Overview

overview

7

Static

static

3

ef4d5740e0...18.exe

windows7-x64

7

ef4d5740e0...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$TEMP/spltmp.exe

windows7-x64

1

$TEMP/spltmp.exe

windows10-2004-x64

3

Mwic_32.dll

windows7-x64

3

Mwic_32.dll

windows10-2004-x64

3

POS58/pos5...DD.dll

windows7-x64

3

POS58/pos5...DD.dll

windows10-2004-x64

3

POS58/pos5...UI.dll

windows7-x64

3

POS58/pos5...UI.dll

windows10-2004-x64

3

POS58/pos5...58.dll

windows7-x64

3

POS58/pos5...58.dll

windows10-2004-x64

3

POS58/pos5...OR.dll

windows7-x64

1

POS58/pos5...OR.dll

windows10-2004-x64

1

POS58/pos5...IB.dll

windows7-x64

1

POS58/pos5...IB.dll

windows10-2004-x64

1

POS58/pos5...RV.dll

windows7-x64

1

POS58/pos5...RV.dll

windows10-2004-x64

1

RWic.dll

windows7-x64

3

RWic.dll

windows10-2004-x64

3

mpok.exe

windows7-x64

5

mpok.exe

windows10-2004-x64

5

readme.htm

windows7-x64

3

readme.htm

windows10-2004-x64

3

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    21/09/2024, 07:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    readme.htm

  • Size

    44KB

  • MD5

    5eac17e3fb90fd6a909dc0082c8408de

  • SHA1

    42576a8cadc9759cbbfdf7bb8c4f90c1cb5a6fa7

  • SHA256

    aa874f47528ae751345d9130c9028ca2dcf03138e3152a3ae0c5b320b52da932

  • SHA512

    23063ad1777846c5723baa6e683b2129cd5ada2aa03d77b518bb781c02f754ae587e5859f2d9d05e487c5866ab778df2e9de6ffb1475665cc412b491e616a705

  • SSDEEP

    768:zgb/lhrT4n/PXX2lLPsPeJhdkemlIdYrQZ7RLu:zShKPXmlzKeJhue0kzRRi

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\readme.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2820
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2820 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2780

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2a542bc4c81405d14c258255d90c7381

    SHA1

    7852c4731f4714dcd6d4eee0616a533624ec1f96

    SHA256

    98665cb2f342e6c2efc7014df604f8795082ef9d17f98174eded00582963d04b

    SHA512

    a0c9091173cefdfb0b0dc48985b68d8c88bf9ad94247c02b181f737d26e2d6fcbcfa9714655cc64201c5c74808403f2727d38457c442d131c51b87122ecbcc37

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    752258e177d09501608a00141c6cd50e

    SHA1

    c5f4479f45cb7de9b648ec7bb766d1440fe708b1

    SHA256

    b6f608eca0a386e6ce63e676e6b2cf1738dbda01a091fb83dcf21ee155b26f91

    SHA512

    c43f24a6199ca610a2bc0296cf152192179ba2f85378f8f60c4fe45c502e13759a3e9c2f21cf4504d9aae50a4d592a79a69b29f0ceeece4f55de4b4d2c24f30c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d657be99110443309c29c52f4b783739

    SHA1

    3418835a1aeea030a25ecbe70854813988f5021e

    SHA256

    5dcf719095984aab8bbc1e9ed01d7d80493c7d1e3c80ce7f6d29653488a4235c

    SHA512

    871141f4707b1d4a9d880e8b9b99fdd413bdf7039bb0fecba31470b271e7d54f37fa57ef8809b811b2ba7f7e401e5a902d3ca6c3d3c00cb364c8e990f2d1904d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4a26f0f6bbe584d1bb1822b830b9eda4

    SHA1

    c080c2ed392ee0734ad5f680b25694c4d6ff698e

    SHA256

    8e46338cd3365f92a8b0573fce091cdd6113be46be7a4ec78919fbd4745950d5

    SHA512

    d47422fa430e9a66c53743401d82c33d228b3f329448294f52985e4980b97e8d3fd65efc91f1d5171fc419e18ff0731877a219418e411cf563d7b02c78db7950

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a93e760ac2c52d86b44902b6a2d4859

    SHA1

    63f2ebfe50bf9ab3c4c640aad223c45a5b611926

    SHA256

    4c3d1394cf019770536bede861e7e24ce416c197f8806ee99b0005fcf282c0f4

    SHA512

    905095679ab9eee596f656483a827a13fbce570f31c97b11ba3e16b0822d72345bb2e01f5f5ad1812ba9470066e0262c85889ba70f59433d3079254bf67db418

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a9d0fa9a7ce8a7e4f5cf2611fdace67

    SHA1

    dcd8d2ca0b1b42ed631768fe958ca06c6d40d255

    SHA256

    f0aaeb815394cfa031c4e5605e35da201d48bec82a0118637abd67c06a848b06

    SHA512

    5b73c4679d244a653d2067ad422ec8dce6ea952cf86c73606966bbbf56912628440a64ae5adec7eec8b4175e0554a877e467d851cfedfaa83215203fd8309887

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b6b571c71fda6dfb34a6d81af2fc339

    SHA1

    eb28f5f3587ea481133aa3f910a06b05d7070f3e

    SHA256

    80904c0e1c4027c9f654b440c6cc068d4998c79432f0363094cb3ba6dd41916e

    SHA512

    903c8bc1d723dda21374b1ca83391fc2e22ef63d63c838e29e1f913af6410a4b1a81c6717ccd81314495731c1ba36068b9dc500e568c08e0c409c9875cd13b68

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    955ebb85c5b9dc1203b8b9884714eebb

    SHA1

    f999dd25f667a65f4e6f82ff9920476a2cca2c04

    SHA256

    939ed381f1d560f7851079a5c771759b72b4aa8e7f510a8f3e9415e763f44b9d

    SHA512

    b320b41658b0b17cb35467aec5aae0374035f193ac449eeccd309c3592892e140cbfea060e138c30838d7ef595c6eddbfc357a5f6664ecb5d8455e4fbc6f10d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c32d25cc013ccb44425cc8a4d8b682f

    SHA1

    9e1ccaa6349d7a05ec963cebdf63e7034c85e857

    SHA256

    615c1df0d84cfa018484f4db410c78afc32ddc5bd0e11014dc4ca2f03a570774

    SHA512

    e410a9a80f044fabb2ed73720ddbab6d9fcd19831c567405b5eb5145fdc9aced554a09c959377338b6a5f38ddd7167ff13d34fe07c94f3bdc31700b6175cbf98

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    62b40e598e312dfc93ab247ed6876e10

    SHA1

    a89a350e2611a8418dd26769422eb33d83e85af1

    SHA256

    7fa279fe052a88fa461ca1ace33d418793e4c384ececab3b705530780d799d3d

    SHA512

    008f97a86e57903f519e92425ba085d987363110cd5c01d1d706220fa1f35bb1a28cf7b1c50192226f486138ec5d54680ff11130f054fa1df7fa07e5d2ca368f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    67b6cc8c8953c7af6345ffb2ebf8fb59

    SHA1

    5659afc5875898cc29da7e7c585198b812946e7c

    SHA256

    ee5c1626b20f7e8c2ee98da3684e5f5d8e77abb9df25dc0b36da726e2d4e9aa0

    SHA512

    3c795f13a650f6fcdd950989085f73a3cbdce6d7ec61b319b0d8a49540bb37f0aee7267c6f4638dce1fc5219a9402dc16a2e317a4cb832f525f1007b82981a76

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f91bb9ddb5dd0d0d50d1600df7744181

    SHA1

    ddbcc46f44d63e1258f8913709077d7210801a27

    SHA256

    0d47b1ef24412f4c035965429335762c2bf2eeb62f74fc50bc1f687e69dc6652

    SHA512

    5270ff48e9ed2ee7ab4af98f39c65f814298b209a01e07a8ebe89555099e8a692615f184308481d1b8cf86fecfabefe6570c2370f2886a1fc1cc96f50d2cab1b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2b4c8d1556b1dd5452db139b43fc268a

    SHA1

    70b5d26d9b45f6db1ab3551c44a2200e7fded0d7

    SHA256

    271ecee265fb92fe8775cb8f76a51b11676669c1917782290deb3b2766c4376e

    SHA512

    f368220bb26ff6cde0b2d02bbe55fe2caa87ff4a901880b7e62a91f445998b35419920bed1bac96c5fa31582e92da9711eaed2f70bdf0fb4ff55793bf67d17db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3d304df9a65556151807f0b3258f95cb

    SHA1

    5525497417fcaa29077ef8b41d9b6ac77f385bf8

    SHA256

    f9e99f1427bbea6c5e6825491f7dfbc07a05a4ddbe49031c0bfb6b667a0ac497

    SHA512

    26641864e17f44d4972be65225d3fce2830856b2c4abd3b15a53e1ea64c22ac6bb13c29854514fca8ef7e1071289732632780b3e1826ffd51e2e47e24f792fac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    18b7272530abc4c8f5d1e55e372786ac

    SHA1

    86b1e6b516eb0153904031de84d2b8ac1514fb3a

    SHA256

    cd6bf4605a672301da7618a3fc80d2aaf9c185d77169d653ec9552b56f577224

    SHA512

    c2f8a8d63538478e7a024583389dcebe2e79874f486926569f273f11455d6cd25a533c077f25bb1fb86ea30378bb52e344b3db09f95e992a23242cf717f8ed74

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8059b8d6d856beeaed54d922c428f987

    SHA1

    27b263dcb568c43d06ebf0c5749bcd1c36068099

    SHA256

    81b780ea279a1318992d2bd7f6adf6e5f0c703971d029ff9d1f0d2d59ca4dd0b

    SHA512

    2632c77a46fbd9808a0abf47fc6559b6e0cf0321959dd4738e3e150f15cd88e7b3c86b3631b99195dc1637b60f9ddbf5da415961dd8a4b087c0e88e9ba0a3c09

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8e544a2b3162c5eafabd9d19d824ef66

    SHA1

    361579b57ed67b1451d3ed533e6e7b7f3c8977f6

    SHA256

    1e25394a242b83d283a8ec93b5360a611a76a4a8457cf0a3565ec4586b6fa2b7

    SHA512

    a12fe07bd511844860b2321bc694b3e55b61141c2c5348a43cbea33991954790dc8544b47f30291b37bdad23ab3f154c97df5e7f7ec9b95df90a7cca8c20bafc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b8666582cc204f14e97dd10145c0f40

    SHA1

    23767f46dbc51d2addc274408e63ebf39ec61005

    SHA256

    2a04bc87a1289289d0275d7fc5a9465c6634db1a076663f15fcefe7f4158ab0a

    SHA512

    67ca101a5fc9d41acfc2157e0d0dd123a017e62a2d4aaf946e15462229c1742bc3f91d4fbe65f72019217e8be559ee8788c482ed487ed939682a0f3e1d18c3a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f7cfa3ac7205589be583441d3d880ea3

    SHA1

    9698fa7f4e7db119e7e8fee4fda7da0374139cd5

    SHA256

    c1f7277147a127abf62b8b8977f031c2f54bfaca07d6b7d91f8ae03ad34b5368

    SHA512

    a5889eb25908ad5be61bcba45dc26302870204026bed3215cbc96d6781bb7599aa40adc4de94bbc55f85a6591bc3d8050748f0f9b9a7e73e77f9c0bf0d453c3f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab1F47.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2005.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit