Overview

overview

7

Static

static

7

NO$GBA.exe

windows7-x64

7

NO$GBA.exe

windows10-2004-x64

7

No$GBA.com.url

windows7-x64

6

No$GBA.com.url

windows10-2004-x64

3

Analysis

  • max time kernel
    134s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 10:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    No$GBA.com.url

  • Size

    47B

  • MD5

    ee679e8c865bdeb3b69c0f08887d6a77

  • SHA1

    c5c00e4182a9d4a6d8b631df9bcd76045499742f

  • SHA256

    43e604518a55415eaed6bb103bb2a6384d1655bb8b0c527c1e4d22eda97421ed

  • SHA512

    613ceab71969e79545a25b0686a3700ed8d306686e779bfdc1616e6a1b7b466f51995f20b8d85ba6955cc32b8610582320a10a38030255c7e6af50ec84c2f52b

Score
6/10
discoveryevasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\No$GBA.com.url
    1⤵
    • Checks whether UAC is enabled
    PID:2524
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2312
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2312 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2412

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
          Filesize

          854B

          MD5

          e935bc5762068caf3e24a2683b1b8a88

          SHA1

          82b70eb774c0756837fe8d7acbfeec05ecbf5463

          SHA256

          a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

          SHA512

          bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          914B

          MD5

          e4a68ac854ac5242460afd72481b2a44

          SHA1

          df3c24f9bfd666761b268073fe06d1cc8d4f82a4

          SHA256

          cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

          SHA512

          5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          1KB

          MD5

          a266bb7dcc38a562631361bbf61dd11b

          SHA1

          3b1efd3a66ea28b16697394703a72ca340a05bd5

          SHA256

          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

          SHA512

          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
          Filesize

          170B

          MD5

          fbe5319df65a64bd03361f860d7aa63d

          SHA1

          4b87d40145d4d18a20e722e9de44af9186177f0f

          SHA256

          73e2f801ae6fbecbd949e076fd33c295d202dd971be81b9bdd7ad22a397b52b5

          SHA512

          c07ac25f3ae4edde52717efca163ab6e9528e41729e939e897d358d96fe78c8908d0a1c194819bcc423a03b544b22005c22a3fe3fdd55b6a6ea2837204e98774

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          252B

          MD5

          5055c0d7699f122263ec80c215622913

          SHA1

          b25aa83c9a12a8df2e3f33868b3488d1d5788592

          SHA256

          0047b76c10a6c3d22b31f57ea067c82c7991f30d4ca31fafedacdc42ea840015

          SHA512

          561b35f6356a6c130544f906128e41ca2c8ec4e7cbda5287d16e65d49041ce951ce279d179cdd66f41f0ecdec260d49f86a77e237a8c64a455594bea811a0eca

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          2aa321b69901869f4430710cc6bb7107

          SHA1

          2535288559316db7654a03ab4ad7f18aec272611

          SHA256

          c6c805920650a1ce590188f8f9222fafee05bddf4712675e26a397544eb4fb85

          SHA512

          53eb3061923d2a6b5a46d641b81c2eea049ac678d602c4b60e4587b2fe2411891fa1a9722e6f1610875817c44d0fcff52ee16740bb0c39d9fa5134e37e06903b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          063b5f74f69bb21d58341f332f74e6ef

          SHA1

          d4904c66929236a604ec2b5673a6303d5ed1b500

          SHA256

          2182cb6a40cc98459772287dc616e88c45955cf2855e87c37db0a5cf54d86c3c

          SHA512

          18f7be84399ea50cfe9d173a44752518cbdf5c75fe9a607b6a6029a0f28b466f6b0b037f7430a5d1b3cec323d676445100e4afc985deaebab2ba2eab5db9bd48

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          2008fcda0b3029f797fb70027d498566

          SHA1

          3d8335bfc63999b997ec4ccab534ecd22c65563f

          SHA256

          6505c6f9c5a3e48336337990fcb3ce9fe628aed9e64e73cba6ed67add907602e

          SHA512

          2b7700192233cc47803439d84891035d01c8f83973d798557b71892f828062dd8d5b5569dc3ed6216ef2f0098df0f681aad8ff9dfea6d738ddd0d19bd0739c12

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5538378f984839eb30e593cfd73db3d1

          SHA1

          74d8ee3a41365990df3a50ca4c35b0f1b55f9c83

          SHA256

          532609719b203af3c5af1306377df0aa94fd744e34d95ccd600dd6d910ee389e

          SHA512

          36ea6f1f80f55c133a0b86620a29e6fe5e6a2b368f5a8b56b646cec6a77e5d56a484bd94f87bce9a74818f91d2acdc3c24aac4fd3751327dde4044416296c781

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e55bd04d6ac80186decb2ccbcc691f58

          SHA1

          d44b50c070fdb8e9d49024625d252e58db48aaa3

          SHA256

          5cab51a4db0c8ebd27a92ff36eb91454bbcacf8d53e95da9dd5e39191cd46470

          SHA512

          0d2c8edc8c0fd0a2ae9dc56d84a7796ad37db241e5975de64cdaaa524bf06cbf51b4a610ac8fb65cafc1ccdee961fb3296c8e492bb88ed2c4f94f081f910619c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f078e70ee47b985fceec3a06b61fc072

          SHA1

          2c16f0805e2fae974fa64b10bbb51ab8d7753b18

          SHA256

          3f353670cd623476b993589f3c417ae34bd7b4630a562f9b413e73371ed87073

          SHA512

          f92bc19774edbb6adca8bbaee8ac4f718769e69635b9133031cae2c6d734eb6e8ce61ab26b9a90d5300b88d825d2153c3f35658b7158cee74890e288326851b2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          be2c85b4ef7ab1e9465e1128c0307fed

          SHA1

          97a147d35a4a2e40cae6c5864194b82ccb6e442e

          SHA256

          bd55cea9c447902725937499ef8fd2ed747bf35b90967ab948e2c24920337426

          SHA512

          e42066b43f4b1b65c3ab9295d0190479eefebba1fa86f96c1bac9c6b017965daaafa7343111a435196cb3d327619ce044582dacfcc76d988d7926633ab1d4b08

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          bac9266a5364becf5f8b9e2618d43a6f

          SHA1

          7f2962df1a697400cc45d9d4620007419d5f82b7

          SHA256

          9cb2d8c492db4c09fc7de645ee5d69ff47c7f97e06ec0322f3c2c765af921c02

          SHA512

          a9cb8f7d486a223be633c1b298906a6aeb190f02188d1ae2b1999fddf797e3f890869310bc9ca149dc8d184cd087bea18836b751013b97be105122ebbdde892b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f0a4fb495be02915dc6b0f0487f96cc0

          SHA1

          034520ef03eaebd23dd738e0b4cd3840c9cd82c3

          SHA256

          8a1ea7e0c30c566fbfc0acaaabd30d863d8a239cde99361dd3b8dbb88a894815

          SHA512

          5c45288dfc90df40e3c4ac6ea91e2d409d094c7525fdce4afabb8c2f2c17fb3b63c432c8ad55bec73407096c0a7b32af8104a1584ed7152e1a2a947a8a52ffe7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f933349fd7a7679857c8a362207fc1c8

          SHA1

          b436e43c47028b6a07506571c9057f206b480a08

          SHA256

          4a6b484de0ef5f5622fafb9879ae74be22ed5c6873f8a6549e2b77c0044e45ad

          SHA512

          1d084872d60e9778fc735c578e5ac2a222098657ca3e83af6f42f6250d295c3e86800877fce3f43ee3f134723122d67f53a57d119ef24804c42691a9cefcf2f2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          be5d67c78102651e11ff4fec9b372a03

          SHA1

          d84e64bcad7037868abdc1abb4f0fe90b60183b6

          SHA256

          9055854bc8f9eef6f7e8ce8cdcd3b1289fcc3b1a61a3a2f1fcf86bf6115b2af1

          SHA512

          dca995d32ec87c30fa42ce2307343cdd3aa5c4c8ef647a2e2d40070db4107da3ca5a9c7f2c3c9b8e860eca95adbc3f2eb43b4a44494299ab700926446260cbbf

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          98f88efb79a84c4d0efc8a1b9375a9b8

          SHA1

          2a42278bd5c154aa90ba4e977b3a848861d6c6e7

          SHA256

          75d10855665a45b698830efbd3bf533395ec1fbb0b7081221bf510314b2b21a5

          SHA512

          8f83d84b59fa2fbed19520b0663c2321a19130abe016e04713aeec3d0c969263f74b1f951861cd44a26d02f9fa729a9ac891178ed410eedb7af563f305f7286d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          70a523f6298a56703e936403729c38fb

          SHA1

          1c9c1844e4cb89bc7bb60a21b7434b7a6672ed98

          SHA256

          04ab8aa14abf63c1defd79fb149379f2abb2c896ec6067d97111eee45be72ed1

          SHA512

          13bf3078acf1a2ab95f09dc8021f961006adfe0e10aa9a955a379138ff2f0eda0ccd9a4e2260504cb6c494265e083b70cb8ac0e94d41d5fe1270af24131541b6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          6785eab879a998b31cff66ccebdf859a

          SHA1

          94eb2b5d259fbccb07d8b2373ff35069f3c34060

          SHA256

          6e028aac72f0ad69af48029da4dc29eb3fc412ce90f8e6bd2eb06e99d61809d8

          SHA512

          c6c38e9e1190ddf3a93e2eeec1c154af346f6ec7ce0e0d38863f2b5b747021dcd88cef8986264809c798a0e6e6f7679bcbc66c345b9869598677b59e47ee02ee

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7b0d6d0ef1a6d7b51730af99aff5030c

          SHA1

          f645a46eb680018557a2f1d628023b5aa466c8b3

          SHA256

          e338b4b3295ebf7326500769f9a66931c8ad1c10e3cacf091d6a491e79b81a65

          SHA512

          4e04cdbee5a7804e926f2289fb3c970935942e0217f55f1c71697361942e64b47bdfe0aba81fc20117e557c4731023ed062e49ed998279dc7c672acbd94081a9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          074b7df94bfd7efc4ba80ea1f0c23164

          SHA1

          3bf7f56b865e09e9a16f3d8aad276693edf6128e

          SHA256

          2811efa776fe21feffadabaac5dbacccb2c25f87d0ff558c4a2f9982c7a66ca0

          SHA512

          618d9b07510019539b12cd12dea4f2576a100c5f7247ec855498061f8e132e8c2da565df659b3a15b7c6c05e163b874ceab9a6cba63c1a0200954e0baf205910

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          48cbac82a5f386e3bb2e4206143a73ea

          SHA1

          0c7ab5c105dfffcc4808eca43dafdcf014f80e27

          SHA256

          e19dd83ab64683500dea4c94f7e3f9b0822b82c2aec9eb8100c6488aa7b2af24

          SHA512

          722ad3dd89a774d98b421f25975972f7f5fb28574c0528c2d185a13203dd625e3b1070e28b0fa9b58ad4ada43fa0b29af24b4e43499ef588d31e1ddfad41410e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          242B

          MD5

          461882c9610cd046125f4a3d374c38c2

          SHA1

          caf7d12b93af3f35e0b456cea1fab400ad74ace6

          SHA256

          ad2b29e524deca2dbc802922c5890931c5b5caffc661ab305cbbca5c26042435

          SHA512

          76478432e9d57f6bdbfb098ce2c9a329131ac7ac5ef58da222558651348cacfe6d93c31c74facba64b2915ebc74a34e15f66412cdc5bd4a4f6a839c1b52d8e17

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\pzrzu69\imagestore.dat
          Filesize

          5KB

          MD5

          d4fcf8a1b026e09d68625fc569f34367

          SHA1

          22a1cb79cc3c670f8bbb36c49f20e04aa5a9d497

          SHA256

          c75f1e5748de7c6b245b9158164997807a31735c64415cdc37e19d5a718f2ae3

          SHA512

          aaa82970664750a063a21769d65da2fecfecdde34b528faced533c31ae1929fad25c8e42209fe3d15df7faf83b5502d66f76bd5ad7189cff1664479ad08e33d7

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40WV1DY9\favicon[1].ico
          Filesize

          9KB

          MD5

          dc61c5f4d2f89d8c8d78bf4a3335877b

          SHA1

          33d372ad34409c430743f55514cde6d9063d2f53

          SHA256

          81c365b3208565417b9188f333dc8e7353d9215eaf0be17ec129b3f5adfbd44a

          SHA512

          6a1c1d38cfb2141c1d1f0f4266a9aa288d65ef79b3578dcc8f3b451ebb0b96b45ba7c7d90d0a9ae3e9dc444774dfd614e9a947f1c28a8ba022a334069e6cb467

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab9975.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar9974.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • memory/2524-0-0x0000000001FE0000-0x0000000001FF0000-memory.dmp

          Filesize

          64KB

          Download