Overview

overview

7

Static

static

3

9637503226...5N.exe

windows7-x64

7

9637503226...5N.exe

windows10-2004-x64

7

$0/Resourc...d.html

windows7-x64

3

$0/Resourc...d.html

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...r.html

windows7-x64

3

$PLUGINSDI...r.html

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PROGRAMFI...gs.exe

windows7-x64

3

$PROGRAMFI...gs.exe

windows10-2004-x64

3

$PROGRAMFI...ot.dll

windows7-x64

3

$PROGRAMFI...ot.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27/09/2024, 19:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/eula_fr.html

  • Size

    24KB

  • MD5

    99b50694be285399c3022d50d78faa9f

  • SHA1

    d9374ec113a3431361cdb4a7b43e0e6037b2a438

  • SHA256

    4cac15569e87744b1464ce273d56546d91312c8c7f68ccbc6deb762c0838bff0

  • SHA512

    7cfc06b5e38e80a95cfd9aede1ef68c635045c9c8930953c45909efcf4924615fc18f8b954a1c4a56e868748dd93338e67e56f2d6314068e997d4c8f85dc4167

  • SSDEEP

    768:6Ns8AGi8ntM1GAnzpyQv9SCwZvepkvHIZFIPyrpAJq7keZ3:ws0enfICwZvepkvmNkeZ3

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\eula_fr.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2792
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2212

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9563998f3119f9630816590dde2a6d3b

    SHA1

    bd1c3805aa2e6a3009dd4961487283a9e5de5243

    SHA256

    af06475ee4e049ac44cf6da8a9fd8df63b2bd4ba69c1b8d2190476445fd97101

    SHA512

    0960fe912c3ef9c9b495ac41b8382b1c98e8ed88d51ee825e10f363369783b83b85996e2d15f2f57b33a0204bb113592cc8c05407526d656ef3d6d062658bf15

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    974f80d91604266b47c886b604f35acd

    SHA1

    f514a8f192a0f249fc277766b5820b5f13981d8e

    SHA256

    874f56fab9a73c79c758920cafc63c4b0b977788601ec8f10aeedd0dd07a2903

    SHA512

    9b9164206ed17546026d4f3a3ec33e2cf852d0bc8d234d5d92ef4d6b8b2645ec680593fbff09abc4e41b5ae2e307016a675311bef8d64e41272b41851062d461

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    353227d5c150b9217e3ca86a6f0ed25f

    SHA1

    3e92e36dc90f08bbac6d1f194092d29a2b95591a

    SHA256

    cc13e6838d29876dabc9ca53585db82efc710389c66ca7f707fd1196e9a5facf

    SHA512

    975630bf0e34478a57af7cddfe8ccfd4bba580818f8f2c5dc4930f2712714ed971e7d38a524ccf2e56754bd227c218b78f778c76bc164d2365567624e142453a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6f9bc2085dc99a0bab4b00946478d308

    SHA1

    ffa2ec5a1ec4976f4a8f4a6309741c68368d4b72

    SHA256

    6952b1905048644763636fd75a4e4dd35e0e2531fc71681f1d5247cac13d10d2

    SHA512

    069858d9b73dfe6166655521b3cdafe16d4b5c656612369042dcb405f6714bc893096d497a636d47e240af1b4a40a2d057ba5079b93590f96b4433c7f5d13d56

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8e21f8bdaca7a376ffcd0815f393b1c9

    SHA1

    1f9de84bba69d321b9e18dc3979bf2452acc0ad7

    SHA256

    4d82467b921c366bb1c2401b677a2468f81dbfba7a2f555b6f534653bbe45caa

    SHA512

    6709c1e848dd90fc6f60038bf7cc00a9c61a238c7cf138965e4c5f17731b62d74de0ed992be051a7f03a2824fa83fb0a1d338dbd9a732c9787156dbde98e90b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d81668e3cd18dfdb3866783d18a14547

    SHA1

    adfb4341b8027f4bff9f1aff4dd0d8fc5f0c261d

    SHA256

    cd63264ba0c53f3b22aa28137bf380b2a7f6461574792f5aabcbad71984834ea

    SHA512

    d9666cfc7ca059fb28be31c6779ebd49fdf87d5649742cb727e4b9813742183824f00e86821b544e775c2417a3cf0e8c4ca554dda52fc92303ca93ff21464a11

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a7005f487c434d869e7c74587f27d0b

    SHA1

    ce48dba9338354cb5838237e2697724088b6cb75

    SHA256

    221ba6e5af56460674eaa3b96bf2ab5c4583235f60a5e069d3d8954f1b29dd8d

    SHA512

    06dfd2bfbef557a45ee82a2109bde8f93c422576505a51bad4a17d8e69b3163bef1012fc2c19ca54077c4e2af9cb911c363a3f1cdac749df666ecc76d93f10cc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a1aeae5c18c3b209901bf0d25ca58426

    SHA1

    1ecd2048cef91173194d1a4e5b71f89005e556a4

    SHA256

    3ac8b3b1c080ff74bae4925bfcbd582ff805d1d62a0ab56a24a59a24c9947355

    SHA512

    b82594b45ada88ce958372f05f4f941e7bf9d9f8e5098a9324182013d418964f121bb64835057ce0a271848ac6a61ba7ad2750ee8904439f03fa841f241e26f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b4ae81db93e86030d3f90d76ec17f7ed

    SHA1

    5b70d5331be70bb9e720892b8393748446e3f5da

    SHA256

    d13430c8a1e650a934ba79ec08bcb1db749f1436a4947abc153822d32a4d64f8

    SHA512

    ce5f1bd86f8bcd7bb040c8b0a3f15857076ac6133e27d8b1ae0293f682055a1cf0a45c30e52532565ffc4fbacd27d77888d894833f93ce7a34a18f3035bfe7b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    852368f0cacd800e8fed3626aa25f553

    SHA1

    b03b889491d20a2414c300f647b8c22ffd8cee50

    SHA256

    2c6667b861bbfd5765be47fe2329e9e651f00e36b507cdb60a0b354f0fe8d045

    SHA512

    c9fcd9f16508f773c73e04e2321746a77e4461060c54c5e446720e03f54daf1de80cef419214baa0fc530cc97cf42c1a92a4ff94612e4e45e388d6e30ae7c121

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d24ae3cd838dadc8abb53fa9a2c1ea71

    SHA1

    8d605e472e52e3dffb0bfaaf39e4790a4bf6b6f5

    SHA256

    d5f510ab3dc34c742220b62e83e1267012719b65422028fa0858ff7c45aa1544

    SHA512

    89c608cee6017cebc5cccbc0ae57d360b5e7d7c3b1fa51dc1e0deb72f3c506b0f1f4513af2267b6814bce5161fc511a9dc12c6351f5c88fb3292502d605770b7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab908F.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9266.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit