Analysis

  • max time kernel
    120s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    20/09/2024, 03:48

General

  • Target

    SendLink.url

  • Size

    61B

  • MD5

    f50bb685c735a5fbb2796086f49edc2d

  • SHA1

    efca8e52c428bcc045e34422f8d1558d24d13ba8

  • SHA256

    3110fcc032405e705e8710e263d43f38c2ffbef6054bf58ef38a90741fc838fd

  • SHA512

    fc4867586e6843710aacdbb6dd922f297570c474e811f74581e6fd3303e1b7e5e0ef4ba4c8248704f2dc08adef9ff4b2343d578494ec21464101f579c3ae5fef

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\SendLink.url
    1⤵
    • Checks whether UAC is enabled
    PID:2748
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2828
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2828 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2736

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9d1633ca31638a7c8e6057836f0bc2c1

    SHA1

    69b64ea326bb447b5a14ad2d881992c7a8412540

    SHA256

    0cd75fbec386dd5ff13cb6c78319739c00091a78a8981de391601d56d02d355d

    SHA512

    c908f1542a079642f2364bf8e2df752097d70bfd3d113dd72b48b885c28f4f671054e41cfdae498a538a130715553b956b795259a314430172d1900327a2ca47

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3e8341f95e4257f28948098f51dae5ae

    SHA1

    3086912c5f2da3442505ed8c40b8e14e1710c230

    SHA256

    6d678e647abac952128a1cd346b4832c35a486ad4279679542cf98cb684667ad

    SHA512

    8c95d15f671396fd96c16bb4545bfd0264e16dcce9cdf484611ac2ca8020fe9e9e8015462d034cc36c2f04fd6d601aa521ccd2986b83db18bed41c060b1f7512

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f2a18791edc4d8b8b7b735853cfcba0e

    SHA1

    afa5c0e5a085fd31d2c332c462ecb88b233109d2

    SHA256

    8d1c6181047f8c7202359076806059c58148ed0e95ba5d148f1059885e70a44b

    SHA512

    242b5ad7cb93cdc8c20700a6d99b9f69407370fe3472f4e81ee06f5ed8dcab1c74b4c9e1ad097541fa91f43f54e46dba4c91d3fbf7a89958019c8931a8bc543c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b28d549dac9f7663a6374efb13c48d09

    SHA1

    f7fa68a9b51eb5a85b2d0811c3e3a49968626b84

    SHA256

    a068a4c937f605685b9f9af744b3ac71d3645d11b118e9b6bc6b13a28191001b

    SHA512

    27aa85a7b4d5253d7afec43217b31ed8e2bb100267b8c8f41e5d181c81009a01a64beaf9207f0c6d8864f44bd2aa9eb5017737e9d31f4a25294c026c9795b794

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    00955fbc9ac2ff8743b3056ac26d3484

    SHA1

    819fa9038e8dffecbad82037b0c337b96c01870e

    SHA256

    0f9eb045a343bb4cfe7d5517b9ab4de0ebec464917ad745bc6f3b5e0f6a8ab14

    SHA512

    d904d32163c4c7c70fa10efad6727e2a477e51b03437aa00d467087b3c44a347d5d52aebfe78feaf1645bfed8f199da95c3da495545106f79b516522722b2850

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f5d38700f265cc17c67540375ede008e

    SHA1

    241adafc9d26b102eb1c8df506f226af221129d4

    SHA256

    fbe974f8b8fa739734880dd09ded1723b01a192372b439a431fe66ffd4487e17

    SHA512

    5a81dde28cb94b060eb9d91fca17d8a80a30510e5e99b9f101dfaef9ee97bc25b086ad4c39538a8a56c22e3349987b11363f0b7aaac66bd3972a945037baa37c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    19d0df3fa7ffeaae218a4a49d4e5890b

    SHA1

    74f0861faf57bde0f0da5abc9b7eb27189901d46

    SHA256

    800a21eac15f749e0de8aeffc818669c49c062bc404f0ff50b1d2e64c620af98

    SHA512

    76906a0eea5860bf4e6f5059a0641beff0fdda6e4be5e2bb703343275cc3d8b75d981f7b498abfc59c344fe06c7f0c9b6ced6da1e8c3dcf4a88b381e082b537e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    faf3bcd864495c4fefe1c367baf26fca

    SHA1

    5e09dd865f0244ed8329adf0d0d9c70abf3541b7

    SHA256

    3eb88c449e557569c2d3550c2755c2e809fefc0a221336c404a2f023911db4f1

    SHA512

    56a533c8f894ef6c1c423880b4ce95892f852c06938d40e3e605f3d42b58f4116ee1bc7ec187d17d494e2e0c43c0502f69a00bb03b198757604739c8fad9cc95

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3400eb8b000ebea78b3edf6f33a46d85

    SHA1

    ce37e4836549e07e73996350488b26217aa59e2f

    SHA256

    f0822feeaaca14dee9d7780bd25d7f6bb68e4edac3ae4aa1f54be9cdab00052d

    SHA512

    5ced11b6c420e04f26b2fd32d2c0b10a5305dca2b0674c7a1ac12f8cb0b42d795d27ab762e5044ef4686782d3d1d4c8cdb3f885f34c73ad2240935d9d35e6973

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2ca94a974152554a8a035c4953f5420a

    SHA1

    a9a289701307342d8b31ed7709030794b28a967c

    SHA256

    717943fcea0e10802ca463488d3e43bdf762acac3f3fc182d6f299f50ad473c0

    SHA512

    0b1af0f89144bcec3b5a9da88c6e3cd13321422c2d04adea83eaea437c68017b37ab42251f3e31cdc1cb959274056ccf67dc1daf5016b878866dfe56d9932aac

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a536431def38bc399ed34cbd2f8fea07

    SHA1

    86738ded84e3423375a4de341ef18b4e3407c14a

    SHA256

    049b3cd8ac184b3a3955c822066fa4f1d60db6d8c00f719b6e3cc107030fdd7d

    SHA512

    b3d8b47fa5b9f22e07dbba2d5fa5bf40199ce01fb3d69955ffa0d5a165c465749f03b5ce48b7e5159e664285ed9569539df5bbbe3ac3a8576b856822bf439305

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f2349e8a293f6f48bd0d657dd51caba7

    SHA1

    1861fbeaa5d297e1278c85e8a6d04aeefc2044af

    SHA256

    5336501914f76e04a0463235fb83a1b1b441dfd7a7c5d32e2ca22676d1d8b21c

    SHA512

    96208b9876ceb98d0751ad0a4651f89a5733a921fa4b20a7f93b26e9ec23c0510b1d3db22b974385c48359962837346c1bb5f4cbe38db171d143037c7ae686bc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    62738a1bfa5382fb139478861fb069ee

    SHA1

    ac09a47fe754d03d326d0f3100a571baedfbd794

    SHA256

    c96d3a6b2cb1ac35155d4ed710166478054b7fa9f608c14d6ac61cc5d609ff9e

    SHA512

    fb3c51a12371cdc40f385f7a874ec868f7f86fba4539dc79f681239e7f686c819d358ce815853185d86eb890de90800fed5f27f6837680e1b20f064721a62d1b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9241240dbbeffdb187ca55e0944224b4

    SHA1

    2b9c68f23a49d983ffd1ca7677e5fe872fe4bf65

    SHA256

    831206505dd7af7bdfa61b9fe79910b982de999ef8187e9acbb643c5ae460299

    SHA512

    c201cb622e33429f4271ce83621b0375e5631efb7fde557f7f4d1ffcbca2ef4bf319d23b453bd6d1773de3d3cac440472210bdbad1d51e5d6be3a41572813e1a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f76172f010b6a03bf52bd9d0a1dc2177

    SHA1

    7b9f6153a109bc0217973563997ff7a9b99e0c83

    SHA256

    9304c5ce3fa366b7e38f5a16fe285874fc8e0311c58d2b6b85a056954ee39f99

    SHA512

    17ed31dc9e609499650063e8fed4f53354330cc3ff4d9d47be09ca2954ebd975d84d7ab891f3c4760f99b6f5203b4813fdbb8e89fe5abb2cc7efc14b355a5ee7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e3b7e76bd460a84c099949ff1f946ca5

    SHA1

    8f9e56749ca4d7c39d3e6559936ffb801090aa02

    SHA256

    2cccb21ec35f9dfa46672e30c62ff1535edd68804512d93f893717a2be7d6d40

    SHA512

    756d793ac414ba737006be852c34f9eb301cbe60be4297b3767ac1c25b18a0d350c0e84ced6f06695ae16e0e8253af0f2c0e62a309d6c38b35c41ba504277add

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    db59067e6f95592d84c7897179b32e6c

    SHA1

    4e6ec0bf9de843fb37cd4bd6583cae3314c3b628

    SHA256

    375f4e582755939938f766148b7d782ac133570beac6035896ba736f1f057625

    SHA512

    a38d858d8fc772e7b93dd3e6a311f6cdc84bc8030b65ef5e356a9265d26f7943ff76dbe4fdfb35feed9efe3315b0e7d87aa387523c7664c8e507a2fc6941dff1

  • C:\Users\Admin\AppData\Local\Temp\CabD6C.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarDCC.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • memory/2748-0-0x0000000001F00000-0x0000000001F10000-memory.dmp

    Filesize

    64KB