Overview

overview

7

Static

static

3

GooglePass...e.html

windows7-x64

3

GooglePass...e.html

windows10-2004-x64

3

GooglePass...se.rtf

windows7-x64

4

GooglePass...se.rtf

windows10-2004-x64

1

GooglePass...or.exe

windows7-x64

7

GooglePass...or.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

GooglePass...or.exe

windows7-x64

3

GooglePass...or.exe

windows10-2004-x64

3

Readme.html

windows7-x64

3

Readme.html

windows10-2004-x64

3

SecurityXp...se.rtf

windows7-x64

4

SecurityXp...se.rtf

windows10-2004-x64

1

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    84s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    25/09/2024, 18:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Readme.html

  • Size

    502B

  • MD5

    fdb9d1d72b18241777626a9684200a17

  • SHA1

    cb2c46befa50a9c5ee61662b5a5813ff16658689

  • SHA256

    7dea6758ac440d2976253c48ec50237e630ba6ac063629cc82ca4e0dd8980dd2

  • SHA512

    5eccfe46b48ae6472c9609a928fa3e59db3799f892f804c0051fca7153090b4c594bada51f15a9da2569e4d6533afea8a4fccf83eef9396e902955c3e429ad61

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 43 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Readme.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1308
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1308 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2212

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          914B

          MD5

          e4a68ac854ac5242460afd72481b2a44

          SHA1

          df3c24f9bfd666761b268073fe06d1cc8d4f82a4

          SHA256

          cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

          SHA512

          5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          1KB

          MD5

          a266bb7dcc38a562631361bbf61dd11b

          SHA1

          3b1efd3a66ea28b16697394703a72ca340a05bd5

          SHA256

          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

          SHA512

          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          252B

          MD5

          4d695ef5c428593f178d74cd5853fdaa

          SHA1

          e5ef53b8f35e155091414fb34e4451ec1e10b58b

          SHA256

          fc3b19a10e32bad31ff5ddccbd467885b92b56240c762787b451a84e8639a9cd

          SHA512

          0427c085fa1cf16e109a0fee6c2d3434c67c72f749c26c470423f65080496f931ee723c4a8a0c7f77f92e6714dc7f52f2cd784371763cfdcc7bfe52f90adc28b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          aba9cc49a0cb902a71d6531386449619

          SHA1

          c8f84346f155c06fc8bbc6862ffe0cbcf08ca7dd

          SHA256

          faf4225c25acfb448dc68063c2fb0393589b946634a494c3c391ca3e3b1c9cb6

          SHA512

          955b1396886fef88ca1055bca27f672ff5c0e97d3c9f338bc39d678ab0fdb6dfdc03255d4ae4a62abd78f636eb0abd54b02765fa8ad26f206f4381c7727e3178

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          08d373844f0dca9425fbeb50ad1f3630

          SHA1

          310cc64b85055b5d1104b50c1d382c3660bd5af3

          SHA256

          0237d0e4e76258dfe81876839d4955a2a09b4ae3243b02118a57126851c62b75

          SHA512

          30b5112ff1e7fd7ac55c6d426c1536af9984ea894ca9609e72fee439d72901032fa4837b7eff098a5f4737e1432c3a5f888373af54523cb75610b2a8e0c2e272

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5f648bf127a1f143fddd8aa36447a347

          SHA1

          385417605f91496ead46dc01b96295800458eb29

          SHA256

          9b558e2a20cacd3019cd771e074a8000392799fd39c53968dc61054c673edb16

          SHA512

          6ed18a59615085755a233281b5ff6714c3ff06d8a9c75d254830f98d319e24d9be934e4d96480c3ccde3a4d4a5f75ce04446d5db6ace44c12cf9831db2f1d6c4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9316a1de7b1a6279c462d8675996088e

          SHA1

          f75aa5686c3eb0730adc6c4919bb9611db229d12

          SHA256

          280d91473e74b8bf73848801c8b3fefc98c4fdb51704d47a65602a88a75c3a23

          SHA512

          544c72cf8749fcb0b24ca6e4f83259318ae9476f8e22804dfee79dcb6818757b2ee8373765bde8204814b6e44d70cb14c30fad679b96933d612815635e29f386

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a85f1b672bf2264188502ee270636911

          SHA1

          71ef96cc520e485c4b4352e763b43df59ff4ca11

          SHA256

          aa39d8b159fa240e333358015d4816b570a6fef7cb46447a46d7502a19ede853

          SHA512

          f96733a3d3c9ab1fd01868c59869e7fadcea531d875835cdfd8b09dad2141fce690d8fd72f62bd26d34dbb7d02fa366f8180c190776b8f9c9c54cf6eed152a66

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          66dbba686f53cd4609d383e59d653e1d

          SHA1

          c844bd42d4b29dcfe2adcbf30eed4cd2b456793d

          SHA256

          95628c48718c189a51d24026343ae894948c1fcd267e2d9e409b7b86f2b431a9

          SHA512

          9ec6107646f782029347759a52777810d50faf6b58da95ecbd1c39e8d0a3903aecd5cebd07747c24d73da5eb200a17b324abd75a89dc6d357d6ff5f75ff4ed4c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8f7203ffe3da5c0da4ab7e135303657d

          SHA1

          0850be528e40512f88b309067b37006d0918ffdd

          SHA256

          c6692b14d943fcdc6a8a28c6c40cb07218e7b4a3411b7a72e51db8172e28bf27

          SHA512

          7b5cc7fbcd1aaa3e88d210faa5bfdc8abde250b7d083dc2287d7e42a1f658232c6cc9e163a72ec7f3ada618ae6f52b2371b9d54e22a4ef1d8f9a02eb3c98a022

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          dbea35192925c987cbf20c12658ee804

          SHA1

          a4b850e23ef2511618c63421ce6ec88ea0e30c68

          SHA256

          596004b4a36dff07914c3baa06c5f1973e3ef0f4b34ca3c99c1d0c229d8c15ab

          SHA512

          3ed7c01b10aa4ab3b491126bfa19990feacb28e492b247919a72df65cfda7bfe10aa02c51837dcd23ad790c5387e860b000b93fe56005ea6d04ae43947b37654

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          56bd27dd023bdf09091f0c2bbf11306f

          SHA1

          280463ab6a6bf745be53d1280714405091dcce7f

          SHA256

          4940f3adba1d5b478ddef7e475782af11fb07d89a46b35480909fb5666443262

          SHA512

          7f5b40bf5ba6b3c733d221dc076aa29997d753534625041067508db1c2e9dbc9fd8483efc39e24f41c616bca3ab5ed5c59920a11f2b29b6bc32b2aa7c77ddf06

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7da3c5104f0307f075ddf82202a6c458

          SHA1

          e066cb29b730a8a4808e7f8b79d4483829a3d078

          SHA256

          74ab98e25b0f2df9144e4fdebd0aa19658460e1e6d858e458469fd1db2b90854

          SHA512

          883378248dfebc4db51eb30c4a5c88745049868d109598acadace09be9b2508a9a615219fb1e0205d424632947e0e4553c0087dcde8ba784c805ba08c98cb8a0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a4cc332b5239ec5eed40143a29ffd11a

          SHA1

          9c95228d430faaf71dd82a7e3200ce034d3594b1

          SHA256

          ab6a6f6dd85fd0712e1550d666123ccf3cd6f5e57f3a827131ecb597176d767a

          SHA512

          66c594a23780868f8c23b61198a22818cd7b58b9c0159c431b7ca3d0b4ce46dc81db3294d54e5032eaa488ccd35e8791b359b9c43820532f34f3d97dee2f3a77

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8851b276dc075224499963250b30d006

          SHA1

          6da559aee25ba4c1c8b9f102cc7e42638f521439

          SHA256

          8dcfbf80bdee3bb274ee72d4ad5ce27967e6f65e7db598b5bf73bf91f3332c2a

          SHA512

          23bd4dc67b62c3ed048835b897ef4a3680fbeee83a0d57404987dc70110ef253e25ec24209f3e07adaca946b213e159a8ea594498f658e7d9feb27b1e4dbedeb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          6b0f44c6d6aef09e5b4f975e8eba21f6

          SHA1

          900e8fd2c2a2db16f1ab01eb8459626a26e7f6b8

          SHA256

          ba342891bc6e84b6f40c7ac9dd9475eea0972c00229c5801bed340b1f59cd568

          SHA512

          b4254a4928b03618009a96d9e2d7056f61de38d264500bcbb0d2480b921d5e4be994183b40e2ed35a0e2c3111a7d2f55994e71cd6a1a2988811258f743a97ee6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          242B

          MD5

          5aef623630ee5b21513adc0f1485df77

          SHA1

          a628603df4baaa700c2522742400af88cbfd1c2c

          SHA256

          d8229a1826208db4a86f0df8869d21c4db25683d1950facedc36939416781e76

          SHA512

          48b6bab4b7b8553b1e280d00d45fea43904c505c72c2d21c87c82d011107db8778f9acaddeaf4e4a3ee7efb532dfb4d81a2474c7d0b7d6c0f407aa70aa48b845

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          242B

          MD5

          949908efa604bf28f63e3abec38cb894

          SHA1

          0d8f87d9b9951f7a80f06d9acc1d2ab7bdd419c9

          SHA256

          693938bf525abe815aa33b3bc5b3c805491ca07a4f8285c8449c58050c664b74

          SHA512

          48590d62af3b40ecf7ebe2dd61fefe82659eff8566b85f54e9e70febda78170fd26fef469b9e010394a15a69e78eea6cdd1102797aaa6dafb9a687c23e57ced9

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\0DT5RC8W\securityxploded[1].xml
          Filesize

          108B

          MD5

          feba2179c57fd08042e3c12ed3465d7d

          SHA1

          cf590c5b00d736ae746cc4fc046e5e46a80c3646

          SHA256

          4738f5d22c4107506fa1b5cc284d96bf68ea14a8a6fdc9d1b431c5bbec828f89

          SHA512

          b0f257ef84acdfcfd7c0f75bb2c3d0ab6acccb2f6ed52eb9bc864dc7e628fe7e7abdf61a56f997db86d7192c893f63fcab463f99221ccd5fdd6104a93985049c

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\pzrzu69\imagestore.dat
          Filesize

          5KB

          MD5

          cf62f70c2da762738d746b0bc87f8890

          SHA1

          0c1fd10dc5ba73e2df14b555172f835289e8a0f7

          SHA256

          beca650c8b206cf1084cd6aa5351cef242fcb586d3c96d28b2b99a6a8402d3e6

          SHA512

          a5b57a2372a2c4068ffbf3b1021172cb67403db201a9965c3bba667fb55c40b8235e30b328c311efd80474bc8ceb4e22f932fd857d4bac774ea5730c291706ac

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40WV1DY9\favicon[1].ico
          Filesize

          5KB

          MD5

          198e82940aa0aea3b8280ee7b8815af8

          SHA1

          a70218218f3e55d53853ab052148c349aafbad13

          SHA256

          2340e11b6f04989d1bf9056af69c8de98b5e087b4352599124f794b83b8223af

          SHA512

          2aee0ffd9e7858c4d05643cec68551e2f55b203e614f68a93c75e1cfada4404eb1fb5de830aa7bf6eb3a79666ee8d1553eb177e66ea97d34dc54c3c1d370c020

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab1A76.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar1A75.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit