38216081629b62e47081ef7c1fecc7eb078

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
    Filesize

    338B

    MD5

    74ab43315882d37eff112b7e481017d3

    SHA1

    9f3d37988c7fce569dcf29349230dd929d74ab37

    SHA256

    037cd8047efc11dd3838e03a702aae298c25b88b29ed2026e59753b37fa7bbbd

    SHA512

    c3e7e711e8baf765a8b49cb71da3eb41567ece208e737d48906ff76bc81e59d7d123f19e49d30c36f683460ee32a706b11dc3ba0dfc13d6eb7a91e44b3c43fef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    62dd8323bd86e8e8a7800e4e6393d65e

    SHA1

    93a3bcf46c89453fe6aecf9242a911d6e65b49ff

    SHA256

    73046d6bf6123dd1c6c4d968d9f2a20645fb8d0d06eb25d998713d438087da8a

    SHA512

    5fe7b5434b7fa7357431d0183ad98a4512182dd222042b2abc961c79412ca8915702cd60eee59b3c5161b4244464709059a547260615853f74bd8d4c42223f9c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver153.tmp
    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IOKXFE4P\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\HFS04LWN.cookie
    Filesize

    545B

    MD5

    9a2eb78c052882d8f97a5e2fac592e85

    SHA1

    faf97fab2c712f1f54292d334ed810095fdd44fa

    SHA256

    ca9b2ffc23286ac9247f51c682a6fc3eec7e344f98a6b25a28202dd9df46b94c

    SHA512

    584a9ff85f6e66acbb37c8898b915f5d748941088316dd66af8bfd53d8dcc8d7f62479cea7e0cd3b7795f649e0756949d63f856bb6832f192a9734f9c35d1af8

    Download Submit

  • memory/4228-7-0x00007FFC00C40000-0x00007FFC00E1B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4228-15-0x00007FFBC0CD0000-0x00007FFBC0CE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4228-11-0x00007FFC00C40000-0x00007FFC00E1B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4228-10-0x00007FFC00C40000-0x00007FFC00E1B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4228-14-0x00007FFC00C40000-0x00007FFC00E1B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4228-13-0x00007FFC00C40000-0x00007FFC00E1B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4228-12-0x00007FFC00C40000-0x00007FFC00E1B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4228-9-0x00007FFC00C40000-0x00007FFC00E1B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4228-18-0x00007FFBC0CD0000-0x00007FFBC0CE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4228-17-0x00007FFBC0CD0000-0x00007FFBC0CE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4228-16-0x00007FFBC0CD0000-0x00007FFBC0CE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4228-8-0x00007FFC00C40000-0x00007FFC00E1B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4228-20-0x00007FFC00C40000-0x00007FFC00E1B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4228-19-0x00007FFC00C40000-0x00007FFC00E1B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4228-3-0x00007FFBC0CD0000-0x00007FFBC0CE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4228-5-0x00007FFC00C40000-0x00007FFC00E1B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4228-6-0x00007FFBC0CD0000-0x00007FFBC0CE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4228-4-0x00007FFC00C40000-0x00007FFC00E1B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4228-0-0x00007FFBC0CD0000-0x00007FFBC0CE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4228-1-0x00007FFC00CE5000-0x00007FFC00CE6000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4228-2-0x00007FFBC0CD0000-0x00007FFBC0CE0000-memory.dmp

    Filesize

    64KB

    Download